Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware pop-ups in Chrome


  • This topic is locked This topic is locked
13 replies to this topic

#1 particle0

particle0

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 06 May 2014 - 03:38 PM

I have been having an issue for a few days now with a Chrome popup. It opens a new tab and takes me to playnow.chaseswing.eu where it tells me I need to download a new driver for windows 7(ha). This is happening on multiple computers in my house.

 

2 Computers run Windows 7 Home 64 bit, 1 Runs Windows Vista 32 bit, 1 runs Windows 7 Ultimate 64 bit

Steps taken so far:

1. I have checked for erroneous extensions in chrome/firefox/IE on all computers, to no avail

2. I checked for extra programs in the program list of all computers, to no avail

3. I ran Rkill, Junkware Removal Tool, adwcleaner, malwarebytes, AVG, and hijackthis of which I have the logs attached below.

The logs are from this computer running Windows 7 Home Premium 64 Bit

 

Thank you for your help and taking the time out of your day.

Attached Files



BC AdBot (Login to Remove)

 


#2 particle0

particle0
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 06 May 2014 - 04:42 PM

Plaintext logs:

Rkill
 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/04/2014 08:33:36 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 05/04/2014 08:41:34 PM
Execution time: 0 hours(s), 7 minute(s), and 58 seconds(s)

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Particle0 on Mon 05/05/2014 at  7:49:16.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{57489562-08C4-4830-ABE0-723C14A3DE28}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{70DE255A-707A-4AC8-BF38-9A351FA3876A}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Particle0\AppData\Roaming\getrighttogo"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Particle0\AppData\Roaming\mozilla\firefox\profiles\ngtb7pes.default\prefs.js
 
user_pref("browser.search.defaultengine", "Privitize VPN");
user_pref("browser.search.order.1", "Privitize VPN");
Emptied folder: C:\Users\Particle0\AppData\Roaming\mozilla\firefox\profiles\ngtb7pes.default\minidumps [3 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/05/2014 at  7:57:36.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:57:53 PM, on 5/6/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Particle0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Particle0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Particle0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Particle0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Particle0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Google Update] "C:\Users\Particle0\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-547217592-1247746910-898046687-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-547217592-1247746910-898046687-1006\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-547217592-1247746910-898046687-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-547217592-1247746910-898046687-1006\..\Run: [Akamai NetSession Interface] "C:\Users\Particle0\AppData\Local\Akamai\netsession_win.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-547217592-1247746910-898046687-1006\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-547217592-1247746910-898046687-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 11383 bytes
 
Adwcleaner
 
# AdwCleaner v3.207 - Report created 06/05/2014 at 16:17:44
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Particle0 - PARTICLE0-PC
# Running from : C:\Users\Particle0\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v13.0.1 (en-US)
 
[ File : C:\Users\Particle0\AppData\Roaming\Mozilla\Firefox\Profiles\ngtb7pes.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Particle0\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN67659813330818379&UM=2
 
*************************
 
AdwCleaner[R0].txt - [19252 octets] - [04/05/2014 20:42:34]
AdwCleaner[R1].txt - [11477 octets] - [04/05/2014 20:49:13]
AdwCleaner[R2].txt - [1315 octets] - [06/05/2014 16:10:47]
AdwCleaner[S0].txt - [1876 octets] - [04/05/2014 20:48:34]
AdwCleaner[S1].txt - [11353 octets] - [04/05/2014 20:53:58]
AdwCleaner[S2].txt - [1240 octets] - [06/05/2014 16:17:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1300 octets] ##########
 
 
# AdwCleaner v3.207 - Report created 06/05/2014 at 16:10:47
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Particle0 - PARTICLE0-PC
# Running from : C:\Users\Particle0\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\ProgramData\AVG Security Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v13.0.1 (en-US)
 
[ File : C:\Users\Particle0\AppData\Roaming\Mozilla\Firefox\Profiles\ngtb7pes.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Particle0\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN67659813330818379&UM=2
 
*************************
 
AdwCleaner[R0].txt - [19252 octets] - [04/05/2014 20:42:34]
AdwCleaner[R1].txt - [11477 octets] - [04/05/2014 20:49:13]
AdwCleaner[R2].txt - [1054 octets] - [06/05/2014 16:10:47]
AdwCleaner[S0].txt - [1876 octets] - [04/05/2014 20:48:34]
AdwCleaner[S1].txt - [11353 octets] - [04/05/2014 20:53:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1235 octets] ##########
 

