Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cmd prompt pop ups/slowdowns


  • Please log in to reply
5 replies to this topic

#1 Domo0987

Domo0987

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 27 December 2014 - 12:53 PM

Hello and happy holidays,

I'm currently using a gateway PC running windows 8.1
A few days ago I kept hearing advertisments playing in the background when I turned on my computer.
I ran kaspersky and malwarebytes and both found a combination of adware and Trojans and thought my problem have been resolved.

Now, when I turn on my PC before I log in I see cmd prompt windows pop up in the background and disappear. Also, when I go on YouTube and try to watch videos its runs choppy. I find that suspicious since own a 2 yr old tablet and it play YouTube videos lag free.

Any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 PM

Posted 01 January 2015 - 09:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Domo0987

Domo0987
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 01 January 2015 - 10:29 PM

# AdwCleaner v4.106 - Report created 01/01/2015 at 22:05:05
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Domafe10 - DOMFEN
# Running from : C:\Users\Domafe10\Downloads\Programs\AdwCleaner_2.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [5588 octets] - [21/12/2014 13:00:55]
AdwCleaner[R1].txt - [900 octets] - [25/12/2014 22:24:35]
AdwCleaner[R2].txt - [762 octets] - [01/01/2015 22:05:05]
AdwCleaner[S0].txt - [5603 octets] - [21/12/2014 13:02:18]
AdwCleaner[S1].txt - [960 octets] - [25/12/2014 22:26:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [940 octets] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Domafe10 (administrator) on DOMFEN on 01-01-2015 22:24:20
Running from C:\Users\Domafe10\Downloads\Programs
Loaded Profile: Domafe10 (Available profiles: Domafe10)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Domafe10\AppData\Local\Google\Update\GoogleUpdate.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
() C:\Users\Domafe10\AppData\Roaming\OAS\oas.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\Domafe10\AppData\Roaming\OAS\mcc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Awesomium Technologies) C:\Users\Domafe10\AppData\Roaming\OAS\oas-module
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\wmi64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Awesomium Technologies) C:\Users\Domafe10\AppData\Roaming\OAS\oas-module
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Awesomium Technologies) C:\Users\Domafe10\AppData\Roaming\OAS\oas-module
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-15] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2012-11-09] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508144 2013-11-14] (QFX Software Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-11-26] ()
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\Run: [Google Update] => C:\Users\Domafe10\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-10] (Google Inc.)
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3878480 2014-08-20] (Tonec Inc.)
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\Run: [Online Ad Scanner] => C:\Users\Domafe10\AppData\Roaming\OAS\oasupd.exe [28672 2014-12-01] ()
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\Run: [GoogleChromeAutoLaunch_9D70CA81DB88A63597D93BFAD2202108] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\MountPoints2: {70efd4bb-b44a-11e3-be7c-a4db30efc4c3} - "E:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Remote.lnk
ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
Startup: C:\Users\Domafe10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
 
