Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameharbor.org opens on computer startup


  • This topic is locked This topic is locked
15 replies to this topic

#1 Gone2Far

Gone2Far

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 28 June 2014 - 12:20 PM

Every time I boot up my computer, Google Chrome opens up a website called extendunlimited.org which then redirects to gameharbor.org. I followed the instructions of some threads that had the same issues, but I was quick to realize that it was personalized repairs. However, that was after I ran ComboFix (which was stupid of me). 

 

Here is the log:
 

ComboFix 14-06-24.01 - A 24-Jun-14  17:41:46.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8158.6093 [GMT -4:00]
Running from: c:\users\A\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\users\A\AppData\Local\Adobe\gccheck.exe
c:\users\A\AppData\Local\Adobe\gtbcheck.exe
c:\users\A\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-24 to 2014-06-24  )))))))))))))))))))))))))))))))
.
.
2014-06-24 21:36 . 2014-06-24 21:36 -------- d-----w- c:\program files\CCleaner
2014-06-24 18:33 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77707C74-669F-4D48-B2B7-A983A7D8E01E}\mpengine.dll
2014-06-23 19:46 . 2014-06-23 20:04 -------- d-----w- c:\users\A\AppData\Local\Mathematica
2014-06-23 19:46 . 2014-06-23 19:49 -------- d-----w- c:\users\A\AppData\Roaming\Mathematica
2014-06-23 19:42 . 2014-06-23 19:42 -------- d-----w- c:\program files\Common Files\Wolfram Research
2014-06-23 19:42 . 2014-06-23 19:49 -------- d-----w- c:\programdata\Mathematica
2014-06-23 19:42 . 2014-06-23 19:42 -------- d-----w- c:\program files (x86)\Common Files\Wolfram Research
2014-06-23 19:42 . 2014-06-23 19:42 -------- d-----w- c:\program files\Extras
2014-06-23 19:42 . 2014-06-23 19:42 -------- d-----w- c:\program files (x86)\Common Files\ResearchSoft
2014-06-23 19:36 . 2014-06-23 19:36 -------- d-----w- c:\program files\Wolfram Research
2014-06-23 18:33 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-02 06:59 . 2014-06-02 06:59 -------- d-----w- c:\users\A\AppData\Local\Blizzard
2014-06-02 06:56 . 2014-06-02 06:59 -------- d-----w- c:\program files (x86)\Hearthstone
2014-05-28 16:05 . 2014-06-17 04:45 -------- d-----w- c:\program files (x86)\R.G. Mechanics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-17 19:07 . 2014-01-21 02:16 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-17 19:07 . 2014-01-21 02:16 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-18 22:15 . 2014-04-18 22:04 291760 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-18 22:15 . 2014-04-18 22:02 291760 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-18 22:04 . 2014-04-18 22:02 291488 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-18 22:02 . 2014-04-18 22:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-18 02:43 . 2014-04-18 02:43 127872 ----a-w- c:\windows\system32\amdhcp64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-04-18 02:43 . 2014-04-18 02:43 117560 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-04-18 02:43 . 2013-06-04 23:12 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2014-04-18 02:42 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2013-06-04 23:12 117584 ----a-w- c:\windows\system32\atiu9p64.dll
2014-04-18 02:42 . 2013-06-04 23:12 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-04-18 02:42 . 2013-06-04 23:11 1343272 ----a-w- c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2013-06-04 23:11 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2013-06-04 23:11 10335208 ----a-w- c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2013-06-04 23:11 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:42 . 2013-06-04 23:11 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-04-18 02:42 . 2013-06-04 23:11 7520200 ----a-w- c:\windows\system32\atiumd6a.dll
2014-04-18 02:42 . 2013-06-04 23:11 8010968 ----a-w- c:\windows\system32\atiumd64.dll
2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-04-18 02:33 . 2014-04-18 02:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-04-18 02:28 . 2014-04-18 02:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe
2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll
2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll
2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll
2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe
2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe
2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll
2014-04-18 01:09 . 2014-04-18 01:09 1177600 ----a-w- c:\windows\system32\atiadlxx.dll
2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:08 . 2014-04-18 01:08 95744 ----a-w- c:\windows\system32\amdave64.dll
2014-04-18 01:08 . 2014-04-18 01:08 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2014-04-18 01:08 . 2014-04-18 01:08 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-04-18 01:08 . 2014-04-18 01:08 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-04-18 01:07 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 638976 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-04-18 01:04 . 2014-04-18 01:04 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-04-15 00:13 . 2014-05-14 15:42 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CMD"="start http://extendedunlimited.org && exit" [X]
"Akamai NetSession Interface"="c:\users\A\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"F.lux"="c:\users\A\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2013-11-05 242688]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-06-04 389120]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-11 6564120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-11-16 604672]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-18 767200]
.
c:\users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files (x86)\LG Soft India\forteManager\bin\Monitor.exe -startup [2013-9-1 1687552]
NETGEAR WNA3100 Genie.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2013-8-28 8364288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\program files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys;c:\program files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [x]
R3 LGII2CDevice;LGII2CDevice;c:\program files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys;c:\program files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys;c:\windows\SYSNATIVE\drivers\RecFltr.sys [x]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 08:58 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-21 19:07]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 00:26]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\ai7xt9hd.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\GPU Tweak\2dpainting.exe
.
**************************************************************************
.
Completion time: 2014-06-24  17:55:02 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-24 21:55
.
Pre-Run: 1,342,562,189,312 bytes free
Post-Run: 1,342,075,105,280 bytes free
.
- - End Of File - - C4FD1C0AB036CB0E01DA4D2E48D83A48
A36C5E4F47E84449FF07ED3517B43A31
 
 

 



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 PM

Posted 03 July 2014 - 12:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539321 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Gone2Far

Gone2Far
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 04 July 2014 - 11:54 AM