Edited by particle0, 06 May 2014 - 04:43 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 07 May 2014 - 08:04 AM


Create and Run Batch File
  • Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
  • Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: batfileicon.gif <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 particle0

particle0
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 07 May 2014 - 08:17 AM

Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Particle0-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Tunngle:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
   Physical Address. . . . . . . . . : 00-FF-29-78-60-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : ASUS 802.11n Network Adapter
   Physical Address. . . . . . . . . : 20-CF-30-A1-F6-1E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7580:2b26:6a29:36d%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, May 07, 2014 4:23:44 AM
   Lease Expires . . . . . . . . . . : Thursday, May 08, 2014 4:23:44 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 371248944
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-7D-E5-C5-70-71-BC-1C-B5-0E
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 20-CF-30-A1-F6-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-19-24-89-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::1924:8979(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::c867:da12:6f39:830c%19(Preferred) 
   IPv4 Address. . . . . . . . . . . : 25.36.137.121(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 06, 2014 4:23:38 PM
   Lease Expires . . . . . . . . . . : Wednesday, May 06, 2015 4:25:45 PM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 276461957
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-7D-E5-C5-70-71-BC-1C-B5-0E
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{8E0E58BA-5BEC-451F-B5DD-3857FCA5B235}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:38fe:28d8:e757:2d5d(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::38fe:28d8:e757:2d5d%27(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{C38399E9-4CBF-457B-B335-9F6D14A016C0}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2a00:1450:4009:803::1006
 173.194.34.105
 173.194.34.110
 173.194.34.96
 173.194.34.97
 173.194.34.98
 173.194.34.99
 173.194.34.100
 173.194.34.101
 173.194.34.102
 173.194.34.103
 173.194.34.104
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging google.com [173.194.34.110] with 32 bytes of data:
Reply from 173.194.34.110: bytes=32 time=119ms TTL=51
Reply from 173.194.34.110: bytes=32 time=158ms TTL=51
 
Ping statistics for 173.194.34.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 119ms, Maximum = 158ms, Average = 138ms
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=60ms TTL=49
Reply from 98.139.183.24: bytes=32 time=57ms TTL=49
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 57ms, Maximum = 60ms, Average = 58ms
===========================================================================
Interface List
 24...00 ff 29 78 60 11 ......TAP-Win32 Adapter V9 (Tunngle)
 13...20 cf 30 a1 f6 1e ......ASUS 802.11n Network Adapter
 17...20 cf 30 a1 f6 1f ......Microsoft Virtual WiFi Miniport Adapter
 19...7a 79 19 24 89 79 ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 27...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         25.0.0.1    25.36.137.121   9256
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
         25.0.0.0        255.0.0.0         On-link     25.36.137.121   9256
    25.36.137.121  255.255.255.255         On-link     25.36.137.121   9256
   25.255.255.255  255.255.255.255         On-link     25.36.137.121   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     25.36.137.121   9256
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     25.36.137.121   9256
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
 27     58 2001::/32                On-link
 27    306 2001:0:5ef5:79fd:38fe:28d8:e757:2d5d/128
                                    On-link
 19    276 2620:9b::/96             On-link
 19    276 2620:9b::1924:8979/128   On-link
 19    276 fe80::/64                On-link
 13    281 fe80::/64                On-link
 27    306 fe80::/64                On-link
 27    306 fe80::38fe:28d8:e757:2d5d/128
                                    On-link
 13    281 fe80::7580:2b26:6a29:36d/128
                                    On-link
 19    276 fe80::c867:da12:6f39:830c/128
                                    On-link
  1    306 ff00::/8                 On-link
 27    306 ff00::/8                 On-link
 19    276 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 07 May 2014 - 09:06 AM

Hello particle0

I would like you to set the routers DNS to point to open dns - https://store.opendns.com/setup/router/

Pick your router from the list and use the settings supplied


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 particle0

particle0
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 07 May 2014 - 09:23 AM

Interesting, I set the DNS to opendns but what was interesting is that my DNS were set as primary from google and secondary from my ISP before, but they were something completely different when I just changed them. Will monitor all computers for popups.



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 07 May 2014 - 02:27 PM

OK let me know about the popups


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 particle0

particle0
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 08 May 2014 - 12:14 AM

My DNS servers are still set to OpenDNS but I got another popup just a moment ago, it took me to http://hhazz.movies.codecupdatter.eu/ and asked me to download another fake driver.