FireFox:
========
FF ProfilePath: C:\Users\Domafe10\AppData\Roaming\Mozilla\Firefox\Profiles\wh2md49d.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-344031787-2504616304-2526879271-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Domafe10\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-344031787-2504616304-2526879271-1001: @talk.google.com/O1DPlugin -> C:\Users\Domafe10\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-344031787-2504616304-2526879271-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Domafe10\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-344031787-2504616304-2526879271-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Domafe10\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-344031787-2504616304-2526879271-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Domafe10\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Domafe10\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Flash Video Downloader - Full HD Download (4K) - C:\Users\Domafe10\AppData\Roaming\Mozilla\Firefox\Profiles\wh2md49d.default\Extensions\artur.dubovoy@gmail.com [2014-11-23]
FF Extension: Snap.Do  - C:\Users\Domafe10\AppData\Roaming\Mozilla\Firefox\Profiles\wh2md49d.default\Extensions\{e9d860ca-7842-0951-eb26-3f907aebacdc} [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-26]
FF HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Domafe10\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Domafe10\AppData\Roaming\IDM\idmmzcc5 [2014-09-07]
FF HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Domafe10\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-07]
CHR Extension: (Google Drive) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (YouTube) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-07]
CHR Extension: (Google Search) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-07]
CHR Extension: (Kaspersky Protection) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-26]
CHR Extension: (EditThisCookie) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-08-14]
CHR Extension: (Hangouts) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-10]
CHR Extension: (Google Wallet) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR Extension: (Gmail) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-07]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [231040 2012-11-09] (Qualcomm Atheros Commnucations)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-08] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468240 2013-04-23] (Intel Corporation)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-12-26] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [799944 2014-12-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2014-12-26] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2014-12-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 22:23 - 2015-01-01 22:24 - 00000000 ____D () C:\FRST
2015-01-01 22:20 - 2015-01-01 22:20 - 00001019 _____ () C:\Users\Domafe10\Desktop\ddd.txt
2014-12-26 08:24 - 2014-12-26 08:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-26 00:53 - 2014-12-26 00:53 - 00002106 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-12-26 00:53 - 2014-12-26 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2014-12-26 00:53 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2014-12-26 00:52 - 2015-01-01 22:21 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-26 00:52 - 2014-12-26 00:52 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-26 00:52 - 2014-08-12 18:32 - 00247480 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2014-12-26 00:30 - 2014-10-30 06:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-25 21:50 - 2014-12-25 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-25 20:56 - 2014-12-25 22:20 - 00000000 ____D () C:\Users\Domafe10\AppData\Roaming\Itsuoniv
2014-12-25 20:55 - 2014-12-25 20:56 - 00000000 ____D () C:\ProgramData\mswwsd
2014-12-25 20:53 - 2014-12-26 12:33 - 00000000 ____D () C:\Users\Domafe10\AppData\Roaming\Local Store
2014-12-25 20:51 - 2014-12-26 07:32 - 00000000 ____D () C:\ProgramData\HubziJyahe
2014-12-21 13:32 - 2014-12-21 13:32 - 00013098 _____ () C:\Users\Domafe10\Downloads\[BakaBT.179233v0] Hoshi no Ponko to Toufuya Reiko.torrent
2014-12-21 13:00 - 2015-01-01 22:21 - 00000000 ____D () C:\AdwCleaner
2014-12-19 23:38 - 2014-12-19 13:59 - 498866786 ____N () C:\Users\Domafe10\Desktop\Gone.Girl.2014.1080p.WEB-DL.DD5.1.H264-RARBG.mkv
2014-12-19 14:10 - 2014-12-19 14:10 - 00015166 _____ () C:\Users\Domafe10\Downloads\[BakaBT.178613v0] Steins_Gate Visual Works 2.torrent
2014-12-19 03:00 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 03:00 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-12 14:31 - 2014-12-12 14:31 - 00000000 ____D () C:\NVIDIA Corporation
2014-12-11 18:12 - 2014-12-11 18:12 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 16:57 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 16:57 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 16:57 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 16:57 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 16:47 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 16:47 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 16:47 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 16:47 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 16:47 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 16:47 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 16:47 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 16:47 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 16:47 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 16:47 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 16:47 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 16:47 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 16:47 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 16:47 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 16:47 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 16:47 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 16:47 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 16:47 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 16:47 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 16:47 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 16:47 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 16:47 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 16:47 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 16:47 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 16:47 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 16:47 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 16:47 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 16:47 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 16:47 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 16:47 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 16:47 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 16:47 