Here is the DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.55.2
Run by A at 12:45:15 on 2014-07-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8158.4958 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\A\AppData\Local\Akamai\netsession_win.exe
C:\Users\A\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\A\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.212\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.99\deploy\LolClient.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;*.local
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
uRun: [Akamai NetSession Interface] "C:\Users\A\AppData\Local\Akamai\netsession_win.exe"
uRun: [F.lux] "C:\Users\A\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\A\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORTEM~1.LNK - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{45961D87-C234-427F-8AD1-A7D5576105F3} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F0956BCF-2C88-49A2-BABF-4877B7503B65} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\ai7xt9hd.default\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-8-28 25056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-1-26 283064]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2013-12-2 90112]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-8-11 1498000]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-2 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-2 860472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2013-10-30 140800]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-20 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-2 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-2 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2013-5-31 38016]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2013-8-28 303360]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-8-28 1256192]
S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2013-9-1 14336]
S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2013-9-1 18432]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-11 20992]
S3 RecFltr;Reclusa Keyboard;C:\Windows\System32\drivers\RecFltr.sys [2007-1-18 45440]
S3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2010-4-7 446304]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-17 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-07-04 06:24:22 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7AD01F0-B1C4-420A-A80F-2EE0A0B22ADC}\mpengine.dll
2014-07-03 06:25:11 10779000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-03 03:57:02 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAA.DLL
2014-07-03 03:57:02 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAA.DLL
2014-07-03 03:56:52 385024 ----a-w- C:\Windows\System32\CNMLMAA.DLL
2014-07-03 03:56:48 348672 ----a-w- C:\Windows\System32\CNC280L.dll
2014-07-03 03:56:48 307200 ----a-w- C:\Windows\SysWow64\CNC280L.dll
2014-07-03 03:56:48 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2014-07-03 03:56:48 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2014-07-03 03:56:48 1354240 ----a-w- C:\Windows\System32\CNC280C.dll
2014-07-03 03:56:48 112128 ----a-w- C:\Windows\System32\CNC280I.dll
2014-07-03 03:56:48 106496 ----a-w- C:\Windows\SysWow64\CNC280U.dll
2014-07-02 07:01:35 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-02 07:01:05 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-02 07:01:05 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-02 07:01:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-01 04:30:35 -------- d-----w- C:\Users\A\AppData\Roaming\Maple
2014-07-01 04:29:45 -------- d-----w- C:\Users\A\.gstreamer-0.10
2014-07-01 04:29:40 -------- d-----w- C:\Users\A\.maplesoft
2014-07-01 04:26:34 60184 ----a-w- C:\Windows\System32\maplec.dll
2014-07-01 04:26:34 2295064 ----a-w- C:\Windows\System32\WMIMPLEX.dll
2014-07-01 04:24:25 -------- d-----w- C:\Program Files\Maple 18
2014-06-29 09:08:50 -------- d-----w- C:\Users\A\AppData\Local\Harebrained Schemes
2014-06-29 09:03:53 -------- d-----w- C:\Program Files (x86)\Shadowrun Returns
2014-06-24 21:50:37 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-24 21:39:51 98816 ----a-w- C:\Windows\sed.exe
2014-06-24 21:39:51 256000 ----a-w- C:\Windows\PEV.exe
2014-06-24 21:39:51 208896 ----a-w- C:\Windows\MBR.exe
2014-06-24 21:36:29 -------- d-----w- C:\Program Files\CCleaner
2014-06-23 19:46:35 -------- d-----w- C:\Users\A\AppData\Roaming\Mathematica
2014-06-23 19:46:35 -------- d-----w- C:\Users\A\AppData\Local\Mathematica
2014-06-23 19:42:17 -------- d-----w- C:\Program Files\Common Files\Wolfram Research
2014-06-23 19:42:16 -------- d-----w- C:\ProgramData\Mathematica
2014-06-23 19:42:16 -------- d-----w- C:\Program Files\Extras
2014-06-23 19:42:16 -------- d-----w- C:\Program Files (x86)\Common Files\Wolfram Research
2014-06-23 19:42:16 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft
2014-06-23 19:36:02 -------- d-----w- C:\Program Files\Wolfram Research
.
==================== Find3M  ====================
.
2014-06-17 19:07:28 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-17 19:07:28 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-18 22:15:03 291760 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-18 22:15:03 291760 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-04-18 22:04:59 291488 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-18 22:02:25 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-04-18 02:43:08 127872 ----a-w- C:\Windows\System32\amdhcp64.dll
2014-04-18 02:43:06 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-04-18 02:43:06 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-04-18 02:43:06 117560 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2014-04-18 02:43:04 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-04-18 02:43:04 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-04-18 02:43:00 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-04-18 02:42:58 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-04-18 02:42:58 117584 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-04-18 02:42:56 99520 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-04-18 02:42:54 1343272 ----a-w- C:\Windows\System32\aticfx64.dll
2014-04-18 02:42:52 1117184 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-04-18 02:42:48 10335208 ----a-w- C:\Windows\System32\atidxx64.dll
2014-04-18 02:42:46 8866928 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-04-18 02:42:40 6796592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-04-18 02:42:36 6799688 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-04-18 02:42:30 7520200 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-04-18 02:42:28 8010968 ----a-w- C:\Windows\System32\atiumd64.dll
2014-04-18 02:39:06 274656 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-04-18 02:36:46 15376384 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-04-18 02:33:02 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-04-18 02:28:30 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2014-04-18 02:23:08 231424 ----a-w- C:\Windows\System32\clinfo.exe
2014-04-18 02:22:54 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-04-18 02:22:48 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-04-18 02:22:42 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-04-18 02:22:38 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-04-18 02:22:32 28685824 ----a-w- C:\Windows\System32\amdocl64.dll
2014-04-18 02:19:54 24107520 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-04-18 02:17:28 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-04-18 02:17:24 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-04-18 02:13:30 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-04-18 02:13:10 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-04-18 02:12:54 27907584 ----a-w- C:\Windows\System32\atio6axx.dll
2014-04-18 02:12:48 5442048 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-04-18 01:58:32 4358656 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-04-18 01:51:44 23409152 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-04-18 01:46:34 368128 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-04-18 01:46:26 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-04-18 01:46:24 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-04-18 01:46:18 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-04-18 01:46:18 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-04-18 01:46:04 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-04-18 01:45:56 91136 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-04-18 01:45:46 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42:52 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-04-18 01:33:06 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-04-18 01:33:02 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-04-18 01:30:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-04-18 01:30:02 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-04-18 01:29:54 586240 ----a-w- C:\Windows\System32\atieclxx.exe
2014-04-18 01:29:24 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-04-18 01:28:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-04-18 01:21:30 806912 ----a-w- C:\Windows\System32\coinst_14.100.dll
2014-04-18 01:09:20 1177600 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-04-18 01:09:00 848896 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2014-04-18 01:08:50 95744 ----a-w- C:\Windows\System32\amdave64.dll
2014-04-18 01:08:44 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2014-04-18 01:08:34 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2014-04-18 01:08:28 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2014-04-18 01:07:54 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2014-04-18 01:07:46 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2014-04-18 01:07:46 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2014-04-18 01:07:36 146944 ----a-w- C:\Windows\System32\atig6txx.dll
2014-04-18 01:07:20 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2014-04-18 01:07:06 638976 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2014-04-18 01:04:24 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2014-04-15 00:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 12:48:21.50 ===============
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 04 July 2014 - 01:38 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad and copy/paste the text in the quote box below into it:
 