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 08 May 2014 - 11:17 AM


Hello particle0

leave the router set with the settings.

Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 particle0

particle0
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 08 May 2014 - 11:51 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2014 02
Ran by Particle0 (administrator) on PARTICLE0-PC on 09-05-2014 00:36:16
Running from C:\Users\Particle0\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(BitRaider, LLC) C:\ProgramData\BitRaider\BRSptSvc.exe
(BitRaider, LLC) C:\ProgramData\BitRaider\brwc.exe
(Google Inc.) C:\Users\Particle0\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Particle0\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Particle0\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Particle0\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKU\S-1-5-21-547217592-1247746910-898046687-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-547217592-1247746910-898046687-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-04-18] (BitTorrent Inc.)
HKU\S-1-5-21-547217592-1247746910-898046687-1000\...\Run: [Google Update] => C:\Users\Particle0\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-06-04] (Google Inc.)
HKU\S-1-5-21-547217592-1247746910-898046687-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-547217592-1247746910-898046687-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-547217592-1247746910-898046687-1006\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-547217592-1247746910-898046687-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-547217592-1247746910-898046687-1006\...\Run: [Akamai NetSession Interface] => C:\Users\Particle0\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-547217592-1247746910-898046687-1006\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-04-18] (BitTorrent Inc.)
HKU\S-1-5-21-547217592-1247746910-898046687-1006\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe [686280 2012-07-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-547217592-1247746910-898046687-1006\...\Policies\Explorer: [NoChangeStartMenu] 0
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {C5F0E64A-91DF-4DD5-B8BC-FC972A36A0FA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {C5F0E64A-91DF-4DD5-B8BC-FC972A36A0FA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {C5F0E64A-91DF-4DD5-B8BC-FC972A36A0FA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {C7F351EB-801C-40E2-B24B-43D391B537BC} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Particle0\AppData\Roaming\Mozilla\Firefox\Profiles\ngtb7pes.default
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 - C:\Program Files (x86)\Sony Online Entertainment\npsoe.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files (x86)\Roblox\Versions\version-55bff205328042f4\\NPRobloxProxy.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Particle0\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Particle0\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Particle0\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Particle0\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Particle0\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Particle0\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Particle0\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Bloody Red - C:\Users\Particle0\AppData\Roaming\Mozilla\Firefox\Profiles\ngtb7pes.default\Extensions\{2458abc0-f443-11dd-87af-0800200c9a66} [2013-05-15]
FF Extension: Adblock Plus - C:\Users\Particle0\AppData\Roaming\Mozilla\Firefox\Profiles\ngtb7pes.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom14.xpi