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 16:47 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 16:47 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 16:47 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 16:47 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 16:47 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 16:47 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 16:47 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 16:47 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 16:47 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 16:47 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 16:47 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 16:47 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 16:47 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 16:47 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 16:47 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 16:47 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 16:47 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 16:47 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 16:47 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 16:47 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 16:47 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 16:47 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 15:59 - 2014-12-09 16:13 - 00000000 ____D () C:\Users\Domafe10\AppData\Local\8423
2014-12-09 15:59 - 2014-12-09 15:59 - 00003510 _____ () C:\WINDOWS\System32\Tasks\BBQLeads
2014-12-09 15:57 - 2014-12-09 15:57 - 00000000 ____D () C:\Users\Domafe10\AppData\Roaming\network
2014-12-09 15:55 - 2015-01-01 22:22 - 00000000 ____D () C:\Users\Domafe10\AppData\Roaming\OAS
2014-12-09 15:55 - 2014-12-09 15:55 - 00012719 _____ () C:\ProgramData\ucxrypwh.kkh
2014-12-09 10:30 - 2014-12-09 10:30 - 00033728 _____ () C:\Users\Domafe10\Downloads\[BakaBT.178305v0] KILL la KILL Cels (1).torrent
2014-12-09 10:28 - 2014-12-09 10:28 - 00033728 _____ () C:\Users\Domafe10\Downloads\[BakaBT.178305v0] KILL la KILL Cels.torrent
2014-12-05 22:51 - 2014-12-05 22:51 - 00000000 ____D () C:\Users\Domafe10\Desktop\dividead
2014-12-05 22:51 - 2014-12-04 23:51 - 384906328 ____N () C:\Users\Domafe10\Desktop\dividead.rar
2014-12-02 10:56 - 2014-12-02 10:56 - 00000000 ____D () C:\Users\Domafe10\AppData\Local\Criterion Games
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 22:21 - 2014-09-04 15:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-01 22:21 - 2014-04-01 02:50 - 01651379 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-01 22:21 - 2014-03-07 23:22 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 22:21 - 2013-11-14 02:20 - 00945400 _____ () C:\WINDOWS\PFRO.log
2015-01-01 22:21 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-01 22:21 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-01 22:18 - 2014-04-02 22:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-01 22:10 - 2014-06-25 20:10 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 22:05 - 2014-02-28 20:27 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-344031787-2504616304-2526879271-1001
2015-01-01 22:02 - 2014-04-04 17:47 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE2DCE95-B6B6-435C-9F1E-2F7F792E5854}
2015-01-01 22:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-01 22:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-27 12:50 - 2014-03-10 19:46 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-344031787-2504616304-2526879271-1001Core.job
2014-12-27 12:32 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-27 12:24 - 2014-11-15 12:48 - 00000000 ____D () C:\Users\Domafe10\AppData\Roaming\tixati
2014-12-27 12:24 - 2014-09-07 10:49 - 00000000 ____D () C:\Users\Domafe10\AppData\Roaming\DMCache
2014-12-27 12:06 - 2014-06-25 20:07 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-27 00:36 - 2014-09-22 13:58 - 00000000 ____D () C:\Users\Domafe10\Powersaves3DS
2014-12-26 13:01 - 2014-09-04 15:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-26 11:58 - 2014-09-07 11:08 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-12-26 11:58 - 2014-09-07 11:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-26 11:53 - 2014-09-07 11:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-26 00:57 - 2014-08-20 18:04 - 00799944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-12-26 00:57 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2014-12-26 00:57 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwtp.sys
2014-12-26 00:57 - 2014-07-25 13:13 - 00068616 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2014-12-26 00:53 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-26 00:52 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-12-26 00:52 - 2012-07-26 00:37 - 00000000 ____D () C:\Users\Default.migrated
2014-12-26 00:31 - 2013-05-15 04:44 - 00000000 ____D () C:\ProgramData\Norton
2014-12-25 22:19 - 2014-04-01 02:43 - 00000000 ____D () C:\Users\Domafe10
2014-12-25 22:18 - 2014-02-28 23:06 - 00000000 ____D () C:\Users\Domafe10\AppData\Local\Adobe
2014-12-25 21:14 - 2014-02-28 20:14 - 00000000 ____D () C:\Users\Domafe10\AppData\Local\Cyberlink
2014-12-19 23:41 - 2014-03-15 01:13 - 00000000 ____D () C:\The KMPlayer
2014-12-19 04:37 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-18 23:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-12-17 20:47 - 2014-09-30 22:13 - 00000000 ____D () C:\Program Files (x86)\Naruto Shippuden Ultimate Ninja Storm Revolution
2014-12-16 01:09 - 2013-11-26 09:20 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-12 14:31 - 2014-09-04 15:07 - 00000000 ____D () C:\NVIDIA
2014-12-12 04:24 - 2014-03-07 23:26 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 18:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-11 18:12 - 2014-07-25 04:26 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-11 18:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 21:03 - 2014-03-07 21:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 21:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 21:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 21:01 - 2014-03-07 21:32 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 19:38 - 2014-03-10 18:23 - 00000000 ____D () C:\Users\Domafe10\Desktop\Please Read
2014-12-09 16:43 - 2014-09-07 10:49 - 00000000 ____D () C:\Users\Domafe10\Downloads\Compressed
2014-12-09 16:15 - 2013-11-26 09:22 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-09 16:14 - 2013-11-26 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-09 16:03 - 2014-06-25 20:07 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-09 16:03 - 2014-06-25 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-09 16:03 - 2014-06-25 20:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-09 13:18 - 2014-04-02 22:11 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-05 22:49 - 2013-08-22 09:46 - 00311704 _____ () C:\WINDOWS\setupact.log
2014-12-02 10:56 - 2014-03-31 17:57 - 00162554 _____ () C:\WINDOWS\DirectX.log
 