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CMD"=-

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
====

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#5 Gone2Far

Gone2Far
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 04 July 2014 - 02:25 PM

The webpage no longer opens after running AdwCleaner and rebooting. Is it still necessary to post logs or can I request this thread to be closed?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 05 July 2014 - 06:46 AM

Your call.

#7 Gone2Far

Gone2Far
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 05 July 2014 - 03:37 PM

I guess it couldn't hurt to be sure. Here are my logs:
 
Combo Fix Log:
ComboFix 14-07-03.01 - A 04-Jul-14  15:03:57.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8158.4706 [GMT -4:00]
Running from: c:\users\A\Downloads\ComboFix.exe
Command switches used :: c:\users\A\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\A\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-04 to 2014-07-04  )))))))))))))))))))))))))))))))
.
.
2014-07-04 19:11 . 2014-07-04 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-04 06:24 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7AD01F0-B1C4-420A-A80F-2EE0A0B22ADC}\mpengine.dll
2014-07-03 06:25 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-03 03:57 . 2012-03-14 09:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAA.DLL
2014-07-03 03:57 . 2012-03-14 09:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAA.DLL
2014-07-03 03:56 . 2012-03-14 09:00 385024 ----a-w- c:\windows\system32\CNMLMAA.DLL
2014-07-03 03:56 . 2010-03-18 23:26 348672 ----a-w- c:\windows\system32\CNC280L.dll
2014-07-03 03:56 . 2010-03-18 23:25 307200 ----a-w- c:\windows\SysWow64\CNC280L.dll
2014-07-03 03:56 . 2010-03-18 21:13 1354240 ----a-w- c:\windows\system32\CNC280C.dll
2014-07-03 03:56 . 2010-03-18 21:13 112128 ----a-w- c:\windows\system32\CNC280I.dll
2014-07-03 03:56 . 2010-03-18 21:11 106496 ----a-w- c:\windows\SysWow64\CNC280U.dll
2014-07-03 03:56 . 2008-08-25 22:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2014-07-03 03:56 . 2008-08-25 22:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2014-07-02 07:01 . 2014-07-04 18:03 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-02 07:01 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-02 07:01 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-02 07:01 . 2014-07-02 07:01 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-01 04:30 . 2014-07-01 04:30 -------- d-----w- c:\users\A\AppData\Roaming\Maple
2014-07-01 04:29 . 2014-07-01 04:29 -------- d-----w- c:\users\A\.gstreamer-0.10
2014-07-01 04:29 . 2014-07-03 06:49 -------- d-----w- c:\users\A\.maplesoft
2014-07-01 04:26 . 2014-02-11 01:08 2295064 ----a-w- c:\windows\system32\WMIMPLEX.dll
2014-07-01 04:26 . 2014-02-11 01:01 60184 ----a-w- c:\windows\system32\maplec.dll
2014-07-01 04:24 . 2014-07-01 04:27 -------- d-----w- c:\program files\Maple 18
2014-06-29 09:08 . 2014-06-29 09:08 -------- d-----w- c:\users\A\AppData\Local\Harebrained Schemes
2014-06-29 09:03 . 2014-06-29 09:07 -------- d-----w- c:\program files (x86)\Shadowrun Returns
2014-06-24 21:36 . 2014-06-24 21:36 -------- d-----w- c:\program files\CCleaner
2014-06-23 19:46 . 2014-06-23 20:04 -------- d-----w- c:\users\A\AppData\Local\Mathematica
2014-06-23 19:46 . 2014-06-23 19:49 -------- d-----w- c:\users\A\AppData\Roaming\Mathematica
2014-06-23 19:42 . 2014-06-23 19:42 -------- d-----w- c:\program files\Common Files\Wolfram Research
2014-06-23 19:42 . 2014-06-23 19:49 -------- d-----w- c:\programdata\Mathematica
2014-06-23 19:42 . 2014-06-23 19:42 -------- d-----w- c:\program files (x86)\Common Files\Wolfram Research
2014-06-23 19:42 . 2014-06-23 19:42 -------- d-----w- c:\program files\Extras
2014-06-23 19:42 . 2014-06-23 19:42 -------- d-----w- c:\program files (x86)\Common Files\ResearchSoft
2014-06-23 19:36 . 2014-06-23 19:36 -------- d-----w- c:\program files\Wolfram Research
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\THR_____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\THI_____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\THBI____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\THB_____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\SYP_____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\MP______.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\MaplePi.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\HEO_____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\HEN_____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\HEBO____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\HEB_____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX9_.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX8_.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX7_.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX6_.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX5_.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX4_.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX3_.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX2_.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX17.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX16.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX15.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX14.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX13.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX12.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX11.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX10.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\ESSTIX1_.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\COO_____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\CON_____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\COBO____.fot
2014-07-01 04:26 . 2014-07-01 04:26 1409 ----a-w- c:\windows\Fonts\COB_____.fot
2014-06-17 19:07 . 2014-01-21 02:16 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-17 19:07 . 2014-01-21 02:16 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-12 11:25 . 2014-03-20 07:18 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-18 22:15 . 2014-04-18 22:04 291760 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-18 22:15 . 2014-04-18 22:02 291760 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-18 22:04 . 2014-04-18 22:02 291488 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-18 22:02 . 2014-04-18 22:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-18 02:43 . 2014-04-18 02:43 127872 ----a-w- c:\windows\system32\amdhcp64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-04-18 02:43 . 2014-04-18 02:43 117560 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-04-18 02:43 . 2013-06-04 23:12 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2014-04-18 02:42 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2013-06-04 23:12 117584 ----a-w- c:\windows\system32\atiu9p64.dll
2014-04-18 02:42 . 2013-06-04 23:12 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-04-18 02:42 . 2013-06-04 23:11 1343272 ----a-w- c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2013-06-04 23:11 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2013-06-04 23:11 10335208 ----a-w- c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2013-06-04 23:11 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:42 . 2013-06-04 23:11 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-04-18 02:42 . 2013-06-04 23:11 7520200 ----a-w- c:\windows\system32\atiumd6a.dll
2014-04-18 02:42 . 2013-06-04 23:11 8010968 ----a-w- c:\windows\system32\atiumd64.dll
2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-04-18 02:33 . 2014-04-18 02:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-04-18 02:28 . 2014-04-18 02:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe
2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll
2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll
2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll
2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe
2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe
2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll
2014-04-18 01:09 . 2014-04-18 01:09 1177600 ----a-w- c:\windows\system32\atiadlxx.dll
2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:08 . 2014-04-18 01:08 95744 ----a-w- c:\windows\system32\amdave64.dll
2014-04-18 01:08 . 2014-04-18 01:08 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2014-04-18 01:08 . 2014-04-18 01:08 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-04-18 01:08 . 2014-04-18 01:08 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\A\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"F.lux"="c:\users\A\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2013-11-05 242688]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-06-04 389120]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-11 6564120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-11-16 604672]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-18 767200]
.
c:\users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files (x86)\LG Soft India\forteManager\bin\Monitor.exe -startup [2013-9-1 1687552]
NETGEAR WNA3100 Genie.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2013-8-28 8364288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\program files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys;c:\program files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [x]
R3 LGII2CDevice;LGII2CDevice;c:\program files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys;c:\program files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys;c:\windows\SYSNATIVE\drivers\RecFltr.sys [x]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 08:58 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-21 19:07]
.
2014-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 00:26]
.
2014-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\ai7xt9hd.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-04  15:13:17
ComboFix-quarantined-files.txt  2014-07-04 19:13
ComboFix2.txt  2014-06-24 21:55
.
Pre-Run: 1,330,680,377,344 bytes free
Post-Run: 1,330,476,347,392 bytes free
.
- - End Of File - - B1B3FC84C38B8558F306257336419D02
A36C5E4F47E84449FF07ED3517B43A31
 