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "", "hxxp://mysearch.avg.com?cid={C4F169D3-9B69-4168-B568-55F3A71106B0}&mid=5a67cac0554647d09041111b83238373-fdf589dc42a2bf4485d710a079a5ffae7e2531e3&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-05 11:33:19&v=17.0.1.4&pid=safeguard&sg=&sap=hp&cmpid=0913a", "|hxxp://mysearch.avg.com?cid={C4F169D3-9B69-4168-B568-55F3A71106B0}&mid=5a67cac0554647d09041111b83238373-fdf589dc42a2bf4485d710a079a5ffae7e2531e3&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-05 11:33:19&v=17.0.1.12&pid=safeguard&sg=0&sap=hp&cmpid=0913a", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN67659813330818379&UM=2"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Particle0\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Particle0\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Particle0\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Particle0\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Particle0\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Particle0\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (SOE Web Installer) - C:\Users\Particle0\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.148_0\npsoe.dll No File
CHR Plugin: (Google Update) - C:\Users\Particle0\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (AdBlock) - C:\Users\Particle0\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-04-18]
CHR Extension: (Google Wallet) - C:\Users\Particle0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Particle0\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Particle0\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-25]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom14.crx [2013-11-25]
CHR StartMenuInternet: Google Chrome - C:\Users\Particle0\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-02-26] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-05-05] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4700536 2013-07-24] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-07] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S4 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1696824 2012-11-20] (GlavSoft LLC.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S4 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [X]
S4 LeapFrog Connect Device Service; "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe" [X]
S4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [X]
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2008-04-01] (LeapFrog)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [5098 2013-07-24] (INCA Internet Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SAVRKBootTasks; C:\Windows\SysWOW64\SAVRKBootTasks.sys [18816 2011-05-12] (Sophos Group)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-06-10] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
U3 a3pmekhr; No ImagePath
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ECSIoDriver_1_1_0_0; \??\E:\ECSIoDriverX64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S1 vcdrom; \??\C:\Users\Particle0\Desktop\VCdRom.sys [X]
S3 WINIO; \??\C:\Users\Particle0\Desktop\arcana heart 3\winio.sys [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-09 00:36 - 2014-05-09 00:38 - 00025297 _____ () C:\Users\Particle0\Downloads\FRST.txt
2014-05-09 00:34 - 2014-05-09 00:36 - 00000000 ____D () C:\FRST
2014-05-09 00:32 - 2014-05-09 00:33 - 02063872 _____ (Farbar) C:\Users\Particle0\Downloads\FRST64.exe
2014-05-08 01:13 - 2014-05-08 01:13 - 00000000 ____D () C:\Users\Particle0\Downloads\Arrow S02E22 HDTV x264-LOL[ettv]
2014-05-08 01:09 - 2014-05-08 01:09 - 00022714 _____ () C:\Users\Particle0\Downloads\[kickass.to]arrow.s02e22.hdtv.x264.lol.ettv.torrent
2014-05-07 00:07 - 2014-05-07 00:26 - 284097609 _____ () C:\Users\Particle0\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E21.HDTV.x264-2HD.mp4
2014-05-07 00:07 - 2014-05-07 00:17 - 228158617 _____ () C:\Users\Particle0\Downloads\Supernatural.S09E21.HDTV.x264-LOL.mp4
2014-05-07 00:06 - 2014-05-07 00:06 - 00011429 _____ () C:\Users\Particle0\Downloads\[kickass.to]marvels.agents.of.s.h.i.e.l.d.s01e21.hdtv.x264.2hd.eztv.torrent
2014-05-07 00:06 - 2014-05-07 00:06 - 00009291 _____ () C:\Users\Particle0\Downloads\[kickass.to]supernatural.s09e21.hdtv.x264.lol.eztv.torrent
2014-05-06 15:56 - 2014-05-06 15:56 - 00000000 ____D () C:\Users\Particle0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-05-06 15:56 - 2014-05-06 15:56 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-05-06 15:55 - 2014-05-06 15:55 - 01402880 _____ () C:\Users\Particle0\Downloads\HiJackThis.msi