Some content of TEMP:
====================
C:\Users\Domafe10\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\Domafe10\AppData\Local\Temp\Cerber_tmp.exe
C:\Users\Domafe10\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Domafe10\AppData\Local\Temp\idman621build5f.exe
C:\Users\Domafe10\AppData\Local\Temp\oi_{CC9D9436-E25B-4AFB-9AAD-6D58F2FDEA96}.exe
C:\Users\Domafe10\AppData\Local\Temp\Quarantine.exe
C:\Users\Domafe10\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-27 12:37
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Domafe10 at 2015-01-01 22:25:12
Running from C:\Users\Domafe10\Downloads\Programs
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.)
Action Replay PowerSaves 3DS version 1.21 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.21 - Datel Design & Development)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Autodesk SketchBook Pro 6.2 (HKLM-x32\...\{8CC702A8-BA3E-4C1A-BA76-08A102012B58}) (Version: 6.20.0000 - Autodesk)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belkin N600 DB USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.2 - Belkin International, Inc.)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dungeon Fighter Online (HKLM-x32\...\DFO) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fallout (HKLM-x32\...\Steam App 38400) (Version:  - Interplay Inc.)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3004 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\Steam App 242700) (Version:  - NetherRealm Studios)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.3.0.0 - QFX Software Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3007 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.2 - Smith Micro)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM-x32\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA 3D Vision Controller Driver 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.17 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.17 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.17 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.29.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
OAS (HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\Online Ad Scanner) (Version: 1.00 - OAS Corp)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.31 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Snap.Do (HKLM-x32\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\{5a341083-1b63-4ff6-a096-c6e28c20debe}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version:  - Devil's Details)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.8.0.120 - PandoraTV)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-6 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-344031787-2504616304-2526879271-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-344031787-2504616304-2526879271-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Domafe10\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-344031787-2504616304-2526879271-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Domafe10\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-344031787-2504616304-2526879271-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Domafe10\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-344031787-2504616304-2526879271-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Domafe10\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-344031787-2504616304-2526879271-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Domafe10\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-344031787-2504616304-2526879271-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Domafe10\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
09-12-2014 16:14:36 Configured clear.fi SDK - Video
16-12-2014 17:53:18 Scheduled Checkpoint
23-12-2014 23:14:20 Scheduled Checkpoint
25-12-2014 22:17:39 Malwarebytes Anti-Rootkit Restore Point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {015BEC5A-45D5-4241-BB93-7743AE570C7D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {14B5E596-9259-497D-8D16-2721AA52F781} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-09-20] (Acer Incorporated)
Task: {2AAF920D-5E47-4C5E-9D2B-915DB77C678A} - System32\Tasks\{AD4FB7C6-31A0-42E7-981C-0E7123F98BB9} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe" -c -runfromtemp -l0x0409
Task: {2BEAFD24-8F8D-4A88-83AD-24F236F8FB9F} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {38166275-A1F3-412A-ADBF-C835E0D498F0} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {485E2497-AB77-4D32-BFD2-5311CF00B0C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.)
Task: {4FEDBAE7-3E3B-4067-B1A6-8B32117917CE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {55E38DA2-6CD1-40EB-B315-B6AC79B9C50F} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-01-22] ()
Task: {6BFBCCD8-1334-4AC0-ACF9-442516FC86AC} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
Task: {72E6501A-FC4C-4639-B42F-8FCA8C4263F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-344031787-2504616304-2526879271-1001Core => C:\Users\Domafe10\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-10] (Google Inc.)
Task: {94419371-B7A4-4D78-97CD-0D938EB0F084} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-344031787-2504616304-2526879271-1001UA => C:\Users\Domafe10\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-10] (Google Inc.)
Task: {A0A11642-F9F0-488E-B2FA-3ABC9EFBF260} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {DB32C92A-C726-4F19-8CB6-9E7571CAB503} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-344031787-2504616304-2526879271-1001Core.job => C:\Users\Domafe10\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-344031787-2504616304-2526879271-1001UA.job => C:\Users\Domafe10\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-04 15:09 - 2013-12-17 16:37 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-26 09:23 - 2013-03-21 21:40 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-03-21 17:07 - 2013-12-04 11:35 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-11-26 09:11 - 2013-11-26 09:11 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
2008-02-22 19:13 - 2008-02-22 19:13 - 02506752 _____ () C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
2014-12-01 01:33 - 2014-12-01 01:33 - 00177664 _____ () C:\Users\Domafe10\AppData\Roaming\oas\oas.exe
2014-09-23 02:09 - 2014-09-23 02:09 - 00007168 _____ () C:\Users\Domafe10\AppData\Roaming\oas\mcc.exe
2014-12-16 16:16 - 2014-12-16 16:16 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\kpcengine.2.3.dll
2014-12-12 04:24 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 04:24 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 04:24 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 04:24 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-03-28 15:59 - 2014-03-28 15:59 - 01100784 _____ () C:\Users\Domafe10\AppData\Roaming\oas\avcodec-53.dll
2014-03-28 15:59 - 2014-03-28 15:59 - 00124400 _____ () C:\Users\Domafe10\AppData\Roaming\oas\avutil-51.dll
2014-03-28 15:59 - 2014-03-28 15:59 - 00191984 _____ () C:\Users\Domafe10\AppData\Roaming\oas\avformat-53.dll
2013-11-26 09:01 - 2013-03-12 00:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-07-08 11:31 - 2014-07-08 11:31 - 17029808 _____ () C:\Users\Domafe10\AppData\Roaming\oas\plugins\NPSWF32_14_0_0_145.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Acer Remote.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\StartupApproved\StartupFolder: => "MagicDisc.lnk"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-344031787-2504616304-2526879271-500 - Administrator - Disabled)
Domafe10 (S-1-5-21-344031787-2504616304-2526879271-1001 - Administrator - Enabled) => C:\Users\Domafe10
Guest (S-1-5-21-344031787-2504616304-2526879271-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/01/2015 10:22:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (01/01/2015 10:22:36 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (01/01/2015 10:22:36 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (01/01/2015 10:22:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
 