AdwCleaner Log:

# AdwCleaner v3.214 - Report created 04/07/2014 at 15:20:57
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : A - A-PC
# Running from : C:\Users\A\Downloads\adwcleaner_3.214 (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\A\daemonprocess.txt
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16736
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\ai7xt9hd.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0EyC0AtDyE0AyDtDyCzztN0D0Tzu0CyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1389685918&ir=
Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
 
*************************
 
AdwCleaner[R0].txt - [3642 octets] - [20/03/2014 03:54:24]
AdwCleaner[R1].txt - [1444 octets] - [04/07/2014 15:14:16]
AdwCleaner[R2].txt - [1654 octets] - [04/07/2014 15:20:14]
AdwCleaner[S0].txt - [2883 octets] - [20/03/2014 04:00:12]
AdwCleaner[S1].txt - [1589 octets] - [04/07/2014 15:20:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1649 octets] ##########
 
Farbar Log:
 
Ran by A (administrator) on A-PC on 05-07-2014 16:35:05
Running from C:\Users\A\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Users\A\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\A\AppData\Local\FluxSoftware\Flux\flux.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Akamai Technologies, Inc.) C:\Users\A\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.212\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.99\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QFan Help] => C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [604672 2009-11-16] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [887936 2009-08-21] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4276929361-2624369182-1716622457-1001\...\Run: [Akamai NetSession Interface] => C:\Users\A\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4276929361-2624369182-1716622457-1001\...\Run: [F.lux] => C:\Users\A\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-4276929361-2624369182-1716622457-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4276929361-2624369182-1716622457-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-4276929361-2624369182-1716622457-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-06-04] (AMD)
HKU\S-1-5-21-4276929361-2624369182-1716622457-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-4276929361-2624369182-1716622457-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-11] (SUPERAntiSpyware)
Startup: C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk
ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x175A8B75F296CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\ai7xt9hd.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\A\AppData\Roaming\rcru\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: Adblock Plus - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\ai7xt9hd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-20]
 