2014-05-05 11:53 - 2014-05-05 12:17 - 1191803684 _____ () C:\Users\Particle0\Downloads\Cosmos.A.Space.Time.Odyssey.S01E09.720p.HDTV.X264-DIMENSION.mkv
2014-05-05 11:49 - 2014-05-05 11:49 - 00045993 _____ () C:\Users\Particle0\Downloads\[kickass.to]cosmos.a.space.time.odyssey.s01e09.720p.hdtv.x264.dimension.eztv.torrent
2014-05-05 07:49 - 2014-05-05 07:49 - 00000000 ____D () C:\Windows\ERUNT
2014-05-05 07:48 - 2014-05-05 07:48 - 01016261 _____ (Thisisu) C:\Users\Particle0\Downloads\JRT.exe
2014-05-05 07:46 - 2014-05-05 07:46 - 04143997 _____ () C:\Users\Particle0\Downloads\tdsskiller.zip
2014-05-05 07:42 - 2014-05-05 07:42 - 00000000 ____D () C:\ProgramData\BitRaider
2014-05-04 22:52 - 2014-05-04 22:52 - 00000000 ____D () C:\Users\Particle0\Downloads\Game of Thrones S04E05 HDTV x264-KILLERS[ettv]
2014-05-04 22:51 - 2014-05-04 22:51 - 00028130 _____ () C:\Users\Particle0\Downloads\[kickass.to]game.of.thrones.s04e05.hdtv.x264.killers.ettv.torrent
2014-05-04 20:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-04 20:42 - 2014-05-06 16:20 - 00000000 ____D () C:\AdwCleaner
2014-05-04 20:33 - 2014-05-04 20:33 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Particle0\Downloads\rkill.exe
2014-05-04 20:33 - 2014-05-04 20:33 - 01316991 _____ () C:\Users\Particle0\Downloads\AdwCleaner.exe
2014-05-02 01:15 - 2014-05-02 01:15 - 00000000 ____D () C:\Users\Particle0\Downloads\The Big Bang Theory S07E22 HDTV x264-LOL[ettv]
2014-05-02 01:11 - 2014-05-02 01:11 - 00011422 _____ () C:\Users\Particle0\Downloads\[kickass.to]the.big.bang.theory.s07e22.hdtv.x264.lol.ettv.torrent
2014-05-01 12:51 - 2014-05-01 12:51 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-05-01 12:50 - 2014-05-01 12:50 - 00001411 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-05-01 12:50 - 2014-05-01 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2014-05-01 12:50 - 2014-05-01 12:50 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-05-01 12:49 - 2014-05-01 12:50 - 00014603 _____ () C:\Users\Particle0\Documents\Install STAR WARS The Old Republic.log
2014-05-01 12:48 - 2014-05-01 12:49 - 29720272 _____ () C:\Users\Particle0\Downloads\SWTOR_setup.exe
2014-04-30 22:18 - 2014-04-30 22:18 - 00000000 ____D () C:\Users\Particle0\Downloads\Arrow S02E21 HDTV x264-LOL[ettv]
2014-04-30 01:19 - 2014-04-30 01:19 - 00000000 ____D () C:\Users\Particle0\AppData\Local\Activision
2014-04-30 01:12 - 2014-04-30 01:12 - 00000922 _____ () C:\Users\Public\Desktop\The Amazing Spider-Man 2.lnk
2014-04-30 01:04 - 2014-04-30 01:18 - 00000000 ____D () C:\Program Files (x86)\The Amazing Spider-Man 2
2014-04-28 00:42 - 2014-04-28 00:54 - 195669977 _____ () C:\Users\Particle0\Downloads\Cosmos.A.Space.Time.Odyssey.S01E08.HDTV.x264-LOL.mp4
2014-04-25 15:33 - 2014-04-25 15:33 - 00000000 ____D () C:\Users\Particle0\Downloads\Star.Wars.I-VI.Collection.DvDrip-aXXo
2014-04-24 21:23 - 2014-04-24 21:23 - 00000000 ____D () C:\Users\Particle0\AppData\Local\Skype
2014-04-24 21:23 - 2014-04-24 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-23 20:32 - 2014-04-23 20:32 - 00000000 ____D () C:\Users\Particle0\Downloads\Tae Bo
2014-04-18 10:53 - 2014-04-18 10:53 - 00000000 ____D () C:\Users\Particle0\AppData\Local\NVIDIA
2014-04-18 10:44 - 2014-03-04 07:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-04-18 10:24 - 2014-04-18 10:24 - 00542208 _____ () C:\Windows\Minidump\041814-44007-01.dmp
2014-04-17 19:02 - 2014-04-29 12:14 - 00000000 ____D () C:\Users\Particle0\Desktop\ATLauncher
2014-04-16 19:51 - 2014-04-16 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-16 19:51 - 2014-04-16 19:51 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-15 13:35 - 2014-04-15 13:35 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-04-09 12:02 - 2014-04-09 12:02 - 00000000 ____D () C:\Warner Bros. Interactive Entertainment
2014-04-09 11:44 - 2014-04-09 12:02 - 00000000 ____D () C:\Program Files (x86)\LEGO - The Hobbit
 
