Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(Firefox) Search Engines redirecting to Youtube


  • This topic is locked This topic is locked
9 replies to this topic

#1 NydusTemplar

NydusTemplar

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 09 October 2014 - 03:18 AM

An update:

 

After having submitted this post, I found the program GMER and ran it.  Several entries were found.  I don't know for certain if it corrected anything, but today the SpyBot: S&D prompts did not appear as usual.  After a few clicks thru the affected search engines, I did not have any redirect issues.  I'll post the GMER log below.  I don't know if this means the problem has actually be resolved or just a symptom has ceased showing.  I understand if that means this is no longer a priority, but if one could take a gander at it to see if there are any tell-tale signs of something lurking within, I'd appreciate it.  However, if this constitutes a 'just checking' type which normally results in a thread closure/deletion, that's fine.  I'll remake the thread and follow the proper steps again.  Thank you.

 

GMER Log

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-09 05:03:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_DT01ACA100 rev.MS2OA750 931.51GB
Running: ibseh1dq.exe; Driver: C:\Users\Computer\AppData\Local\Temp\pgdyikow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       00000000752d1465 2 bytes [2D, 75]
.text  C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000752d14bb 2 bytes [2D, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000752d1465 2 bytes [2D, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000752d14bb 2 bytes [2D, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2640] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            00000000752d1465 2 bytes [2D, 75]
.text  C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2640] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                           00000000752d14bb 2 bytes [2D, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000752d1465 2 bytes [2D, 75]
.text  C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752d14bb 2 bytes [2D, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\AVG\AVG2014\avgui.exe[2860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             00000000752d1465 2 bytes [2D, 75]
.text  C:\Program Files (x86)\AVG\AVG2014\avgui.exe[2860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000752d14bb 2 bytes [2D, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[3868] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            00000000752d1465 2 bytes [2D, 75]
.text  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[3868] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                           00000000752d14bb 2 bytes [2D, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000752d1465 2 bytes [2D, 75]
.text  C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752d14bb 2 bytes [2D, 75]
.text  ...                                                                                                                                                    * 2

---- Files - GMER 2.1 ----

File   C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-0cdb2d5f-71ae-4143-9e82-615056782b0d.tmp                                       0 bytes

---- EOF - GMER 2.1 ----
 

 

===Original Post===

 

Heya,

 

Thanks in advance for any help in this matter.  Recently, (as in the last 6 hours or so), my Firefox browser began randomly shifting my window toward Youtube whenever I'd attempt to use any sort of search engine.  At times, this is Google, others, it was from the Minecraftwiki.  Both times, it took me to Youtube's home webpage, although a few times it took me to the site with some sort of warning about 'too much traffic from your network' and asked for a Captcha to prove I wasn't a bot. (Beep Boop)

 

As soon as I discovered this issue, I ran Mbar and a few other anti-rootkit and anti-malware programs and this hasn't fixed the issue.  I then did a bit of a poking around on the internet (avoiding Youtube), and found this site.  I already ran ComboFix once (I didn't realize I shouldn't do so without direction, I know now), and created a log, and I've read the preparation guide and made a log with DDS as proscribed.  I 'think' SpyBot S&D was disabled when ComboFix went on its merry scan, but not 100% sure.

 