Chrome: 
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0EyC0AtDyE0AyDtDyCzztN0D0Tzu0CyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1389685918&ir=
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\A\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Wolfram Mathematica) - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Happy Cloud Plugin) - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Raidcall plugin) - C:\Users\A\AppData\Roaming\rcru\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Magic Actions for YouTube™) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-04-05]
CHR Extension: (Media Hint) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-08-26]
CHR Extension: (Google Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-11]
CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
CHR Extension: (Adblock Plus) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-08-11]
CHR Extension: (Google Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-08-11]
CHR Extension: (Google Wallet) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Incognito Tab Switch) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofeampmlffjabmpdebckhpmcjkcjkahi [2013-09-13]
CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-18] ()
S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [140800 2013-10-30] (SteelSeries Corporation) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-26] (Disc Soft Ltd)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2008-12-12] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2008-12-12] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RecFltr; C:\Windows\System32\drivers\RecFltr.sys [45440 2007-01-18] ()
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2013-12-13] (Duplex Secure Ltd.)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [36352 2014-06-27] (SteelSeries ApS)
U3 ag2sdzed; C:\Windows\System32\Drivers\ag2sdzed.sys [0 ] (Advanced Micro Devices)
U3 avqzkxy6; C:\Windows\System32\Drivers\avqzkxy6.sys [0 ] (Advanced Micro Devices)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-05 16:35 - 2014-07-05 16:35 - 00022416 _____ () C:\Users\A\Downloads\FRST.txt
2014-07-05 16:34 - 2014-07-05 16:35 - 00000000 ____D () C:\FRST
2014-07-05 16:34 - 2014-07-05 16:34 - 02084352 _____ (Farbar) C:\Users\A\Downloads\FRST64.exe
2014-07-04 23:59 - 2014-07-04 23:59 - 00000032 _____ () C:\Users\A\Desktop\poop.txt
2014-07-04 18:50 - 2014-07-04 18:50 - 00275464 _____ () C:\Windows\Minidump\070414-25599-01.dmp
2014-07-04 16:08 - 2014-07-04 19:14 - 00000000 ____D () C:\Users\A\AppData\Local\SteelSeries Engine 3 Client
2014-07-04 16:08 - 2014-07-04 16:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_sshid_01011.Wdf
2014-07-04 16:08 - 2014-07-04 16:08 - 00000000 ____D () C:\Users\admin
2014-07-04 16:07 - 2014-07-04 19:08 - 00024264 _____ () C:\Windows\DPINST.LOG
2014-07-04 16:07 - 2014-07-04 16:07 - 50910112 _____ () C:\Users\A\Downloads\SteelSeriesEngine_3.2.4.exe
2014-07-04 15:20 - 2014-07-04 15:20 - 01346519 _____ () C:\Users\A\Downloads\adwcleaner_3.214 (1).exe
2014-07-04 15:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-04 15:13 - 2014-07-04 15:14 - 01346519 _____ () C:\Users\A\Downloads\adwcleaner_3.214.exe
2014-07-04 15:13 - 2014-07-04 15:13 - 00030813 _____ () C:\ComboFix.txt
2014-07-04 15:01 - 2014-07-04 15:01 - 00001339 _____ () C:\Users\A\Desktop\ComboFix - Shortcut.lnk
2014-07-04 12:48 - 2014-07-04 12:48 - 00021254 _____ () C:\Users\A\Desktop\dds.txt
2014-07-04 12:48 - 2014-07-04 12:48 - 00010233 _____ () C:\Users\A\Desktop\attach.txt
2014-07-04 12:45 - 2014-07-04 12:45 - 00688992 ____R (Swearware) C:\Users\A\Downloads\dds.com
2014-07-03 02:13 - 2014-07-03 02:13 - 00275408 _____ () C:\Windows\Minidump\070314-20592-01.dmp
2014-07-02 23:56 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAA.DLL
2014-07-02 23:56 - 2010-03-18 19:26 - 00348672 _____ (CANON INC.) C:\Windows\system32\CNC280L.dll
2014-07-02 23:56 - 2010-03-18 19:25 - 00307200 _____ (CANON INC.) C:\Windows\SysWOW64\CNC280L.dll
2014-07-02 23:56 - 2010-03-18 17:13 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNC280C.dll
2014-07-02 23:56 - 2010-03-18 17:13 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC280I.dll
2014-07-02 23:56 - 2010-03-18 17:11 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC280U.dll
2014-07-02 23:56 - 2009-11-13 14:38 - 00012800 _____ () C:\Windows\SysWOW64\CNC1746D.TBL
2014-07-02 23:56 - 2009-11-13 14:38 - 00012800 _____ () C:\Windows\system32\CNC1746D.TBL
2014-07-02 23:56 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-07-02 23:56 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2014-07-02 03:01 - 2014-07-05 01:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 03:01 - 2014-07-02 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-02 03:01 - 2014-07-02 03:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-02 03:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 03:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-01 00:30 - 2014-07-01 00:30 - 00000000 ____D () C:\Users\A\AppData\Roaming\Maple
2014-07-01 00:29 - 2014-07-03 02:49 - 00000000 ____D () C:\Users\A\.maplesoft
2014-07-01 00:29 - 2014-07-01 00:29 - 00000000 ____D () C:\Users\A\.gstreamer-0.10
2014-07-01 00:26 - 2014-07-01 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maple 18
2014-07-01 00:26 - 2014-02-10 21:08 - 02295064 _____ () C:\Windows\system32\WMIMPLEX.dll
2014-07-01 00:26 - 2014-02-10 21:01 - 00060184 _____ () C:\Windows\system32\maplec.dll
2014-07-01 00:24 - 2014-07-01 00:27 - 00000000 ____D () C:\Program Files\Maple 18
2014-07-01 00:13 - 2014-07-01 00:17 - 00000000 ____D () C:\Users\A\Downloads\Maplesoft Maple v18.0 [32-64 Bit] Incl Crack - [MUMBAI-TPB]
2014-06-29 05:09 - 2014-06-29 05:09 - 00000000 ____D () C:\Users\A\Documents\Shadowrun Returns
2014-06-29 05:08 - 2014-06-29 05:08 - 00000000 ____D () C:\Users\A\AppData\Local\Harebrained Schemes
2014-06-29 05:07 - 2014-06-29 05:07 - 00001989 _____ () C:\Users\A\Desktop\Shadowrun Returns.lnk
2014-06-29 05:07 - 2014-06-29 05:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadowrun Returns
2014-06-29 05:03 - 2014-06-29 05:07 - 00000000 ____D () C:\Program Files (x86)\Shadowrun Returns
2014-06-29 04:22 - 2014-06-29 04:26 - 00000000 ____D () C:\Users\A\Downloads\SR_RETURNS_DRAGONFALL_R.G.ILITA
2014-06-28 22:54 - 2014-07-04 18:50 - 527217804 _____ () C:\Windows\MEMORY.DMP
2014-06-28 22:54 - 2014-07-04 18:50 - 00000000 ____D () C:\Windows\Minidump
2014-06-28 22:54 - 2014-06-28 22:54 - 00279776 _____ () C:\Windows\Minidump\062814-18267-01.dmp
2014-06-27 11:52 - 2014-06-27 11:52 - 00036352 _____ (SteelSeries ApS) C:\Windows\system32\Drivers\sshid.sys
2014-06-24 17:50 - 2014-07-04 19:08 - 00003746 _____ () C:\Windows\setupact.log
2014-06-24 17:50 - 2014-07-04 15:22 - 00001290 _____ () C:\Windows\PFRO.log
2014-06-24 17:50 - 2014-06-24 17:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-24 17:39 - 2014-07-04 15:13 - 00000000 ____D () C:\Qoobox
2014-06-24 17:39 - 2014-07-04 15:01 - 05213907 ____R (Swearware) C:\Users\A\Downloads\ComboFix.exe
2014-06-24 17:39 - 2014-06-24 17:54 - 00000000 ____D () C:\Windows\erdnt
2014-06-24 17:39 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-24 17:39 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-24 17:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-24 17:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-24 17:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-24 17:39 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-24 17:39 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-24 17:39 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-24 17:36 - 2014-06-24 17:36 - 04429440 _____ (Piriform Ltd) C:\Users\A\Downloads\ccsetup404.exe
2014-06-24 17:36 - 2014-06-24 17:36 - 00002764 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-24 17:36 - 2014-06-24 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-24 17:36 - 2014-06-24 17:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-23 15:46 - 2014-06-23 16:04 - 00000000 ____D () C:\Users\A\AppData\Local\Mathematica
2014-06-23 15:46 - 2014-06-23 15:49 - 00000000 ____D () C:\Users\A\AppData\Roaming\Mathematica
2014-06-23 15:42 - 2014-06-23 15:49 - 00000000 ____D () C:\ProgramData\Mathematica
2014-06-23 15:42 - 2014-06-23 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
2014-06-23 15:42 - 2014-06-23 15:42 - 00000000 ____D () C:\Program Files\Extras
2014-06-23 15:42 - 2014-06-23 15:42 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-06-23 15:37 - 2013-01-24 19:54 - 00369968 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i3.dll
2014-06-23 15:37 - 2013-01-24 19:54 - 00360752 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcpip32.mlp
2014-06-23 15:37 - 2013-01-24 19:54 - 00258864 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i2.dll
2014-06-23 15:37 - 2013-01-24 19:54 - 00252720 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i1.dll
2014-06-23 15:37 - 2013-01-24 19:54 - 00173360 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmodule32.dll
2014-06-23 15:37 - 2013-01-24 19:54 - 00095536 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcp32.mlp
2014-06-23 15:37 - 2013-01-24 19:54 - 00088368 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlshm32.mlp
2014-06-23 15:37 - 2013-01-24 19:54 - 00078128 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmap32.mlp
2014-06-23 15:37 - 2013-01-24 19:53 - 00437552 _____ (Wolfram Research, Inc.) C:\Windows\system32\ml64i3.dll
2014-06-23 15:37 - 2013-01-24 19:53 - 00426288 _____ (Wolfram Research, Inc.) C:\Windows\system32\mltcpip64.mlp
2014-06-23 15:37 - 2013-01-24 19:53 - 00303408 _____ (Wolfram Research, Inc.) C:\Windows\system32\ml64i2.dll
2014-06-23 15:37 - 2013-01-24 19:53 - 00181040 _____ (Wolfram Research, Inc.) C:\Windows\system32\mlmodule64.dll
2014-06-23 15:37 - 2013-01-24 19:53 - 00104240 _____ (Wolfram Research, Inc.) C:\Windows\system32\mltcp64.mlp
2014-06-23 15:37 - 2013-01-24 19:53 - 00099632 _____ (Wolfram Research, Inc.) C:\Windows\system32\mlshm64.mlp
2014-06-23 15:36 - 2014-06-23 15:36 - 00000000 ____D () C:\Program Files\Wolfram Research
2014-06-23 15:20 - 2014-06-23 15:20 - 00000000 ____D () C:\Users\A\Downloads\Wolfram Research Mathematica 9.0.1
2014-06-05 01:29 - 2014-06-05 01:53 - 00000000 ____D () C:\Users\A\Desktop\MapleStory
2014-06-05 01:29 - 2014-06-05 01:29 - 02556712 _____ () C:\Users\A\Downloads\MapleStory_Downloader.exe
2014-06-05 01:29 - 2014-06-05 01:29 - 00000174 _____ () C:\console.log
 
