Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoLocker v5 removal request


  • This topic is locked This topic is locked
28 replies to this topic

#1 Kotu

Kotu

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 January 2015 - 03:46 PM

Hi All,

 

My system is burdened by this malware which did a lot of damage. Fortunately, I managed to recover the majority of files using Fabian's decrypter.

 

Now, I want it to be gone for good, along with any other malware, if possible.

 

NOTE: I have terminated the CryptoLocker process through task manager : "wincl.exe *32" hence it may not reflect in the pasted report below.

Additionally, I have Malware bytes Anti-Malware (Premium), however it never gave any notification about CryptoLocker working in background, really disappointed in that software..

 

Thank you for your assistance in advance!

 

==============================================================================================================================================================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.55.2
Run by Alienware at 22:33:19 on 2015-01-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16334.11709 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Neto\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Neto\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Neto\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Neto\Adobe\Adobe Premiere Pro CC\32\dynamiclinkmanager.exe
C:\Neto\Adobe\Adobe Premiere Pro CC\PProHeadless.exe
C:\Neto\Adobe\Adobe Premiere Pro CC\32\Adobe QT32 Server.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Neto\TrueCrypt\TrueCrypt.exe
C:\Neto\Mozilla Firefox\firefox.exe
C:\neto\steam\steam.exe
C:\neto\steam\bin\steamwebhelper.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Neto\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
Trusted Zone: dell.com
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 88.223.0.1 88.222.0.1
TCP: Interfaces\{007A2A04-0A3B-4AF2-925A-B30EB3DAB648}\13D213 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{007A2A04-0A3B-4AF2-925A-B30EB3DAB648}\3323D213 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{007A2A04-0A3B-4AF2-925A-B30EB3DAB648}\74C424C4743545 : DHCPNameServer = 10.56.104.228
TCP: Interfaces\{007A2A04-0A3B-4AF2-925A-B30EB3DAB648}\96E656471637 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{007A2A04-0A3B-4AF2-925A-B30EB3DAB648}\D497759664963556475707 : DHCPNameServer = 10.56.104.228
TCP: Interfaces\{077D3E22-B31A-4E86-86A9-7DD2AD9A2508} : DHCPNameServer = 88.223.0.1 88.222.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alienware\AppData\Roaming\Mozilla\Firefox\Profiles\hk8nrqfi.default-1381092860934\
FF - prefs.js: network.proxy.http - 177.234.12.202
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Neto\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Neto\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Neto\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Neto\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Neto\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Neto\Winamp Detect\npwachk.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Alienware\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
---- FIREFOX POLICIES ----
user_pref(extensions.dntme.tag,'YT14');
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-2-17 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-2-17 28216]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-9 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-3-2 56336]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-5-9 22128]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-5-15 283064]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-9-16 93400]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-6-15 14704]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]
R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [2014-12-15 56648]
R2 CtHdaSvc;Sound Core3D Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2014-10-21 124928]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-18 1148744]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2014-4-2 87368]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-14 14904]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-5-9 2439272]
R2 MBAMScheduler;MBAMScheduler;C:\Neto\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-16 1871160]
R2 MBAMService;MBAMService;C:\Neto\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-16 969016]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 125584]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-9-2 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-9-2 19819848]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-6-7 167424]
R2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w --> C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-18 409800]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-8-23 3342640]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
R3 cthda;Sound Core3D(CtHda.sys);C:\Windows\System32\drivers\cthda.sys [2014-10-21 1066752]
R3 dcdbas;System Management Driver;C:\Windows\System32\drivers\dcdbas64.sys [2013-5-9 38472]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-9 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-9 788760]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-14 108656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-16 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-16 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-16 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-9-2 19784]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2014-11-18 451216]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-18 38216]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-11-14 343144]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2012-11-14 67184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-4-29 49152]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-3-9 121800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-8-23 272688]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-16 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-16 180736]
S3 Origin Client Service;Origin Client Service;C:\Neto\Origin\OriginClientService.exe [2013-12-29 1903472]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-12-18 19456]
S3 RTCore64;RTCore64;C:\Neto\MSI Afterburner\RTCore64.sys [2013-3-11 13368]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-14 1255736]
S4 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
S4 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
.
=============== Created Last 30 ================
.
2015-01-14 13:46:23    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C799EE8-B3A6-4657-9421-AE5F5802896C}\offreg.dll
2015-01-14 13:45:53    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFE61E5D-1D6C-45A1-A47B-48291259DCFB}\gapaengine.dll
2015-01-14 13:45:42    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C799EE8-B3A6-4657-9421-AE5F5802896C}\mpengine.dll
2015-01-13 09:14:09    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79264A8B-FF4E-4BC2-BC15-218368AB05B5}\offreg.dll
2015-01-13 09:13:36    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E5A064B6-A3DD-4E91-BA63-47C02313C1AC}\gapaengine.dll
2015-01-13 09:13:21    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-13 09:13:21    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79264A8B-FF4E-4BC2-BC15-218368AB05B5}\mpengine.dll
2015-01-11 17:29:21    348928    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2015-01-11 17:29:21    280904    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2015-01-11 17:29:13    76152    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2015-01-10 22:51:42    --------    d-----w-    C:\Users\Alienware\AppData\Roaming\WinCL
2015-01-10 19:52:36    --------    d-----w-    C:\Users\Alienware\AppData\Local\DanuSoft
2015-01-10 19:51:46    --------    d-----w-    C:\Program Files (x86)\WiFi HotSpot Creator
2015-01-10 05:13:55    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03687B89-3999-43DF-982E-F3675A7B8849}\gapaengine.dll
2015-01-06 09:23:58    54525952    ----a-w-    C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fe5f0606391e1b3a67fcf91ded957196\TuneUp Utilities.exe
2014-12-23 19:00:26    42152    ----a-w-    C:\Windows\System32\drivers\cnnctfy3.sys
2014-12-18 00:25:59    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-12-18 00:25:59    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-12-18 00:23:49    19456    ----a-w-    C:\Windows\System32\drivers\rdpvideominiport.sys
2014-12-18 00:23:48    192000    ----a-w-    C:\Windows\SysWow64\rdpendp_winip.dll
2014-12-18 00:23:47    243200    ----a-w-    C:\Windows\System32\rdpudd.dll
2014-12-18 00:23:47    228864    ----a-w-    C:\Windows\System32\rdpendp_winip.dll
2014-12-17 22:22:09    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-12-17 22:22:09    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-12-16 07:36:07    11870360    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B1C73FE-A60E-4D31-B9D5-8A20D1D3E4BE}\mpengine.dll
.
==================== Find3M  ====================
.
2015-01-14 17:33:26    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-12 00:50:17    348928    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2015-01-09 15:53:19    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-09 15:53:19    701616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-31 11:14:31    298120    ------w-    C:\Windows\System32\MpSigStub.exe
2014-12-10 14:09:01    3981488    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-12-04 02:50:55    413184    ----a-w-    C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45    741376    ----a-w-    C:\Windows\System32\invagent.dll
2014-12-04 02:50:40    396800    ----a-w-    C:\Windows\System32\devinv.dll
2014-12-04 02:50:38    830976    ----a-w-    C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37    227328    ----a-w-    C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37    192000    ----a-w-    C:\Windows\System32\aepic.dll
2014-12-04 02:44:48    1083392    ----a-w-    C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44    1232040    ----a-w-    C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07    6039552    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58    2125312    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26    4299264    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21    2358272    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-22 01:22:49    2052096    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20    1888256    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-21 04:14:22    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-11-21 04:14:12    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 04:14:08    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-11-17 22:18:52    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2014-11-17 22:18:52    197408    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2014-11-17 22:18:52    1538880    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2014-11-12 21:56:45    6897352    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-11-12 21:56:45    3534152    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-11-12 21:56:42    934032    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-11-12 21:56:42    62608    ----a-w-    C:\Windows\System32\nvshext.dll
2014-11-12 21:56:42    386368    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-11-12 21:56:42    2559808    ----a-w-    C:\Windows\System32\nvsvcr.dll
2014-11-12 20:46:11    615624    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-11-11 10:29:54    4100776    ----a-w-    C:\Windows\System32\nvcoproc.bin
2014-11-11 03:09:06    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-11-08 02:45:09    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-11-06 17:06:52    2197680    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-11-06 17:06:52    1291280    ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
2014-11-06 17:06:33    2800296    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-11-06 17:06:33    1715224    ----a-w-    C:\Windows\System32\nvspbridge64.dll
2014-10-30 02:03:43    165888    ----a-w-    C:\Windows\System32\charmap.exe
2014-10-30 01:45:43    155136    ----a-w-    C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-21 00:58:34    4850    ----a-w-    C:\Windows\cthdaeng.reg
2014-10-21 00:58:32    48400    ----a-w-    C:\Windows\AddCat.exe
2014-10-21 00:58:32    477184    ----a-w-    C:\Windows\SysWow64\CtHdaCtl.dll
2014-10-21 00:58:32    25088    ----a-w-    C:\Windows\MEptDef.exe
2014-10-21 00:58:32    164864    ----a-w-    C:\Windows\SysWow64\CtHdAsio.dll
2014-10-21 00:58:32    124928    ----a-w-    C:\Windows\SysWow64\CtHdaSvc.exe
2014-10-21 00:58:32    10240    ----a-w-    C:\Windows\InstHlp.exe
2014-10-21 00:58:30    583168    ----a-w-    C:\Windows\System32\CtHdaC64.dll
2014-10-21 00:58:30    2353432    ----a-w-    C:\Windows\System32\CTHRFX64.dll
2014-10-21 00:58:30    175616    ----a-w-    C:\Windows\System32\CtHdAs64.dll
2014-10-21 00:58:30    137216    ----a-w-    C:\Windows\System32\CtHSvc64.exe
2014-10-21 00:58:30    1066752    ----a-w-    C:\Windows\System32\drivers\cthda.sys
2014-10-18 02:05:23    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-10-18 02:05:21    4121600    ----a-w-    C:\Windows\System32\mf.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-10-18 01:33:13    3209728    ----a-w-    C:\Windows\SysWow64\mf.dll
.
============= FINISH: 22:34:46,04 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:56 PM