==================== One Month Modified Files and Folders =======
 
2014-05-09 00:39 - 2014-02-02 18:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-09 00:38 - 2014-05-09 00:36 - 00025297 _____ () C:\Users\Particle0\Downloads\FRST.txt
2014-05-09 00:36 - 2014-05-09 00:34 - 00000000 ____D () C:\FRST
2014-05-09 00:33 - 2014-05-09 00:32 - 02063872 _____ (Farbar) C:\Users\Particle0\Downloads\FRST64.exe
2014-05-09 00:12 - 2010-06-04 08:15 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-547217592-1247746910-898046687-1000UA.job
2014-05-08 23:41 - 2013-10-19 13:04 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 20:40 - 2010-05-13 12:53 - 01965668 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 20:17 - 2011-06-05 05:46 - 00000000 ____D () C:\Users\Particle0\AppData\Local\LogMeIn Hamachi
2014-05-08 16:27 - 2010-06-07 00:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-08 15:59 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 15:59 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 12:35 - 2014-04-06 23:42 - 00000000 ____D () C:\Users\Particle0\AppData\Roaming\Azureus
2014-05-08 12:35 - 2011-09-01 19:10 - 00000000 ____D () C:\Users\Particle0\AppData\Roaming\Skype
2014-05-08 10:55 - 2014-03-06 14:13 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForParticle0
2014-05-08 10:55 - 2014-03-06 14:13 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForParticle0.job
2014-05-08 09:12 - 2010-06-04 08:15 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-547217592-1247746910-898046687-1000Core.job
2014-05-08 01:13 - 2014-05-08 01:13 - 00000000 ____D () C:\Users\Particle0\Downloads\Arrow S02E22 HDTV x264-LOL[ettv]
2014-05-08 01:09 - 2014-05-08 01:09 - 00022714 _____ () C:\Users\Particle0\Downloads\[kickass.to]arrow.s02e22.hdtv.x264.lol.ettv.torrent
2014-05-08 00:41 - 2013-10-19 13:04 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 00:36 - 2013-10-19 13:04 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 00:36 - 2013-10-19 13:04 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 00:26 - 2014-05-07 00:07 - 284097609 _____ () C:\Users\Particle0\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E21.HDTV.x264-2HD.mp4
2014-05-07 00:17 - 2014-05-07 00:07 - 228158617 _____ () C:\Users\Particle0\Downloads\Supernatural.S09E21.HDTV.x264-LOL.mp4
2014-05-07 00:06 - 2014-05-07 00:06 - 00011429 _____ () C:\Users\Particle0\Downloads\[kickass.to]marvels.agents.of.s.h.i.e.l.d.s01e21.hdtv.x264.2hd.eztv.torrent
2014-05-07 00:06 - 2014-05-07 00:06 - 00009291 _____ () C:\Users\Particle0\Downloads\[kickass.to]supernatural.s09e21.hdtv.x264.lol.eztv.torrent
2014-05-06 16:25 - 2010-06-06 20:07 - 00000000 ____D () C:\Users\Particle0\AppData\Roaming\uTorrent
2014-05-06 16:23 - 2013-03-09 23:13 - 00356596 _____ () C:\Windows\PFRO.log
2014-05-06 16:23 - 2013-02-17 02:00 - 00021642 _____ () C:\Windows\setupact.log
2014-05-06 16:23 - 2010-01-09 17:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-06 16:23 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-06 16:20 - 2014-05-04 20:42 - 00000000 ____D () C:\AdwCleaner
2014-05-06 15:56 - 2014-05-06 15:56 - 00000000 ____D () C:\Users\Particle0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-05-06 15:56 - 2014-05-06 15:56 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-05-06 15:55 - 2014-05-06 15:55 - 01402880 _____ () C:\Users\Particle0\Downloads\HiJackThis.msi
2014-05-06 09:07 - 2010-06-04 08:15 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-547217592-1247746910-898046687-1000UA
2014-05-06 09:07 - 2010-06-04 08:15 - 00003510 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-547217592-1247746910-898046687-1000Core
2014-05-06 00:42 - 2014-04-03 00:07 - 00000000 ____D () C:\Games
2014-05-06 00:24 - 2011-05-01 21:57 - 00000000 ____D () C:\Users\Particle0\AppData\Roaming\vlc