==================== One Month Modified Files and Folders =======
 
2014-07-05 16:35 - 2014-07-05 16:35 - 00022416 _____ () C:\Users\A\Downloads\FRST.txt
2014-07-05 16:35 - 2014-07-05 16:34 - 00000000 ____D () C:\FRST
2014-07-05 16:34 - 2014-07-05 16:34 - 02084352 _____ (Farbar) C:\Users\A\Downloads\FRST64.exe
2014-07-05 16:26 - 2013-08-11 22:14 - 00000000 ____D () C:\Users\A\AppData\Roaming\Skype
2014-07-05 16:22 - 2014-01-20 22:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 16:03 - 2013-08-11 20:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-05 14:25 - 2013-08-11 20:20 - 01645117 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 09:03 - 2013-08-11 20:26 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-05 01:59 - 2014-07-02 03:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 01:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-05 00:24 - 2014-04-19 00:03 - 00000000 ____D () C:\Users\A\AppData\Local\Battle.net
2014-07-04 23:59 - 2014-07-04 23:59 - 00000032 _____ () C:\Users\A\Desktop\poop.txt
2014-07-04 20:38 - 2013-08-26 16:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-04 19:14 - 2014-07-04 16:08 - 00000000 ____D () C:\Users\A\AppData\Local\SteelSeries Engine 3 Client
2014-07-04 19:08 - 2014-07-04 16:07 - 00024264 _____ () C:\Windows\DPINST.LOG
2014-07-04 19:08 - 2014-06-24 17:50 - 00003746 _____ () C:\Windows\setupact.log
2014-07-04 19:02 - 2014-01-05 22:41 - 00000000 ____D () C:\Users\A\AppData\Roaming\SteelSeries
2014-07-04 19:01 - 2014-01-05 20:13 - 00000000 ____D () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-07-04 19:01 - 2014-01-05 20:13 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-07-04 19:01 - 2014-01-05 20:12 - 00000000 ____D () C:\Program Files\SteelSeries
2014-07-04 18:57 - 2009-07-14 00:45 - 00019584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 18:57 - 2009-07-14 00:45 - 00019584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 18:51 - 2014-05-19 10:51 - 00000000 ____D () C:\Users\A\AppData\Roaming\DropboxMaster
2014-07-04 18:51 - 2013-08-11 21:21 - 00000000 ___RD () C:\Users\A\Dropbox
2014-07-04 18:51 - 2013-08-11 21:13 - 00000000 ____D () C:\Users\A\AppData\Roaming\Dropbox
2014-07-04 18:50 - 2014-07-04 18:50 - 00275464 _____ () C:\Windows\Minidump\070414-25599-01.dmp
2014-07-04 18:50 - 2014-06-28 22:54 - 527217804 _____ () C:\Windows\MEMORY.DMP
2014-07-04 18:50 - 2014-06-28 22:54 - 00000000 ____D () C:\Windows\Minidump
2014-07-04 18:50 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 16:08 - 2014-07-04 16:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_sshid_01011.Wdf
2014-07-04 16:08 - 2014-07-04 16:08 - 00000000 ____D () C:\Users\admin
2014-07-04 16:07 - 2014-07-04 16:07 - 50910112 _____ () C:\Users\A\Downloads\SteelSeriesEngine_3.2.4.exe
2014-07-04 15:22 - 2014-06-24 17:50 - 00001290 _____ () C:\Windows\PFRO.log
2014-07-04 15:21 - 2014-03-20 03:54 - 00000000 ____D () C:\AdwCleaner
2014-07-04 15:20 - 2014-07-04 15:20 - 01346519 _____ () C:\Users\A\Downloads\adwcleaner_3.214 (1).exe
2014-07-04 15:20 - 2013-08-11 20:24 - 00000000 ____D () C:\Users\A
2014-07-04 15:14 - 2014-07-04 15:13 - 01346519 _____ () C:\Users\A\Downloads\adwcleaner_3.214.exe
2014-07-04 15:13 - 2014-07-04 15:13 - 00030813 _____ () C:\ComboFix.txt
2014-07-04 15:13 - 2014-06-24 17:39 - 00000000 ____D () C:\Qoobox
2014-07-04 15:11 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-04 15:01 - 2014-07-04 15:01 - 00001339 _____ () C:\Users\A\Desktop\ComboFix - Shortcut.lnk
2014-07-04 15:01 - 2014-06-24 17:39 - 05213907 ____R (Swearware) C:\Users\A\Downloads\ComboFix.exe
2014-07-04 12:48 - 2014-07-04 12:48 - 00021254 _____ () C:\Users\A\Desktop\dds.txt
2014-07-04 12:48 - 2014-07-04 12:48 - 00010233 _____ () C:\Users\A\Desktop\attach.txt
2014-07-04 12:45 - 2014-07-04 12:45 - 00688992 ____R (Swearware) C:\Users\A\Downloads\dds.com
2014-07-03 21:37 - 2014-06-02 02:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-03 21:36 - 2014-04-19 00:04 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-07-03 21:36 - 2014-04-19 00:03 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-03 02:49 - 2014-07-01 00:29 - 00000000 ____D () C:\Users\A\.maplesoft
2014-07-03 02:13 - 2014-07-03 02:13 - 00275408 _____ () C:\Windows\Minidump\070314-20592-01.dmp
2014-07-02 23:57 - 2013-09-02 19:38 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-07-02 23:56 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-07-02 03:01 - 2014-07-02 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-02 03:01 - 2014-07-02 03:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-02 03:01 - 2014-03-20 03:18 - 00000000 ____D () C:\Users\A\AppData\Roaming\Malwarebytes
2014-07-02 03:01 - 2014-03-20 03:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 03:01 - 2014-03-20 03:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-02 02:15 - 2009-07-14 00:45 - 00489056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-02 01:36 - 2013-08-11 21:09 - 00000000 ____D () C:\Users\A\AppData\Roaming\uTorrent