Posted 14 January 2015 - 08:03 PM

Greetings Kotu and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Kotu

Kotu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 15 January 2015 - 10:37 AM

Hi Gary!

 

I really appreciate you helping me out! Running the scans right now and will post the results below. Oh, and you can call me Gediminas, that is my name :)

 

===================================================================================================================

 

When trying to get results from Farbar Recover Scan Tool, I ran into some trouble. Everytime it would get stuck on : "Listing Installed Programs..."

 

Here are the contents that were gathered however :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by Alienware (administrator) on TERRA1 on 15-01-2015 15:45:22
Running from C:\Users\Alienware\Desktop
Loaded Profiles: Alienware &  (Available profiles: Alienware & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Neto\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Neto\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Neto\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Neto\Adobe\Adobe Premiere Pro CC\32\dynamiclinkmanager.exe
(Adobe Systems Incorporated) C:\Neto\Adobe\Adobe Premiere Pro CC\PProHeadless.exe
(Adobe Systems Incorporated) C:\Neto\Adobe\Adobe Premiere Pro CC\32\Adobe QT32 Server.exe
(Mozilla Corporation) C:\Neto\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2927376 2012-04-26] (Synaptics Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-10] (Intel Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-12-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-193931360-3802640553-4084731090-1000\...\Run: [DAEMON Tools Lite] => C:\Neto\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-193931360-3802640553-4084731090-1000\...\MountPoints2: {020717d3-352f-11e3-b297-d4bed940eef7} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-193931360-3802640553-4084731090-1000\...\MountPoints2: {17ceea63-dc74-11e3-b1ec-685d4323e686} - F:\LANLauncher.exe
HKU\S-1-5-21-193931360-3802640553-4084731090-1000\...\MountPoints2: {221fbb56-ca1a-11e2-9436-685d4323e686} - F:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-193931360-3802640553-4084731090-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 88.223.0.1 88.222.0.1