I figured I might've had some creepcrawlie in the computer since SpyBot kept reporting the same deleted entries every time I started the computer, but up until now, it hadn't done anything major.  I'm hoping we can pin it down and eliminate it.  I've got the info I care about backed up on the second hard drive, but I'll do a sweep just to be sure I got it all.  I'm going to post the recommended log here, as well as the ComboFix log.  At the bottom of the ComboFix log, I added the relevent SpyBot lines from its log.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Computer at 3:54:52 on 2014-10-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16333.13839 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C182DA48-72F6-4AF2-81F9-B3F13D8DBB68} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [MBCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\MBCfg64.dll,RunDLLEntry MBCfg64
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\17efu6vs.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-7-23 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-8-29 50976]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-21 1148744]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-8-4 9216]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-2-19 154584]
R2 MSI_Trigger_Service;MSI_Trigger_Service;C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [2014-7-23 30240]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-7-22 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-7-22 19439944]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-7-29 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-9-21 411968]
R3 DCamUSBNovatek;USB2.0 UVC Camera;C:\Windows\System32\drivers\nvtcam.sys [2010-7-14 2746624]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-7-23 370672]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-7-23 791024]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-7-23 32344]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-7-28 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-9-21 38048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-7-23 888536]
R3 XSplit_Dummy;XSplit  Stream  Audio  Renderer;C:\Windows\System32\drivers\xspltspk.sys [2014-7-2 26200]
S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [?]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2014-7-22 137488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-1-31 887232]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-22 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-22 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-22 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-22 1255736]
.
=============== Created Last 30 ================
.
2014-10-09 07:38:55    11578928    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E737CAA2-D4B2-4FFA-BC80-4BB36C953BCA}\mpengine.dll
2014-10-09 07:34:31    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-10-09 07:25:36    98816    ----a-w-    C:\Windows\sed.exe
2014-10-09 07:25:36    256000    ----a-w-    C:\Windows\PEV.exe
2014-10-09 07:25:36    208896    ----a-w-    C:\Windows\MBR.exe
2014-10-09 07:15:21    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-07 23:08:46    11578928    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-01 23:42:19    1188440    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED77B54F-1C10-44CE-9E3F-86EFB2A9F4CA}\gapaengine.dll
2014-09-30 23:03:51    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-30 23:03:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-27 02:20:52    --------    d-----r-    C:\Program Files (x86)\Skype
2014-09-25 07:25:51    --------    d-----w-    C:\Users\Computer\AppData\Roaming\Kalypso Media
2014-09-23 18:26:57    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-23 18:26:57    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-21 08:25:41    --------    d-----w-    C:\Users\Computer\AppData\Roaming\NVIDIA
2014-09-21 07:29:52    613696    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-09-21 07:29:38    934216    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-09-21 07:29:38    6890696    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-09-21 07:29:38    62608    ----a-w-    C:\Windows\System32\nvshext.dll
2014-09-21 07:29:38    3961833    ----a-w-    C:\Windows\System32\nvcoproc.bin
2014-09-21 07:29:38    385168    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-09-21 07:29:38    3529872    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-09-21 07:29:29    73872    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-09-21 07:29:29    60560    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-09-21 07:20:05    38048    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-09-21 07:20:05    32416    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2014-09-18 18:31:46    --------    d-----w-    C:\ProgramData\HitmanPro
2014-09-18 18:20:57    128728    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-18 18:20:47    92888    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-18 18:20:47    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-09-18 18:20:47    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-18 18:20:47    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-09-18 18:20:47    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 18:17:03    --------    d-----w-    C:\Windows\ERUNT