2014-05-05 12:17 - 2014-05-05 11:53 - 1191803684 _____ () C:\Users\Particle0\Downloads\Cosmos.A.Space.Time.Odyssey.S01E09.720p.HDTV.X264-DIMENSION.mkv
2014-05-05 11:49 - 2014-05-05 11:49 - 00045993 _____ () C:\Users\Particle0\Downloads\[kickass.to]cosmos.a.space.time.odyssey.s01e09.720p.hdtv.x264.dimension.eztv.torrent
2014-05-05 07:49 - 2014-05-05 07:49 - 00000000 ____D () C:\Windows\ERUNT
2014-05-05 07:48 - 2014-05-05 07:48 - 01016261 _____ (Thisisu) C:\Users\Particle0\Downloads\JRT.exe
2014-05-05 07:46 - 2014-05-05 07:46 - 04143997 _____ () C:\Users\Particle0\Downloads\tdsskiller.zip
2014-05-05 07:42 - 2014-05-05 07:42 - 00000000 ____D () C:\ProgramData\BitRaider
2014-05-04 22:52 - 2014-05-04 22:52 - 00000000 ____D () C:\Users\Particle0\Downloads\Game of Thrones S04E05 HDTV x264-KILLERS[ettv]
2014-05-04 22:51 - 2014-05-04 22:51 - 00028130 _____ () C:\Users\Particle0\Downloads\[kickass.to]game.of.thrones.s04e05.hdtv.x264.killers.ettv.torrent
2014-05-04 21:00 - 2010-06-04 05:40 - 00000000 ____D () C:\Users\Particle0
2014-05-04 20:33 - 2014-05-04 20:33 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Particle0\Downloads\rkill.exe
2014-05-04 20:33 - 2014-05-04 20:33 - 01316991 _____ () C:\Users\Particle0\Downloads\AdwCleaner.exe
2014-05-02 01:15 - 2014-05-02 01:15 - 00000000 ____D () C:\Users\Particle0\Downloads\The Big Bang Theory S07E22 HDTV x264-LOL[ettv]
2014-05-02 01:11 - 2014-05-02 01:11 - 00011422 _____ () C:\Users\Particle0\Downloads\[kickass.to]the.big.bang.theory.s07e22.hdtv.x264.lol.ettv.torrent
2014-05-01 12:51 - 2014-05-01 12:51 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-05-01 12:50 - 2014-05-01 12:50 - 00001411 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-05-01 12:50 - 2014-05-01 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2014-05-01 12:50 - 2014-05-01 12:50 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-05-01 12:50 - 2014-05-01 12:49 - 00014603 _____ () C:\Users\Particle0\Documents\Install STAR WARS The Old Republic.log
2014-05-01 12:49 - 2014-05-01 12:48 - 29720272 _____ () C:\Users\Particle0\Downloads\SWTOR_setup.exe
2014-04-30 22:18 - 2014-04-30 22:18 - 00000000 ____D () C:\Users\Particle0\Downloads\Arrow S02E21 HDTV x264-LOL[ettv]
2014-04-30 13:17 - 2010-06-05 01:10 - 00000000 ____D () C:\Users\Particle0\AppData\Local\PMB Files
2014-04-30 10:29 - 2010-06-05 01:02 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-04-30 04:07 - 2010-09-14 03:25 - 00000000 ____D () C:\Users\Particle0\AppData\Roaming\Mozilla
2014-04-30 01:19 - 2014-04-30 01:19 - 00000000 ____D () C:\Users\Particle0\AppData\Local\Activision
2014-04-30 01:19 - 2014-04-08 18:59 - 00000000 ____D () C:\Users\Particle0\Documents\Activision
2014-04-30 01:18 - 2014-04-30 01:04 - 00000000 ____D () C:\Program Files (x86)\The Amazing Spider-Man 2
2014-04-30 01:14 - 2013-03-27 03:54 - 00588419 _____ () C:\Windows\DirectX.log
2014-04-30 01:12 - 2014-04-30 01:12 - 00000922 _____ () C:\Users\Public\Desktop\The Amazing Spider-Man 2.lnk
2014-04-29 12:14 - 2014-04-17 19:02 - 00000000 ____D () C:\Users\Particle0\Desktop\ATLauncher
2014-04-28 18:26 - 2010-06-05 01:10 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-28 00:54 - 2014-04-28 00:42 - 195669977 _____ () C:\Users\Particle0\Downloads\Cosmos.A.Space.Time.Odyssey.S01E08.HDTV.x264-LOL.mp4
2014-04-27 19:48 - 2013-10-20 19:40 - 00000000 ____D () C:\Users\Particle0\AppData\Roaming\.technic
2014-04-27 12:33 - 2012-07-10 10:12 - 00000000 ____D () C:\Users\Particle0\Desktop\Game Shortcuts
2014-04-26 15:40 - 2014-02-03 19:28 - 02346942 _____ () C:\Users\Particle0\Downloads\TechnicLauncher.exe
2014-04-26 00:28 - 2013-10-19 18:23 - 00000000 ____D () C:\Users\Particle0\AppData\Roaming\.minecraft
2014-04-25 15:33 - 2014-04-25 15:33 - 00000000 ____D () C:\Users\Particle0\Downloads\Star.Wars.I-VI.Collection.DvDrip-aXXo
2014-04-24 23:01 - 2013-12-16 17:48 - 00000000 ____D () C:\Users\Particle0\AppData\Local\Battle.net