FireFox:
========
FF ProfilePath: C:\Users\Alienware\AppData\Roaming\Mozilla\Firefox\Profiles\hk8nrqfi.default-1381092860934
FF NetworkProxy: "http", "177.234.12.202"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Neto\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-193931360-3802640553-4084731090-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alienware\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-193931360-3802640553-4084731090-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Alienware\AppData\Roaming\Mozilla\Firefox\Profiles\hk8nrqfi.default-1381092860934\user.js
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Alienware\AppData\Roaming\Mozilla\Firefox\Profiles\hk8nrqfi.default-1381092860934\Extensions\donottrackplus@abine.com [2014-11-21]
FF Extension: Lietuvių kalbos rašybos tikrinimo žodynas - C:\Users\Alienware\AppData\Roaming\Mozilla\Firefox\Profiles\hk8nrqfi.default-1381092860934\Extensions\lt@dictionaries.addons.mozilla.org [2014-02-24]
FF Extension: Temp Installer - C:\Users\Alienware\AppData\Roaming\Mozilla\Firefox\Profiles\hk8nrqfi.default-1381092860934\Extensions\{77868449-f49d-d6ec-3145-e651161b1ff8} [2014-07-01]
FF Extension: System.Reflection.CustomAttributeFormatException - C:\Users\Alienware\AppData\Roaming\Mozilla\Firefox\Profiles\hk8nrqfi.default-1381092860934\Extensions\{D5AE7440-E863-D1EC-4808-FD1AB6EF5D93} [2014-09-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF StartMenuInternet: FIREFOX.EXE - C:\Neto\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-11]
CHR Extension: (System.Reflection.CustomAttributeFormatException) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-09-18]
CHR Extension: (Google Docs) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-11]
CHR Extension: (Google Drive) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-11]
CHR Extension: (Google Search) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-11]
CHR Extension: (Proxy SwitchySharp) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2014-08-27]
CHR Extension: (Google Sheets) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-11]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-06-07]
CHR Extension: (Skype Click to Call) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-03]
CHR Extension: (Google Wallet) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-11]
CHR HKU\S-1-5-21-193931360-3802640553-4084731090-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ALIENW~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-16]
CHR HKU\S-1-5-21-193931360-3802640553-4084731090-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-08-07] () [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [56648 2014-12-15] (Google Inc.)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [124928 2014-10-21] (Creative Technology Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Neto\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Neto\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S3 Origin Client Service; C:\Neto\Origin\OriginClientService.exe [1903472 2015-01-11] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-11] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
S2 postgresql-x64-9.2; C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1066752 2014-10-21] (Creative Technology Ltd)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-02] (Dell Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-15] (Disc Soft Ltd)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R1 MpKsl0019d4c0; C:\Windows\system32\MpEngineStore\MpKsl0019d4c0.sys [45352 2015-01-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [32512 2005-08-02] (CACE Technologies) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTCore64; C:\Neto\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-15] (Duplex Secure Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
U3 at7e5yqe; C:\Windows\System32\Drivers\at7e5yqe.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
S1 advnkfjs; \??\C:\Windows\system32\drivers\advnkfjs.sys [X]
S1 agpgojvy; \??\C:\Windows\system32\drivers\agpgojvy.sys [X]
S1 avyfakic; \??\C:\Windows\system32\drivers\avyfakic.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S1 ebucruhy; \??\C:\Windows\system32\drivers\ebucruhy.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 hijehnum; \??\C:\Windows\system32\drivers\hijehnum.sys [X]
S1 ipkwpklu; \??\C:\Windows\system32\drivers\ipkwpklu.sys [X]
S3 iscFlash; \??\C:\Users\ALIENW~1\AppData\Local\Temp\7zSC3FB.tmp\iscflashx64.sys [X]
S1 mjotxdfi; \??\C:\Windows\system32\drivers\mjotxdfi.sys [X]
S1 nrffgrxi; \??\C:\Windows\system32\drivers\nrffgrxi.sys [X]
S1 ougjxalg; \??\C:\Windows\system32\drivers\ougjxalg.sys [X]
S1 qevlakng; \??\C:\Windows\system32\drivers\qevlakng.sys [X]
S1 srsugwvg; \??\C:\Windows\system32\drivers\srsugwvg.sys [X]
S1 tptrqukv; \??\C:\Windows\system32\drivers\tptrqukv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 05:26 - 2015-01-15 15:45 - 00026944 _____ () C:\Users\Alienware\Desktop\FRST.txt
2015-01-15 05:25 - 2015-01-15 15:45 - 00000000 ____D () C:\FRST