2014-09-18 18:08:12    --------    d-----w-    C:\AdwCleaner
2014-09-16 22:32:43    1188440    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-12 09:43:10    227728    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-09-10 07:01:10    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 07:01:10    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-09 20:24:49    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-09-09 20:24:49    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-09-09 20:24:35    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-09-09 20:24:35    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-09-09 20:24:19    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-09 20:24:19    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-09 20:24:19    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-09 20:24:19    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-09 20:24:19    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-09 20:24:11    578048    ----a-w-    C:\Windows\System32\aepdu.dll
2014-09-09 20:24:11    424448    ----a-w-    C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-09-24 05:30:12    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 05:30:12    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42:39    278152    ------w-    C:\Windows\System32\MpSigStub.exe
2014-09-17 04:51:20    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20    197408    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20    1538880    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2014-09-17 02:13:36    2193560    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-09-17 02:13:36    1291280    ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
2014-09-17 02:12:40    2799784    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-09-17 02:12:39    1715224    ----a-w-    C:\Windows\System32\nvspbridge64.dll
2014-09-04 21:28:22    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-09-04 19:58:55    175136    ----a-w-    C:\Windows\SysWow64\EasyAntiCheat.exe
2014-09-04 19:14:38    34976    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2014-08-29 23:11:55    50976    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-08-27 09:20:52    178800    ----a-w-    C:\Windows\SysWow64\CmdLineExt_x64.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-06 14:50:04    123672    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2014-07-25 06:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-22 20:41:00    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-07-22 01:03:12    244504    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-17 22:05:06    269008    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 22:05:06    125584    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH:  3:55:18.03 ===============
 

~~~~~And now ComboFix Log~~~~~~

 

ComboFix 14-10-04.01 - Computer 10/09/2014   3:26.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16333.13859 [GMT -4:00]
Running from: c:\users\Computer\Desktop\Combo-Fix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\HirezPipeError.txt
E:\install.exe
F:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-09 to 2014-10-09  )))))))))))))))))))))))))))))))
.
.
2014-10-09 07:32 . 2014-10-09 07:32    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-09 07:15 . 2014-10-09 07:23    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-09 02:36 . 2014-09-09 02:05    11578928    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD45DE09-B591-48C5-8B87-087C38DF0CA6}\mpengine.dll
2014-10-07 23:08 . 2014-09-09 02:05    11578928    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-01 23:42 . 2014-09-16 22:32    1188440    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED77B54F-1C10-44CE-9E3F-86EFB2A9F4CA}\gapaengine.dll
2014-09-30 23:03 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-30 23:03 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-27 02:20 . 2014-09-27 02:20    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-09-27 02:20 . 2014-09-27 02:20    --------    d-----r-    c:\program files (x86)\Skype
2014-09-25 07:25 . 2014-09-25 07:26    --------    d-----w-    c:\users\Computer\AppData\Roaming\Kalypso Media
2014-09-23 18:26 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-23 18:26 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-21 08:25 . 2014-09-22 02:36    --------    d-----w-    c:\users\Computer\AppData\Roaming\NVIDIA
2014-09-21 07:30 . 2014-09-21 07:30    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2014-09-21 07:29 . 2014-09-13 20:13    613696    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-09-21 07:29 . 2014-10-09 07:10    --------    d-----w-    c:\programdata\NVIDIA
2014-09-21 07:29 . 2014-09-13 21:53    6890696    ----a-w-    c:\windows\system32\nvcpl.dll
2014-09-21 07:29 . 2014-09-13 21:53    3529872    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-09-21 07:29 . 2014-09-13 21:53    934216    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-09-21 07:29 . 2014-09-13 21:53    62608    ----a-w-    c:\windows\system32\nvshext.dll