2014-07-01 22:00 - 2009-07-14 01:13 - 00780868 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-01 18:10 - 2013-09-11 19:37 - 00000000 ____D () C:\Users\A\Desktop\Werk
2014-07-01 15:05 - 2013-08-11 20:25 - 00133368 _____ () C:\Users\A\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-01 00:30 - 2014-07-01 00:30 - 00000000 ____D () C:\Users\A\AppData\Roaming\Maple
2014-07-01 00:29 - 2014-07-01 00:29 - 00000000 ____D () C:\Users\A\.gstreamer-0.10
2014-07-01 00:27 - 2014-07-01 00:24 - 00000000 ____D () C:\Program Files\Maple 18
2014-07-01 00:26 - 2014-07-01 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maple 18
2014-07-01 00:17 - 2014-07-01 00:13 - 00000000 ____D () C:\Users\A\Downloads\Maplesoft Maple v18.0 [32-64 Bit] Incl Crack - [MUMBAI-TPB]
2014-06-29 05:09 - 2014-06-29 05:09 - 00000000 ____D () C:\Users\A\Documents\Shadowrun Returns
2014-06-29 05:08 - 2014-06-29 05:08 - 00000000 ____D () C:\Users\A\AppData\Local\Harebrained Schemes
2014-06-29 05:07 - 2014-06-29 05:07 - 00001989 _____ () C:\Users\A\Desktop\Shadowrun Returns.lnk
2014-06-29 05:07 - 2014-06-29 05:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadowrun Returns
2014-06-29 05:07 - 2014-06-29 05:03 - 00000000 ____D () C:\Program Files (x86)\Shadowrun Returns
2014-06-29 05:07 - 2013-09-18 14:33 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-29 05:07 - 2013-09-18 14:33 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-29 04:26 - 2014-06-29 04:22 - 00000000 ____D () C:\Users\A\Downloads\SR_RETURNS_DRAGONFALL_R.G.ILITA
2014-06-28 22:54 - 2014-06-28 22:54 - 00279776 _____ () C:\Windows\Minidump\062814-18267-01.dmp
2014-06-28 13:37 - 2013-08-11 21:22 - 00000000 ____D () C:\Users\A\AppData\Roaming\DisplayFusion
2014-06-27 11:52 - 2014-06-27 11:52 - 00036352 _____ (SteelSeries ApS) C:\Windows\system32\Drivers\sshid.sys
2014-06-26 03:13 - 2014-02-18 16:26 - 00001852 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-24 17:55 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-06-24 17:54 - 2014-06-24 17:39 - 00000000 ____D () C:\Windows\erdnt
2014-06-24 17:50 - 2014-06-24 17:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-24 17:49 - 2009-07-13 22:34 - 72613888 _____ () C:\Windows\system32\config\software.bak
2014-06-24 17:49 - 2009-07-13 22:34 - 20185088 _____ () C:\Windows\system32\config\system.bak
2014-06-24 17:49 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-06-24 17:49 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-06-24 17:49 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-06-24 17:48 - 2014-01-20 22:15 - 00000000 ____D () C:\Users\A\AppData\Local\Adobe
2014-06-24 17:39 - 2014-01-26 19:17 - 00000000 ____D () C:\Users\A\AppData\Roaming\DAEMON Tools Lite
2014-06-24 17:39 - 2013-10-15 20:10 - 00000000 ____D () C:\Users\A\AppData\Roaming\FileZilla
2014-06-24 17:39 - 2013-08-12 00:10 - 00000000 ____D () C:\Windows\Panther
2014-06-24 17:36 - 2014-06-24 17:36 - 04429440 _____ (Piriform Ltd) C:\Users\A\Downloads\ccsetup404.exe
2014-06-24 17:36 - 2014-06-24 17:36 - 00002764 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-24 17:36 - 2014-06-24 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-24 17:36 - 2014-06-24 17:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-23 16:04 - 2014-06-23 15:46 - 00000000 ____D () C:\Users\A\AppData\Local\Mathematica
2014-06-23 15:49 - 2014-06-23 15:46 - 00000000 ____D () C:\Users\A\AppData\Roaming\Mathematica
2014-06-23 15:49 - 2014-06-23 15:42 - 00000000 ____D () C:\ProgramData\Mathematica
2014-06-23 15:42 - 2014-06-23 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
2014-06-23 15:42 - 2014-06-23 15:42 - 00000000 ____D () C:\Program Files\Extras
2014-06-23 15:42 - 2014-06-23 15:42 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-06-23 15:36 - 2014-06-23 15:36 - 00000000 ____D () C:\Program Files\Wolfram Research
2014-06-23 15:20 - 2014-06-23 15:20 - 00000000 ____D () C:\Users\A\Downloads\Wolfram Research Mathematica 9.0.1
2014-06-17 15:24 - 2014-01-20 22:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-17 15:07 - 2014-01-20 22:16 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-17 15:07 - 2014-01-20 22:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-17 08:58 - 2013-08-11 20:26 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 08:58 - 2013-08-11 20:26 - 00003632 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 00:45 - 2014-05-28 12:05 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-06-17 00:45 - 2014-02-18 01:08 - 00000000 ____D () C:\ProgramData\Orbit
2014-06-17 00:45 - 2013-11-09 16:07 - 00000000 ____D () C:\Users\A\Documents\My Games
2014-06-11 13:32 - 2014-02-18 16:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-05 01:53 - 2014-06-05 01:29 - 00000000 ____D () C:\Users\A\Desktop\MapleStory
2014-06-05 01:52 - 2013-09-04 15:36 - 00000192 _____ () C:\Users\Public\Desktop\MapleStory.url
2014-06-05 01:49 - 2013-09-04 15:33 - 00000000 ____D () C:\Nexon
2014-06-05 01:29 - 2014-06-05 01:29 - 02556712 _____ () C:\Users\A\Downloads\MapleStory_Downloader.exe
2014-06-05 01:29 - 2014-06-05 01:29 - 00000174 _____ () C:\console.log
 