2015-01-15 05:19 - 2015-01-15 05:19 - 01188194 _____ () C:\Users\Alienware\Desktop\ProcessExplorer.zip
2015-01-15 05:19 - 2015-01-15 05:19 - 00000000 ____D () C:\Users\Alienware\Desktop\ProcessExplorer
2015-01-15 05:15 - 2015-01-15 05:15 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-01-14 23:09 - 2015-01-14 23:10 - 233801022 ____R () C:\Users\Alienware\Downloads\Farai.2015.01.12.LT.PDTV.Arme.BTT-Team.mkv
2015-01-14 22:34 - 2015-01-14 22:34 - 00033300 _____ () C:\Users\Alienware\Desktop\dds.txt
2015-01-14 22:34 - 2015-01-14 22:34 - 00006838 _____ () C:\Users\Alienware\Desktop\attach.txt
2015-01-14 22:32 - 2015-01-14 22:32 - 00688992 ____R (Swearware) C:\Users\Alienware\Desktop\dds.com
2015-01-14 19:08 - 2015-01-14 19:08 - 22543985 _____ () C:\Users\Alienware\Downloads\Trapcode Particular 2.zip
2015-01-14 19:08 - 2015-01-14 19:08 - 204207189 _____ () C:\Users\Alienware\Downloads\Pasmerkti.3.S01E69.WEB-DL.-EDZ.mp4
2015-01-14 19:08 - 2015-01-14 19:08 - 201642987 _____ () C:\Users\Alienware\Downloads\Pasmerkti.3.S01E66.WEB-DL.-EDZ.mp4
2015-01-14 18:50 - 2015-01-14 18:50 - 11321344 _____ () C:\Users\Alienware\Desktop\RMC Training PDF.zip
2015-01-14 18:50 - 2015-01-14 18:50 - 06329744 _____ () C:\Users\Alienware\Desktop\ITServiceManagementAguideforITILFoundationExamcan.zip
2015-01-14 18:05 - 2015-01-11 00:51 - 00241664 _____ () C:\Users\Alienware\Desktop\pclock_backup.dat
2015-01-14 16:51 - 2015-01-14 16:51 - 01209008 _____ (Emsisoft Ltd) C:\Users\Alienware\Desktop\decrypt_pclock2.exe
2015-01-14 03:25 - 2015-01-14 03:25 - 00000364 _____ () C:\Windows\Tasks\AdobeAAMUpdater-1.0-TERRA1-Alienware.job
2015-01-14 01:53 - 2015-01-15 05:25 - 02125312 _____ (Farbar) C:\Users\Alienware\Desktop\FRST64.exe
2015-01-14 01:53 - 2015-01-14 01:53 - 15340120 _____ () C:\Users\Alienware\Desktop\RogueKiller.exe
2015-01-12 13:36 - 2015-01-12 13:36 - 02203064 _____ () C:\Users\Alienware\bckup.txt
2015-01-12 13:27 - 2015-01-12 13:27 - 00000998 _____ () C:\Users\Alienware\Desktop\CryptoLocker.lnk
2015-01-11 19:29 - 2015-01-12 02:50 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-11 19:29 - 2015-01-12 02:50 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-11 19:29 - 2015-01-11 23:32 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-11 16:43 - 2015-01-11 16:43 - 02203064 _____ () C:\Users\Alienware\enc_files.txt
2015-01-11 02:31 - 2015-01-11 02:31 - 00000359 _____ () C:\Users\Alienware\Recycle Bin - Shortcut.lnk
2015-01-11 00:51 - 2015-01-14 18:05 - 00000000 ____D () C:\Users\Alienware\AppData\Roaming\WinCL
2015-01-10 21:52 - 2015-01-10 21:52 - 00000000 ____D () C:\Users\Alienware\AppData\Local\DanuSoft
2015-01-10 21:51 - 2015-01-10 21:51 - 00000000 ____D () C:\Program Files (x86)\WiFi HotSpot Creator
2015-01-08 22:15 - 2015-01-08 22:16 - 161040564 ____R () C:\Users\Alienware\Downloads\Pasmerkti.3.S01E72.WEB-DL.-EDZ.mp4
2015-01-08 19:05 - 2015-01-10 22:17 - 00001596 _____ () C:\Users\Public\Desktop\L.A. Noire.lnk
2015-01-06 22:27 - 2015-01-06 22:27 - 199338886 ____R () C:\Users\Alienware\Downloads\Pasmerkti.3.S01E70.WEB-DL.-EDZ.mp4
2015-01-03 12:39 - 2015-01-14 18:50 - 00000000 ____D () C:\Users\Alienware\Desktop\2014 12 - 2015 01
2015-01-03 08:28 - 2015-01-03 08:28 - 201966396 ____R () C:\Users\Alienware\Downloads\Pasmerkti.3.S01E68.WEB-DL.-EDZ.mp4
2015-01-03 08:28 - 2015-01-03 08:28 - 197774683 ____R () C:\Users\Alienware\Downloads\Pasmerkti.3.S01E67.WEB-DL.-EDZ.mp4
2014-12-23 21:00 - 2014-12-23 21:00 - 00042152 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2014-12-22 22:58 - 2014-12-22 22:58 - 00000000 ____D () C:\Users\Alienware\Downloads\Pasmerkti.3.S01E65.DSR.x264-BTT
2014-12-18 23:39 - 2014-12-18 23:39 - 243805836 ____R () C:\Users\Alienware\Downloads\Pasmerkti.3.S01E64.LT.PDTV.Dainius8882.BTT-Team.mkv
2014-12-18 02:39 - 2014-12-18 02:39 - 00000000 ____D () C:\Users\Alienware\Documents\Paradox Interactive
2014-12-18 02:35 - 2014-12-18 02:35 - 00001733 _____ () C:\Users\Public\Desktop\Crusader Kings II Way of Life.lnk
2014-12-18 02:35 - 2014-12-18 02:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
2014-12-18 02:25 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-18 02:25 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-18 02:23 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-18 02:23 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-18 02:23 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-12-18 02:23 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-18 00:22 - 2014-12-13 07:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 00:22 - 2014-12-13 05:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 15:45 - 2012-11-14 07:07 - 01476517 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 10:14 - 2014-09-16 18:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 05:15 - 2013-07-18 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 05:15 - 2012-11-14 07:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 00:28 - 2012-11-21 20:34 - 00000000 ____D () C:\Users\Alienware\AppData\Roaming\uTorrent
2015-01-14 22:32 - 2012-11-21 20:35 - 00000000 ____D () C:\Neto