2014-09-21 07:29 . 2014-09-13 21:53    385168    ----a-w-    c:\windows\system32\nvmctray.dll
2014-09-21 07:29 . 2014-09-11 15:37    3961833    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-09-21 07:29 . 2014-09-13 23:48    73872    ----a-w-    c:\windows\system32\OpenCL.dll
2014-09-21 07:29 . 2014-09-13 23:48    60560    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-09-21 07:20 . 2014-09-04 19:14    38048    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2014-09-21 07:20 . 2014-09-04 19:14    32416    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2014-09-18 18:31 . 2014-09-18 18:47    --------    d-----w-    c:\programdata\HitmanPro
2014-09-18 18:20 . 2014-10-09 07:15    128728    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-18 18:20 . 2014-10-09 07:15    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-18 18:20 . 2014-09-18 18:20    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-18 18:20 . 2014-09-18 18:20    --------    d-----w-    c:\programdata\Malwarebytes
2014-09-18 18:20 . 2014-05-12 11:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-18 18:20 . 2014-05-12 11:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-18 18:17 . 2014-09-18 18:17    --------    d-----w-    c:\windows\ERUNT
2014-09-18 18:08 . 2014-10-09 07:08    --------    d-----w-    C:\AdwCleaner
2014-09-16 22:32 . 2014-09-16 22:32    1188440    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-12 09:43 . 2014-09-12 09:43    227728    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-09-10 07:01 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-10 07:01 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-09 20:24 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-09 20:24 . 2014-08-01 11:35    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-09-09 20:24 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-09 20:24 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-09-09 20:24 . 2014-07-07 02:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-09 20:24 . 2014-07-07 02:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-09 20:24 . 2014-07-07 01:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-09-09 20:24 . 2014-07-07 01:40    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-09-09 20:24 . 2014-07-07 01:39    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-09-09 20:24 . 2014-09-05 02:10    578048    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-09 20:24 . 2014-09-05 02:05    424448    ----a-w-    c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-09 05:29 . 2014-07-28 22:59    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-09-24 05:30 . 2014-07-28 23:44    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 05:30 . 2014-07-28 23:44    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42 . 2010-11-21 03:27    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-17 02:13 . 2014-07-28 22:45    1291280    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2014-09-17 02:13 . 2014-07-22 17:48    2193560    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-09-17 02:12 . 2014-07-22 17:48    2799784    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-09-17 02:12 . 2014-07-28 22:45    1715224    ----a-w-    c:\windows\system32\nvspbridge64.dll
2014-09-10 07:02 . 2014-07-22 20:21    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-09-04 21:28 . 2014-09-04 21:28    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-09-04 21:28 . 2014-09-04 21:28    319912    ----a-w-    c:\windows\system32\javaws.exe
2014-09-04 21:28 . 2014-09-04 21:28    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-09-04 21:28 . 2014-09-04 21:28    189352    ----a-w-    c:\windows\system32\java.exe
2014-09-04 19:58 . 2014-09-08 06:18    175136    ----a-w-    c:\windows\SysWow64\EasyAntiCheat.exe
2014-09-04 19:14 . 2014-07-22 17:46    34976    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2014-08-29 23:11 . 2014-08-29 23:12    50976    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-08-27 09:20 . 2014-08-27 09:20    178800    ----a-w-    c:\windows\SysWow64\CmdLineExt_x64.dll
2014-08-23 02:07 . 2014-08-28 05:14    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 05:14    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 05:14    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-08-19 03:46 . 2012-07-17 18:37    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-06 14:50 . 2014-08-06 14:50    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-07-25 06:35 . 2014-07-25 06:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-22 20:44 . 2014-07-22 20:44    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-07-22 20:44 . 2014-07-22 20:44    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-07-22 20:44 . 2014-07-22 20:44    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-07-22 20:44 . 2014-07-22 20:44    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-07-22 20:44 . 2014-07-22 20:44    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-07-22 20:44 . 2014-07-22 20:44    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-07-22 20:44 . 2014-07-22 20:44    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-07-22 20:44 . 