Error: (01/01/2015 10:22:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
Error: (01/01/2015 10:22:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
 
Error: (01/01/2015 10:22:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
Error: (01/01/2015 10:19:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (01/01/2015 10:19:05 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (01/01/2015 10:19:05 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
 
System errors:
=============
Error: (01/01/2015 10:21:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (12/27/2014 05:40:10 AM) (Source: DCOM) (EventID: 10010) (User: domFen)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/27/2014 05:39:40 AM) (Source: DCOM) (EventID: 10010) (User: domFen)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/26/2014 03:41:32 PM) (Source: DCOM) (EventID: 10010) (User: domFen)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (12/26/2014 03:41:32 PM) (Source: DCOM) (EventID: 10010) (User: domFen)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (12/26/2014 03:41:32 PM) (Source: DCOM) (EventID: 10010) (User: domFen)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (12/26/2014 03:41:32 PM) (Source: DCOM) (EventID: 10010) (User: domFen)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (12/26/2014 03:41:32 PM) (Source: DCOM) (EventID: 10010) (User: domFen)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (12/26/2014 01:43:56 PM) (Source: DCOM) (EventID: 10010) (User: domFen)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/26/2014 01:43:26 PM) (Source: DCOM) (EventID: 10010) (User: domFen)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
Microsoft Office Sessions:
=========================
Error: (01/01/2015 10:22:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (01/01/2015 10:22:36 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (01/01/2015 10:22:36 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (01/01/2015 10:22:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
 
Error: (01/01/2015 10:22:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
Error: (01/01/2015 10:22:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
 
Error: (01/01/2015 10:22:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
Error: (01/01/2015 10:19:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (01/01/2015 10:19:05 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (01/01/2015 10:19:05 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 21%
Total physical RAM: 8116.6 MB
Available physical RAM: 6401.59 MB
Total Pagefile: 23988.6 MB
Available Pagefile: 21850.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:913.67 GB) (Free:615.25 GB) NTFS
Drive d: (Spanish Phrasebo) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 90EBE313)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 PM