2015-01-14 22:30 - 2014-02-25 20:05 - 00000000 ____D () C:\ProgramData\NCH Software
2015-01-14 22:30 - 2014-02-25 20:05 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-01-14 21:34 - 2014-08-08 10:47 - 00000000 ____D () C:\Barclays
2015-01-14 20:22 - 2013-01-05 21:33 - 00000000 ____D () C:\Users\Alienware\Documents\Egosoft
2015-01-14 20:14 - 2012-11-25 00:02 - 00000000 ____D () C:\Users\Alienware\Documents\My Games
2015-01-14 20:05 - 2009-07-14 07:13 - 00784498 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 19:30 - 2014-12-07 14:57 - 00000000 ___RD () C:\Users\Alienware\„Google“ diskas
2015-01-14 19:30 - 2014-11-29 06:15 - 00000000 ____D () C:\ProgramData\FAZ
2015-01-14 19:08 - 2014-03-12 01:54 - 00000000 ____D () C:\Users\Alienware\Downloads\2013 Corporate Bundle
2015-01-14 19:08 - 2012-12-23 17:32 - 00000000 ____D () C:\Users\Alienware\Downloads\Prometheus.2012.1080p.BluRay.X264-AMIABLE
2015-01-14 19:03 - 2013-01-06 14:03 - 00000000 ____D () C:\Users\Alienware\Documents\My Received Files
2015-01-14 18:54 - 2012-12-13 00:49 - 00000000 ____D () C:\Users\Alienware\Documents\Is kauno
2015-01-14 18:51 - 2013-08-12 15:00 - 00000000 ___RD () C:\Users\Alienware\Documents\Dropbox
2015-01-14 18:51 - 2012-12-13 00:49 - 00000000 ____D () C:\Users\Alienware\Documents\igno mp3
2015-01-14 18:50 - 2014-07-08 21:20 - 00000000 ____D () C:\Users\Alienware\Desktop\Good
2015-01-14 09:57 - 2012-12-05 21:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 03:30 - 2014-08-29 04:16 - 00000000 ____D () C:\Users\Alienware\AppData\Local\Adobe
2015-01-12 13:36 - 2012-11-14 07:08 - 00000000 ____D () C:\Users\Alienware
2015-01-12 13:08 - 2013-06-07 02:03 - 00000000 ____D () C:\Users\Alienware\AppData\Local\HTC MediaHub
2015-01-12 12:28 - 2009-07-14 06:45 - 00031152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 12:28 - 2009-07-14 06:45 - 00031152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 12:21 - 2014-09-16 16:51 - 00026841 _____ () C:\Windows\setupact.log
2015-01-12 12:21 - 2013-02-17 00:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-12 12:19 - 2013-03-02 23:45 - 00000000 ____D () C:\ProgramData\Origin
2015-01-12 02:50 - 2013-03-05 00:30 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-11 21:26 - 2013-03-03 02:42 - 00000824 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2015-01-11 21:25 - 2014-10-31 21:52 - 00037174 _____ () C:\Windows\DirectX.log
2015-01-11 19:28 - 2013-03-03 03:23 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-01-11 03:09 - 2012-12-23 00:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 00:49 - 2012-11-21 22:03 - 00000494 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-10 21:45 - 2013-01-01 23:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 21:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 21:43 - 2012-11-23 23:25 - 00000000 ____D () C:\Gedo
2015-01-10 21:40 - 2013-01-17 00:38 - 00000000 ____D () C:\Users\Alienware\AppData\Roaming\Spotify
2015-01-10 18:38 - 2013-01-17 00:38 - 00000000 ____D () C:\Users\Alienware\AppData\Local\Spotify
2015-01-10 09:03 - 2014-06-24 23:48 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-09 17:53 - 2012-12-23 00:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-09 17:53 - 2012-11-14 11:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-09 17:53 - 2012-11-14 11:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-08 19:10 - 2012-12-11 01:22 - 00000000 ____D () C:\Users\Alienware\Documents\Rockstar Games
2015-01-08 19:05 - 2013-02-17 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2015-01-08 18:55 - 2012-11-14 09:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-08 18:36 - 2014-05-15 23:16 - 00000000 ____D () C:\Users\Alienware\AppData\Local\2K Games
2015-01-04 01:12 - 2012-11-21 20:17 - 00001465 _____ () C:\Users\Alienware\Desktop\331243.txt
2015-01-03 12:38 - 2013-08-12 14:57 - 00000000 ____D () C:\Users\Alienware\AppData\Roaming\Dropbox
2014-12-31 13:14 - 2010-11-21 05:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 23:12 - 2012-12-07 03:04 - 00000000 ____D () C:\Users\Alienware\AppData\Roaming\Skype
2014-12-23 07:13 - 2013-01-01 23:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-18 23:50 - 2012-11-16 10:25 - 00000000 ____D () C:\Users\Public\Creative
2014-12-18 15:32 - 2012-11-14 10:31 - 00000000 ____D () C:\ProgramData\PCDr
2014-12-18 15:30 - 2014-09-16 17:31 - 00024156 _____ () C:\Windows\PFRO.log
2014-12-18 15:29 - 2014-06-25 00:10 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-12-18 15:29 - 2012-11-14 10:02 - 00000523 ___RH () C:\Windows\ctfile.rfc
2014-12-18 15:28 - 2012-11-14 08:06 - 00000000 ____D () C:\ProgramData\Creative
2014-12-18 14:49 - 2009-07-14 07:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-18 03:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-12-18 03:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-18 02:39 - 2013-06-19 23:29 - 00000000 ____D () C:\Users\Alienware\AppData\Local\SKIDROW
2014-12-16 23:23 - 2014-09-16 16:51 - 05146824 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\ProgramData\emopts.dat
C:\ProgramData\saopts.dat