2014-07-22 20:44    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-07-22 20:44 . 2014-07-22 20:44    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-07-22 20:44 . 2014-07-22 20:44    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-07-22 20:44 . 2014-07-22 20:44    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-07-22 20:44 . 2014-07-22 20:44    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-07-22 20:44 . 2014-07-22 20:44    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-07-22 20:44 . 2014-07-22 20:44    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-07-22 20:44 . 2014-07-22 20:44    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-07-22 20:44 . 2014-07-22 20:44    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-07-22 20:44 . 2014-07-22 20:44    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-07-22 20:44 . 2014-07-22 20:44    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-07-22 20:44 . 2014-07-22 20:44    413696    ----a-w-    c:\windows\system32\html.iec
2014-07-22 20:44 . 2014-07-22 20:44    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-07-22 20:44 . 2014-07-22 20:44    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-07-22 20:44 . 2014-07-22 20:44    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-07-22 20:44 . 2014-07-22 20:44    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-07-22 20:44 . 2014-07-22 20:44    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-07-22 20:44 . 2014-07-22 20:44    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-07-22 20:44 . 2014-07-22 20:44    235520    ----a-w-    c:\windows\system32\url.dll
2014-07-22 20:44 . 2014-07-22 20:44    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-07-22 20:44 . 2014-07-22 20:44    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-07-22 20:44 . 2014-07-22 20:44    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-07-22 20:44 . 2014-07-22 20:44    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-07-22 20:44 . 2014-07-22 20:44    147968    ----a-w-    c:\windows\system32\occache.dll
2014-07-22 20:44 . 2014-07-22 20:44    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-07-22 20:44 . 2014-07-22 20:44    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-07-22 20:44 . 2014-07-22 20:44    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-07-22 20:44 . 2014-07-22 20:44    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-07-22 20:44 . 2014-07-22 20:44    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-07-22 20:44 . 2014-07-22 20:44    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-07-22 20:44 . 2014-07-22 20:44    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-07-22 20:44 . 2014-07-22 20:44    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-07-22 20:44 . 2014-07-22 20:44    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-07-22 20:44 . 2014-07-22 20:44    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-07-22 20:41 . 2014-07-22 20:41    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-07-22 20:41 . 2014-07-22 20:41    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2014-07-22 20:41 . 2014-07-22 20:41    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-07-22 20:41 . 2014-07-22 20:41    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2014-07-22 20:41 . 2014-07-22 20:41    363008    ----a-w-    c:\windows\system32\dxgi.dll
2014-07-22 20:41 . 2014-07-22 20:41    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-07-22 20:41 . 2014-07-22 20:41    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2014-07-22 20:41 . 2014-07-22 20:41    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2014-07-22 20:41 . 2014-07-22 20:41    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-07-22 20:41 . 2014-07-22 20:41    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2014-07-22 20:41 . 2014-07-22 20:41    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-07-22 20:41 . 2014-07-22 20:41    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-07-22 20:41 . 2014-07-22 20:41    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2014-07-22 20:41 . 2014-07-22 20:41    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2014-07-22 20:41 . 2014-07-22 20:41    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-07-22 20:41 . 2014-07-22 20:41    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2014-07-22 20:41 . 2014-07-22 20:41    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-07-22 20:41 . 2014-07-22 20:41    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2014-07-22 20:41 . 2014-07-22 20:41    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2014-07-22 20:41 . 2014-07-22 20:41    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2013-08-16 711680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys;c:\windows\SYSNATIVE\Drivers\nvtcam.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 XSplit_Dummy;XSplit  Stream  Audio  Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-28 05:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-03-04 7543000]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-08-29 40576]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-09-17 2799784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\17efu6vs.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3528994937-3672221613-1771643317-1000\Software\SecuROM\License information*]