Some content of TEMP:
====================
C:\Users\A\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjh7rn7.dll
C:\Users\A\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-29 10:45
 
==================== End Of Log ============================

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 06 July 2014 - 08:08 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0EyC0AtDyE0AyDtDyCzztN0D0Tzu0CyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1389685918&ir=
U3 ag2sdzed; C:\Windows\System32\Drivers\ag2sdzed.sys [0 ] (Advanced Micro Devices)
U3 avqzkxy6; C:\Windows\System32\Drivers\avqzkxy6.sys [0 ] (Advanced Micro Devices)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\A\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjh7rn7.dll
C:\Users\A\AppData\Local\Temp\Quarantine.exe
C:\Windows\System32\Drivers\ag2sdzed.sys
C:\Windows\System32\Drivers\avqzkxy6.sys

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 12 July 2014 - 07:27 AM

Are you still with me?

#10 Gone2Far

Gone2Far
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 12 July 2014 - 07:58 AM

Sorry about that! I'm having some issues with my ISP at the moment and can't hey internet access on that computer (nothing to to with this virus problem though!); would it be possible to give me until Sunday/Monday to reply?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 12 July 2014 - 09:13 AM

Yes. Just keep me posted if you need more time.

#12 Gone2Far

Gone2Far
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 16 July 2014 - 02:01 PM

This is the FixLog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01

Ran by A at 2014-07-16 14:54:15 Run:1
Running from C:\Users\A\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0EyC0AtDyE0AyDtDyCzztN0D0Tzu0CyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1389685918&ir=
U3 ag2sdzed; C:\Windows\System32\Drivers\ag2sdzed.sys [0 ] (Advanced Micro Devices)
U3 avqzkxy6; C:\Windows\System32\Drivers\avqzkxy6.sys [0 ] (Advanced Micro Devices)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\A\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjh7rn7.dll
C:\Users\A\AppData\Local\Temp\Quarantine.exe
C:\Windows\System32\Drivers\ag2sdzed.sys
C:\Windows\System32\Drivers\avqzkxy6.sys
 
End
*****************
 
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf' => Key deleted successfully.
C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf' => Key deleted successfully.
C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin' => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0EyC0AtDyE0AyDtDyCzztN0D0Tzu0CyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1389685918&ir= ==> The Chrome "Settings" can be used to fix the entry.
ag2sdzed => Service not found.
avqzkxy6 => Service not found.
catchme => Service deleted successfully.
EagleX64 => Service deleted successfully.
IOMap => Unable to stop service
IOMap => Error deleting Service
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"C:\Users\A\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjh7rn7.dll" => File/Directory not found.
C:\Users\A\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Windows\System32\Drivers\ag2sdzed.sys" => File/Directory not found.
"C:\Windows\System32\Drivers\avqzkxy6.sys" => File/Directory not found.
 
==== End of Fixlog ====
 
Security Check:
 

Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Mozilla Firefox (26.0) 
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 17 July 2014 - 07:08 AM

Java 7 Update 65
Java version out of Date!

You have the latest version. The tools needs to be updated.

===

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#14 Gone2Far

Gone2Far
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 17 July 2014 - 01:25 PM

Thanks a lot for your help nasdaq! One last thing though: what do you mean by "the tools need to be updated"?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 18 July 2014 - 08:07 AM

The Security Check tool.
It must be updated by the owner when ever a version of the programs it check is revised.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users