Some content of TEMP:
====================
C:\Users\Alienware\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqq_qpu.dll
C:\Users\Alienware\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Alienware\AppData\Local\Temp\nvStInst.exe
C:\Users\Alienware\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

==========================================================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2015 01
Ran by Alienware at 2015-01-15 15:45:41
Running from C:\Users\Alienware\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

===================================================================================================================

 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:56 PM

Posted 16 January 2015 - 11:38 AM

Greetings Gediminas,

 

I apologize for the delay and the difficulty running FRST. Can you please download a fresh copy of the program and run it again. I do need to review the entirety of both reports.

 

Can you tell me if either or both of these Internet Service Providers look familiar?

Mexico Benito Juarez Secretaria De Comunicaciones Y Transportes Coordinacion De La Sociedad De La Informacion Y El Conoci

 

Lithuania Kaunas Uab Dokeda

 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Kotu

Kotu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 16 January 2015 - 01:15 PM

Hey Gary,

 

No problem, I'll try that again.

 

As for ISP, yes, this one : "Lithuania Kaunas Uab Dokeda" is mine. The other one I do not know.



#6 Kotu

Kotu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 16 January 2015 - 01:22 PM

I am afraid FRST is still getting stuck at "listing installed programs"..

Last time it ran for more than 2 hours with no change. I am not sure if it something that is caused by setup or damage done by malware.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:56 PM

Posted 16 January 2015 - 01:47 PM

I tested the newest download and it ran fine so what I would like you to do is try to run it in Safe Mode and see if we have better results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Kotu

Kotu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 18 January 2015 - 01:39 PM

Tried it in Safe Mode and yet the same problem is being experienced.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:56 PM

Posted 18 January 2015 - 03:42 PM

Thanks for trying it Gediminas. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
U3 at7e5yqe; C:\Windows\System32\Drivers\at7e5yqe.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
C:\Windows\System32\Drivers\at7e5yqe.sys
S1 advnkfjs; \??\C:\Windows\system32\drivers\advnkfjs.sys [X]
S1 agpgojvy; \??\C:\Windows\system32\drivers\agpgojvy.sys [X]
S1 avyfakic; \??\C:\Windows\system32\drivers\avyfakic.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S1 ebucruhy; \??\C:\Windows\system32\drivers\ebucruhy.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 hijehnum; \??\C:\Windows\system32\drivers\hijehnum.sys [X]
S1 ipkwpklu; \??\C:\Windows\system32\drivers\ipkwpklu.sys [X]
S3 iscFlash; \??\C:\Users\ALIENW~1\AppData\Local\Temp\7zSC3FB.tmp\iscflashx64.sys [X]
S1 mjotxdfi; \??\C:\Windows\system32\drivers\mjotxdfi.sys [X]
S1 nrffgrxi; \??\C:\Windows\system32\drivers\nrffgrxi.sys [X]
S1 ougjxalg; \??\C:\Windows\system32\drivers\ougjxalg.sys [X]
S1 qevlakng; \??\C:\Windows\system32\drivers\qevlakng.sys [X]
S1 srsugwvg; \??\C:\Windows\system32\drivers\srsugwvg.sys [X]
S1 tptrqukv; \??\C:\Windows\system32\drivers\tptrqukv.sys [X]
C:\ProgramData\emopts.dat
C:\ProgramData\saopts.dat
C:\Users\Alienware\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqq_qpu.dll
C:\Users\Alienware\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Alienware\AppData\Local\Temp\nvStInst.exe
C:\Users\Alienware\AppData\Local\Temp\vlc-2.1.5-win32.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Kotu

Kotu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 19 January 2015 - 10:31 AM

Hi Gary, I ran all the above listed apps without any trouble. Pasting in the requested log files :

 

Fixlog :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Alienware at 2015-01-19 17:10:41 Run:1
Running from C:\Users\Alienware\Desktop
Loaded Profiles: Alienware (Available profiles: Alienware & postgres)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
U3 at7e5yqe; C:\Windows\System32\Drivers\at7e5yqe.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
C:\Windows\System32\Drivers\at7e5yqe.sys
S1 advnkfjs; \??\C:\Windows\system32\drivers\advnkfjs.sys [X]
S1 agpgojvy; \??\C:\Windows\system32\drivers\agpgojvy.sys [X]
S1 avyfakic; \??\C:\Windows\system32\drivers\avyfakic.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S1 ebucruhy; \??\C:\Windows\system32\drivers\ebucruhy.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 hijehnum; \??\C:\Windows\system32\drivers\hijehnum.sys [X]
S1 ipkwpklu; \??\C:\Windows\system32\drivers\ipkwpklu.sys [X]
S3 iscFlash; \??\C:\Users\ALIENW~1\AppData\Local\Temp\7zSC3FB.tmp\iscflashx64.sys [X]
S1 mjotxdfi; \??\C:\Windows\system32\drivers\mjotxdfi.sys [X]
S1 nrffgrxi; \??\C:\Windows\system32\drivers\nrffgrxi.sys [X]
S1 ougjxalg; \??\C:\Windows\system32\drivers\ougjxalg.sys [X]
S1 qevlakng; \??\C:\Windows\system32\drivers\qevlakng.sys [X]
S1 srsugwvg; \??\C:\Windows\system32\drivers\srsugwvg.sys [X]
S1 tptrqukv; \??\C:\Windows\system32\drivers\tptrqukv.sys [X]
C:\ProgramData\emopts.dat
C:\ProgramData\saopts.dat
C:\Users\Alienware\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqq_qpu.dll
C:\Users\Alienware\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Alienware\AppData\Local\Temp\nvStInst.exe
C:\Users\Alienware\AppData\Local\Temp\vlc-2.1.5-win32.exe
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
at7e5yqe => Service not found.
"C:\Windows\System32\Drivers\at7e5yqe.sys" => File/Directory not found.
advnkfjs => Service deleted successfully.
agpgojvy => Service deleted successfully.
avyfakic => Service deleted successfully.
cpuz135 => Service deleted successfully.
ebucruhy => Service deleted successfully.
esgiguard => Service deleted successfully.
hijehnum => Service deleted successfully.
ipkwpklu => Service deleted successfully.
iscFlash => Service deleted successfully.
mjotxdfi => Service deleted successfully.
nrffgrxi => Service deleted successfully.
ougjxalg => Service deleted successfully.
qevlakng => Service deleted successfully.
srsugwvg => Service deleted successfully.
tptrqukv => Service deleted successfully.
C:\ProgramData\emopts.dat => Moved successfully.
C:\ProgramData\saopts.dat => Moved successfully.
"C:\Users\Alienware\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqq_qpu.dll" => File/Directory not found.
C:\Users\Alienware\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
"C:\Users\Alienware\AppData\Local\Temp\nvStInst.exe" => File/Directory not found.
"C:\Users\Alienware\AppData\Local\Temp\vlc-2.1.5-win32.exe" => File/Directory not found.