"datasecu"=hex:b5,92,e6,4f,a2,c5,4c,70,21,bf,82,42,de,a8,60,99,78,e6,39,0f,94,
   eb,6c,a8,08,e2,c2,00,f1,7f,86,f2,c1,6e,bc,0d,6a,08,c2,52,0d,d8,09,8a,2c,18,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-09  03:34:28
ComboFix-quarantined-files.txt  2014-10-09 07:34
.
Pre-Run: 643,239,628,800 bytes free
Post-Run: 644,942,176,256 bytes free
.
- - End Of File - - BE4A38D969A1D77AFE7561C1658962C3
A36C5E4F47E84449FF07ED3517B43A31


Additional Info - Log from SpyBot: Search and Destroy - This appears on every start up.  It is entirely consistent.  There is no option to deny.
10/9/2014 3:38:39 AM Allowed (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") deleted in Browser Helper Object!
10/9/2014 3:38:43 AM Allowed (based on user decision) value "{DBC80044-A445-435b-BC74-9C25C1C588A9}" (new data: "") deleted in Browser Helper Object!


Edited by NydusTemplar, 09 October 2014 - 06:26 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 12 October 2014 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 NydusTemplar

NydusTemplar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 15 October 2014 - 01:48 AM

Alright, as instructed, I'll paste the desired logs.  Sorry for the slow reply.  As for your question, the computer has been running mostly fine, no redirects and the constant pop up of 'Browser Object Deletion' entry has not occured since.  Its a little slower than I'd like, but that could be a lot of things not related to this problem.  When using Adwcleaner, it didn't seem to find anything, so I didn't click 'Fix'.  I did look thru all the options, but there was nothing listed.

 

=====Adwclear Report=====

 

# AdwCleaner v4.000 - Report created 15/10/2014 at 02:34:24
# Updated 12/10/2014 by Xplode
# Database : 2014-10-15.7
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Computer - REDACTED-PC
# Running from : C:\Users\Computer\Desktop\Pongo\audi4.000.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [4595 octets] - [18/09/2014 14:13:13]
AdwCleaner[R1].txt - [946 octets] - [09/10/2014 03:07:09]
AdwCleaner[R2].txt - [740 octets] - [15/10/2014 02:34:24]
AdwCleaner[S0].txt - [4650 octets] - [18/09/2014 14:14:16]
AdwCleaner[S1].txt - [1006 octets] - [09/10/2014 03:08:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [919 octets] ##########

 

 

=====FRST Report=====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Computer (administrator) on REDACTED-PC on 15-10-2014 02:36:57
Running from C:\Users\Computer\Desktop\Pongo
Loaded Profile: Computer (Available profiles: Computer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Users\Computer\Desktop\Anti-Malware\8675309.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-3528994937-3672221613-1771643317-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3528994937-3672221613-1771643317-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {ACD6EC0E-F840-4265-A231-DEDDDC3BE85A} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\17efu6vs.default
FF Homepage: about:blank
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\17efu6vs.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: EPUBReader - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\17efu6vs.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-22]
FF Extension: NoScript - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\17efu6vs.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-28]
FF Extension: Adblock Plus - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\17efu6vs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-28]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-04] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-29] (AVG Technologies)
R3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2746624 2010-07-14] (Hewlett-Packard)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 catchme; \??\C:\Combo-Fix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 02:36 - 2014-10-15 02:36 - 00000000 ____D () C:\FRST
2014-10-14 16:27 - 2014-10-14 16:27 - 00000222 _____ () C:\Users\Computer\Desktop\Borderlands The Pre-Sequel.url
2014-10-12 01:10 - 2014-10-12 01:10 - 00197220 _____ () C:\Users\Computer\Desktop\ICReactorPlannerV3.jar
2014-10-09 06:45 - 2014-10-09 06:45 - 1355719074 _____ () C:\Windows\MEMORY.DMP
2014-10-09 06:45 - 2014-10-09 06:45 - 00731168 _____ () C:\Windows\Minidump\100914-27112-01.dmp
2014-10-09 06:45 - 2014-10-09 06:45 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 03:34 - 2014-10-09 03:34 - 00029941 _____ () C:\ComboFix.txt
2014-10-09 03:25 - 2014-10-09 03:34 - 00000000 ____D () C:\Qoobox
2014-10-09 03:25 - 2014-10-09 03:33 - 00000000 ____D () C:\Windows\erdnt
2014-10-09 03:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-09 03:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-09 03:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-09 03:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-09 03:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-09 03:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-09 03:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-09 03:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-09 03:15 - 2014-10-09 03:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-09 03:14 - 2014-10-09 03:14 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Computer\Downloads\mbar-1.07.0.1012.exe