2014-04-24 21:23 - 2014-04-24 21:23 - 00000000 ____D () C:\Users\Particle0\AppData\Local\Skype
2014-04-24 21:23 - 2014-04-24 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-24 21:23 - 2011-09-01 19:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-24 21:23 - 2011-09-01 19:09 - 00000000 ____D () C:\ProgramData\Skype
2014-04-23 20:32 - 2014-04-23 20:32 - 00000000 ____D () C:\Users\Particle0\Downloads\Tae Bo
2014-04-21 22:14 - 2014-03-23 21:20 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-21 22:13 - 2014-03-24 09:16 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-04-21 22:13 - 2013-12-16 17:47 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-18 10:53 - 2014-04-18 10:53 - 00000000 ____D () C:\Users\Particle0\AppData\Local\NVIDIA
2014-04-18 10:44 - 2011-08-25 06:02 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-18 10:44 - 2011-08-25 06:02 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-18 10:44 - 2011-08-25 06:01 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-18 10:24 - 2014-04-18 10:24 - 00542208 _____ () C:\Windows\Minidump\041814-44007-01.dmp
2014-04-18 10:24 - 2014-03-30 12:26 - 440174074 _____ () C:\Windows\MEMORY.DMP
2014-04-18 10:24 - 2014-03-30 12:26 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 19:51 - 2014-04-16 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-16 19:51 - 2014-04-16 19:51 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-15 13:35 - 2014-04-15 13:35 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-04-09 12:02 - 2014-04-09 12:02 - 00000000 ____D () C:\Warner Bros. Interactive Entertainment
2014-04-09 12:02 - 2014-04-09 11:44 - 00000000 ____D () C:\Program Files (x86)\LEGO - The Hobbit
2014-04-09 01:56 - 2014-04-07 18:29 - 00000000 ____D () C:\Users\Particle0\Documents\Euro Truck Simulator 2
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Particle0\AppData\Local\Temp\AutoUI.exe
C:\Users\Particle0\AppData\Local\Temp\BRSVC_983477_hlp.exe
C:\Users\Particle0\AppData\Local\Temp\cres.dll
C:\Users\Particle0\AppData\Local\Temp\cshell.dll
C:\Users\Particle0\AppData\Local\Temp\dlc.exe
C:\Users\Particle0\AppData\Local\Temp\EBU4A06.EXE
C:\Users\Particle0\AppData\Local\Temp\EBU51F2.DLL
C:\Users\Particle0\AppData\Local\Temp\hcuninstaller_20130927_225401_2360.exe
C:\Users\Particle0\AppData\Local\Temp\i4jdel0.exe
C:\Users\Particle0\AppData\Local\Temp\nsa3573.exe
C:\Users\Particle0\AppData\Local\Temp\nsfCFCE.exe
C:\Users\Particle0\AppData\Local\Temp\nsk9A8B.exe
C:\Users\Particle0\AppData\Local\Temp\nskF51C.exe
C:\Users\Particle0\AppData\Local\Temp\nspB223.exe
C:\Users\Particle0\AppData\Local\Temp\nsq4B3F.exe
C:\Users\Particle0\AppData\Local\Temp\nsu41D4.exe
C:\Users\Particle0\AppData\Local\Temp\OpenComputersMod-native.64.dll
C:\Users\Particle0\AppData\Local\Temp\Quarantine.exe
C:\Users\Particle0\AppData\Local\Temp\sonarinst.exe
C:\Users\Particle0\AppData\Local\Temp\SPStub.exe
C:\Users\Particle0\AppData\Local\Temp\sres.dll
C:\Users\Particle0\AppData\Local\Temp\tbConn.dll
C:\Users\Particle0\AppData\Local\Temp\Uninstaller-2188.exe
C:\Users\Particle0\AppData\Local\Temp\Uninstaller-3296.exe
C:\Users\Particle0\AppData\Local\Temp\Uninstaller-5576.exe
C:\Users\Particle0\AppData\Local\Temp\Uninstaller-6696.exe
C:\Users\Particle0\AppData\Local\Temp\Uninstaller-7712.exe
C:\Users\Particle0\AppData\Local\Temp\Uninstaller-8012.exe
C:\Users\Particle0\AppData\Local\Temp\vcredist_2013_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-29 02:47
 
==================== End Of Log ============================

Attached Files



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 09 May 2014 - 04:35 AM



Hello particle0

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 13 May 2014 - 07:50 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 16 May 2014 - 06:35 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 22 May 2014 - 07:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users