==== End of Fixlog 17:10:41 ====

 

 

 

AdwCleaner log :

 

# AdwCleaner v4.108 - Report created 19/01/2015 at 17:19:36
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alienware - TERRA1
# Running from : C:\Users\Alienware\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Alienware\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Alienware\AppData\Local\Math Problem Solver
Folder Deleted : C:\Users\Alienware\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Alienware\AppData\Roaming\Settings Manager
File Deleted : C:\END
File Deleted : C:\Users\Alienware\AppData\Roaming\Mozilla\Firefox\Profiles\hk8nrqfi.default-1381092860934\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\powerpack

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v35.0 (x86 en-US)


-\\ Google Chrome v39.0.2171.95


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [2098 octets] - [19/01/2015 17:17:43]
AdwCleaner[S0].txt - [1964 octets] - [19/01/2015 17:19:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2024 octets] ##########
 

 

 

Junkware log :

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alienware on 2015.01.19 at 17:24:09,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERSWITCHER.EXE-83818A1C.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Alienware\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\Alienware\appdata\locallow\pcdr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015.01.19 at 17:28:57,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:56 PM

Posted 19 January 2015 - 10:38 AM

Good. Could you please update me regarding your computer performance.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Kotu

Kotu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 19 January 2015 - 01:09 PM

Performance seems to be stable. It has not been much of a problem previously either, only during the encryption state, when CryptoLocker trojan initiated it, then it was terrible.

 

I am mostly worried about CryptoLocker renewing itself, since I did not take any actions to get rid of it, right after decrypting the lost files, I referred here to see about removing CryptoLocker and anything with it.

 

Anything I can do to check if any malware still exists on my system?



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:56 PM

Posted 19 January 2015 - 02:51 PM

We are removing anything malware related or things that don't belong whether malware related or not.

Crypto infections are considered Backdoor Trojans and as a result we could never be 100% certain the computer is absolutely clean. The only way to be certain would be to reformat the hard drive and reinstall your Operating System and other programs. If you would feel more comfortable doing that let me know. If you prefer to continue our efforts to clean rather than reformat below are our next steps.

=======================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Kotu

Kotu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 20 January 2015 - 01:33 PM

Gary,

 

Thanks for your help so far. I think I'd rather keep us working towards cleaning the system as much as possible.

 

Here are the latest results from Combofix log :

 