Posted 02 January 2015 - 09:50 AM

Snap.Do (HKLM-x32\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\{5a341083-1b63-4ff6-a096-c6e28c20debe}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Extension: Snap.Do  - C:\Users\Domafe10\AppData\Roaming\Mozilla\Firefox\Profiles\wh2md49d.default\Extensions\{e9d860ca-7842-0951-eb26-3f907aebacdc} [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
C:\Users\Domafe10\AppData\Roaming\Mozilla\Firefox\Profiles\wh2md49d.default\Extensions\{e9d860ca-7842-0951-eb26-3f907aebacdc}
C:\Users\Domafe10\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\Domafe10\AppData\Local\Temp\Cerber_tmp.exe
C:\Users\Domafe10\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Domafe10\AppData\Local\Temp\idman621build5f.exe
C:\Users\Domafe10\AppData\Local\Temp\oi_{CC9D9436-E25B-4AFB-9AAD-6D58F2FDEA96}.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 Domo0987

Domo0987
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 02 January 2015 - 12:46 PM

RunDLL
There was a problem starting
C:\Users\Domafe10\AppData\Roaming\BtvStack.dll
 
Other than that its seems to run fine.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2015
Ran by Domafe10 at 2015-01-02 12:20:03 Run:1
Running from C:\Users\Domafe10\Downloads\Programs
Loaded Profile: Domafe10 (Available profiles: Domafe10)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Extension: Snap.Do  - C:\Users\Domafe10\AppData\Roaming\Mozilla\Firefox\Profiles\wh2md49d.default\Extensions\{e9d860ca-7842-0951-eb26-3f907aebacdc} [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
C:\Users\Domafe10\AppData\Roaming\Mozilla\Firefox\Profiles\wh2md49d.default\Extensions\{e9d860ca-7842-0951-eb26-3f907aebacdc}
C:\Users\Domafe10\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\Domafe10\AppData\Local\Temp\Cerber_tmp.exe
C:\Users\Domafe10\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Domafe10\AppData\Local\Temp\idman621build5f.exe
C:\Users\Domafe10\AppData\Local\Temp\oi_{CC9D9436-E25B-4AFB-9AAD-6D58F2FDEA96}.exe
 
End
*****************
 
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension" => Key deleted successfully.
"HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" => Key deleted successfully.
"HKU\S-1-5-21-344031787-2504616304-2526879271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
C:\Users\Domafe10\AppData\Roaming\Mozilla\Firefox\Profiles\wh2md49d.default\Extensions\{e9d860ca-7842-0951-eb26-3f907aebacdc} => Moved successfully.
C:\Users\Domafe10\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
EagleX64 => Service deleted successfully.
klkbdflt2 => Error deleting Service
"C:\Users\Domafe10\AppData\Roaming\Mozilla\Firefox\Profiles\wh2md49d.default\Extensions\{e9d860ca-7842-0951-eb26-3f907aebacdc}" => File/Directory not found.
C:\Users\Domafe10\AppData\Local\Temp\AVGTBInstall.exe => Moved successfully.
C:\Users\Domafe10\AppData\Local\Temp\Cerber_tmp.exe => Moved successfully.
C:\Users\Domafe10\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Domafe10\AppData\Local\Temp\idman621build5f.exe => Moved successfully.
C:\Users\Domafe10\AppData\Local\Temp\oi_{CC9D9436-E25B-4AFB-9AAD-6D58F2FDEA96}.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:20:06 ====
 
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Anti-Virus   
Windows Defender       
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player  15.0.0.246 Flash Player out of Date!  
 Mozilla Firefox 33.1.1 Firefox out of Date!  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Anti-Virus 15.0.1 avp.exe  
 Kaspersky Lab Kaspersky Anti-Virus 15.0.1 avpui.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 PM

Posted 03 January 2015 - 08:47 AM

RunDLL
There was a problem starting
C:\Users\Domafe10\AppData\Roaming\BtvStack.dll


The file is required by the Qualcomm Atheros - Bluetooth Suite

Started when you start the computer.
HKU\S-1-5-21-344031787-2504616304-2526879271-1001\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register

Reinstall the application and see if the problem persists or not.
===


The latest version of Java 7 Update 71 is for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can delete the Java 7 using the Add/Remove programs Applet.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

How is the computer running now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users