2014-09-30 19:03 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 19:03 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 22:20 - 2014-09-26 22:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-26 22:20 - 2014-09-26 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-25 03:25 - 2014-09-25 03:26 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Kalypso Media
2014-09-24 15:26 - 2014-09-24 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 16:26 - 2014-09-23 16:26 - 00000221 _____ () C:\Users\Computer\Desktop\Borderlands 2.url
2014-09-23 14:26 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 14:26 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 04:25 - 2014-09-21 22:36 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\NVIDIA
2014-09-21 03:30 - 2014-09-21 03:30 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-21 03:29 - 2014-10-14 15:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-21 03:29 - 2014-09-13 19:48 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-21 03:29 - 2014-09-13 19:48 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-21 03:29 - 2014-09-13 17:53 - 06890696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-09-21 03:29 - 2014-09-13 17:53 - 03529872 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-09-21 03:29 - 2014-09-13 17:53 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-09-21 03:29 - 2014-09-13 17:53 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-09-21 03:29 - 2014-09-13 17:53 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-09-21 03:29 - 2014-09-13 16:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-09-21 03:29 - 2014-09-11 11:37 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin
2014-09-21 03:28 - 2014-09-17 00:51 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-09-21 03:28 - 2014-09-17 00:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-09-21 03:28 - 2014-09-17 00:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-21 03:28 - 2014-09-13 19:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-09-21 03:28 - 2014-09-13 19:48 - 00026956 _____ () C:\Windows\system32\nvinfo.pb
2014-09-21 03:20 - 2014-09-04 15:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-21 03:20 - 2014-09-04 15:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-09-18 14:48 - 2014-10-15 02:36 - 00000000 ____D () C:\Users\Computer\Desktop\Pongo
2014-09-18 14:31 - 2014-09-18 14:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-18 14:20 - 2014-10-09 03:15 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 14:20 - 2014-10-09 03:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 14:20 - 2014-09-18 14:20 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 14:20 - 2014-09-18 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 14:20 - 2014-09-18 14:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 14:20 - 2014-09-18 14:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 14:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 14:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-18 14:17 - 2014-09-18 14:17 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 14:08 - 2014-10-15 02:35 - 00000000 ____D () C:\AdwCleaner
2014-09-17 03:48 - 2014-09-17 03:48 - 00000222 _____ () C:\Users\Computer\Desktop\Disciples III Resurrection.url
2014-09-17 03:43 - 2014-09-17 03:43 - 00000221 _____ () C:\Users\Computer\Desktop\Disciples III Renaissance.url
2014-09-17 03:42 - 2014-09-17 03:42 - 00000221 _____ () C:\Users\Computer\Desktop\Disciples III Reincarnation.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 02:33 - 2014-07-28 19:48 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Skype
2014-10-15 02:30 - 2014-09-10 18:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-15 00:49 - 2014-07-28 21:15 - 00000000 ____D () C:\Users\Computer\AppData\Local\Warframe
2014-10-15 00:46 - 2014-07-28 18:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-15 00:39 - 2014-07-23 04:01 - 01668109 _____ () C:\Windows\WindowsUpdate.log
2014-10-14 18:15 - 2014-07-28 19:40 - 00000000 ____D () C:\Users\Computer\Documents\my games
2014-10-14 17:22 - 2014-07-29 03:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-14 16:34 - 2014-07-29 23:01 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\.minecraft
2014-10-14 15:40 - 2009-07-14 00:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 15:40 - 2009-07-14 00:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 15:35 - 2014-07-22 13:51 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2014-10-14 15:33 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 15:33 - 2009-07-14 00:51 - 00055364 _____ () C:\Windows\setupact.log
2014-10-12 01:02 - 2014-07-28 19:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-11 19:25 - 2014-09-02 22:12 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\.minecraft-pixelmon-plus
2014-10-09 03:37 - 2010-11-20 23:47 - 00107512 _____ () C:\Windows\PFRO.log
2014-10-09 03:32 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-06 01:57 - 2014-07-28 07:56 - 00000000 ____D () C:\Users\Computer\Documents\Codex
2014-10-01 19:31 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-29 18:30 - 2009-07-14 01:08 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 22:20 - 2014-07-28 19:48 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-26 22:20 - 2014-07-28 19:43 - 00000000 ____D () C:\ProgramData\Skype
2014-09-25 21:21 - 2014-07-28 18:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 15:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-24 01:30 - 2014-09-10 18:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 01:30 - 2014-07-28 19:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 01:30 - 2014-07-28 19:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 03:30 - 2014-07-22 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-21 03:30 - 2014-07-22 13:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-21 03:29 - 2014-07-22 13:46 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-21 03:29 - 2014-07-22 13:46 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-21 03:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2014-09-18 13:59 - 2014-07-29 03:05 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\BitTorrent
2014-09-17 03:13 - 2014-08-25 20:14 - 00001585 _____ () C:\Users\Computer\Documents\TombRaider.log
2014-09-16 22:13 - 2014-07-28 18:45 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-09-16 22:13 - 2014-07-22 13:48 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-09-16 22:12 - 2014-07-28 18:45 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-09-16 22:12 - 2014-07-22 13:48 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-09-16 18:23 - 2014-07-30 03:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 03:30 - 2014-08-27 16:59 - 00000000 ____D () C:\Users\Computer\AppData\Local\PAYDAY 2

Some content of TEMP:
====================
C:\Users\Computer\AppData\Local\Temp\Quarantine.exe
C:\Users\Computer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-07 00:48

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 17 October 2014 - 09:44 AM

Sorry for this delay I had a technical problem.

Uninstall Combofix.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

This process is associated with this tool and should not be running.

C:\Users\Computer\Desktop\Anti-Malware\8675309.exe

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\17efu6vs.default\searchplugins\yahoo_ff.xml
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]
S3 catchme; \??\C:\Combo-Fix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 NydusTemplar

NydusTemplar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 17 October 2014 - 03:43 PM

Hmm, before I proceed with your instructions, I'd like to point out that file you referenced is actually Farbar Recovery Scan Tool.  I had renamed it at downloading to avoid any malicious programs from recognizing the file and blocking it.  The '8675309' is a song title, which is an injoke so I knew it was mine.  Additionally, I don't seem to have Combofix still installed.  I may have deleted it from the Anti-Malware folder on the desktop, which I also renamed to something else.  (Pongo, for reference.)  Now, I didn't actually uninstall it, just probably flat out deleted the programs in there.

 

If this has no effect on your instructions, I'll proceed, but I wanted to make sure you knew that's what I had done.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 18 October 2014 - 08:58 AM

Create the fixlist.txt and follow my instructions to fix it.
Post the log.

Run the SecurityCheck tool and include the log also.

#7 NydusTemplar

NydusTemplar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 20 October 2014 - 10:27 PM

As requested.

 

===Log 1===

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014 01
Ran by Computer at 2014-10-20 23:04:10 Run:1
Running from C:\Users\Computer\Desktop\Pongo
Loaded Profile: Computer (Available profiles: Computer)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\17efu6vs.default\searchplugins\yahoo_ff.xml
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]
S3 catchme; \??\C:\Combo-Fix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

End
*****************

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.
C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\17efu6vs.default\searchplugins\yahoo_ff.xml => Moved successfully.
ADExchange => Service deleted successfully.
vToolbarUpdater3.2.0 => Service deleted successfully.
catchme => Service deleted successfully.
cpuz136 => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.

==== End of Fixlog ====

 

 

==Log 2===

 

 

Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials     
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 AVG Web TuneUp   
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 21 October 2014 - 09:35 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 NydusTemplar

NydusTemplar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 21 October 2014 - 09:21 PM

Haven't had any redirect issues and those messages aren't showing up.  If I have any further problems, I'll start a new thread.  Thank you.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 22 October 2014 - 10:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users