ComboFix 15-01-18.01 - Alienware 2015.01.20  20:05:21.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16334.12439 [GMT 2:00]
Running from: c:\users\Alienware\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AgentSS
c:\programdata\Roaming
c:\programdata\sacache
c:\windows\msdownld.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\tmp1EB5.tmp
c:\windows\SysWow64\tmp1ED5.tmp
c:\windows\SysWow64\tmp330C.tmp
c:\windows\SysWow64\tmp3445.tmp
c:\windows\SysWow64\tmpCBEA.tmp
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-20 to 2015-01-20  )))))))))))))))))))))))))))))))
.
.
2015-01-20 18:12 . 2015-01-20 18:12    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2015-01-19 20:40 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{222FD3B6-267C-446D-B13F-7D7449D43D70}\mpengine.dll
2015-01-19 15:24 . 2015-01-19 15:24    --------    d-----w-    c:\windows\ERUNT
2015-01-19 15:17 . 2015-01-19 15:19    --------    d-----w-    C:\AdwCleaner
2015-01-18 19:05 . 2014-09-29 07:38    1188440    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DC9E0BC-4A65-47C7-8986-0BFC82ABFCF4}\gapaengine.dll
2015-01-18 19:05 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-15 03:25 . 2015-01-20 17:11    --------    d-----w-    C:\FRST
2015-01-15 03:15 . 2015-01-18 17:33    --------    d-----w-    c:\windows\system32\MpEngineStore
2015-01-11 17:29 . 2015-01-12 00:50    348928    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2015-01-11 17:29 . 2015-01-12 00:50    280904    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2015-01-11 17:29 . 2015-01-11 21:32    76152    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2015-01-10 19:52 . 2015-01-10 19:52    --------    d-----w-    c:\users\Alienware\AppData\Local\DanuSoft
2015-01-10 19:51 . 2015-01-10 19:51    --------    d-----w-    c:\program files (x86)\WiFi HotSpot Creator
2015-01-06 09:23 . 2015-01-06 09:23    54525952    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\fe5f0606391e1b3a67fcf91ded957196\TuneUp Utilities.exe
2014-12-23 19:00 . 2014-12-23 19:00    42152    ----a-w-    c:\windows\system32\drivers\cnnctfy3.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-20 16:18 . 2014-09-16 16:16    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-19 15:22 . 2012-11-14 09:02    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-19 15:22 . 2012-11-14 09:02    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-15 03:15 . 2012-11-14 05:54    113365784    ----a-w-    c:\windows\system32\MRT.exe
2015-01-12 00:50 . 2013-03-04 22:30    348928    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2015-01-10 08:09 . 2014-10-12 20:59    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-12-31 11:14 . 2010-11-21 03:27    298120    ------w-    c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-17 22:22    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-17 22:22    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-12-10 14:09 . 2014-12-10 14:09    3981488    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-04 02:50 . 2014-12-10 07:13    413184    ----a-w-    c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 07:13    741376    ----a-w-    c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 07:13    396800    ----a-w-    c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 07:13    830976    ----a-w-    c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 07:13    192000    ----a-w-    c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 07:13    227328    ----a-w-    c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 07:13    1083392    ----a-w-    c:\windows\system32\aeinv.dll
2014-12-02 10:26 . 2014-12-16 07:36    11870360    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B1C73FE-A60E-4D31-B9D5-8A20D1D3E4BE}\mpengine.dll
2014-12-01 23:28 . 2014-12-10 07:13    1232040    ----a-w-    c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 07:12    389296    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 07:12    25059840    ----a-w-    c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 07:12    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 07:12    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 07:12    66560    ----a-w-    c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 07:12    580096    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 07:12    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 07:12    2885120    ----a-w-    c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 07:12    88064    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 07:12    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 07:12    34304    ----a-w-    c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 07:12    633856    ----a-w-    c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 07:12    114688    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 07:12    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 07:12    6039552    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 07:12    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 07:12    490496    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 07:12    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 07:12    77824    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 07:12    199680    ----a-w-    c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 07:12    92160    ----a-w-    c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 07:12    501248    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 07:12    62464    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 07:12    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 07:12    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 07:12    316928    ----a-w-    c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 07:12    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 07:12    718848    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 07:12    800768    ----a-w-    c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 07:12    1359360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 07:12    2125312    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 07:12    14412800    ----a-w-    c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 07:12    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 07:12    4299264    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 07:12    2358272    ----a-w-    c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 07:12    2052096    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 07:12    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 07:12    1548288    ----a-w-    c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 07:12    800768    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 07:12    1888256    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-11-21 04:14 . 2014-09-16 16:15    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 04:14 . 2014-09-16 16:15    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 04:14 . 2014-09-16 16:15    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-17 22:18 . 2014-11-18 16:03    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2014-11-17 22:18 . 2014-11-18 16:03    197408    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2014-11-17 22:18 . 2014-09-02 15:30    1538880    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2014-11-13 00:20 . 2014-11-18 16:03    964928    ----a-w-    c:\windows\system32\NvIFR64.dll
2014-11-13 00:20 . 2014-11-18 16:03    935240    ----a-w-    c:\windows\system32\NvFBC64.dll
2014-11-13 00:20 . 2014-11-18 16:03    923792    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2014-11-13 00:20 . 2014-11-18 16:03    900928    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2014-11-13 00:20 . 2014-11-18 16:03    500880    ----a-w-    c:\windows\system32\nvEncodeAPI64.dll
2014-11-13 00:20 . 2014-11-18 16:03    451216    ----a-w-    c:\windows\system32\drivers\nvstusb.sys
2014-11-13 00:20 . 2014-11-18 16:03    4292416    ----a-w-    c:\windows\system32\nvcuvid.dll
2014-11-13 00:20 . 2014-11-18 16:03    418112    ----a-w-    c:\windows\SysWow64\nvEncodeAPI.dll
2014-11-13 00:20 . 2014-11-18 16:03    4011208    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2014-11-13 00:20 . 2014-11-18 16:03    393024    ----a-w-    c:\windows\system32\NvIFROpenGL.dll
2014-11-13 00:20 . 2014-11-18 16:03    348304    ----a-w-    c:\windows\SysWow64\NvIFROpenGL.dll
2014-11-13 00:20 . 2014-11-18 16:03    31893136    ----a-w-    c:\windows\system32\nvoglv64.dll
2014-11-13 00:20 . 2014-11-18 16:03    2874456    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-11-13 00:20 . 2014-11-18 16:03    24557712    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2014-11-13 00:20 . 2014-11-18 16:03    20922512    ----a-w-    c:\windows\system32\nvcompiler.dll
2014-11-13 00:20 . 2014-11-18 16:03    19966344    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-11-13 00:20 . 2014-11-18 16:03    1876296    ----a-w-    c:\windows\system32\nvdispco6434475.dll
2014-11-13 00:20 . 2014-11-18 16:03    17259664    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2014-11-13 00:20 . 2014-11-18 16:03    1540424    ----a-w-    c:\windows\system32\nvdispgenco6434475.dll
2014-11-13 00:20 . 2014-11-18 16:03    14032984    ----a-w-    c:\windows\system32\nvopencl.dll
2014-11-13 00:20 . 2014-11-18 16:03    13944952    ----a-w-    c:\windows\system32\nvcuda.dll
2014-11-13 00:20 . 2014-11-18 16:03    13213512    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2014-11-13 00:20 . 2014-11-18 16:03    11397744    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2014-11-13 00:20 . 2014-11-18 16:03    11336432    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2014-11-13 00:20 . 2014-09-02 15:31    74056    ----a-w-    c:\windows\system32\OpenCL.dll
2014-11-13 00:20 . 2014-09-02 15:31    59592    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-11-13 00:20 . 2014-09-02 15:30    3262784    ----a-w-    c:\windows\system32\nvapi64.dll
2014-11-13 00:20 . 2014-09-02 15:30    20986592    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-11-13 00:20 . 2014-09-02 15:30    18514616    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-11-13 00:20 . 2014-09-02 15:30    16884632    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-11-13 00:20 . 2014-09-02 15:30    1540424    ----a-w-    c:\windows\system32\nvir3dgenco64.dll
2014-11-12 21:56 . 2014-09-02 15:32    6897352    ----a-w-    c:\windows\system32\nvcpl.dll
2014-11-12 21:56 . 2014-09-02 15:32    3534152    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-11-12 21:56 . 2014-09-02 15:32    934032    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-11-12 21:56 . 2014-09-02 15:32    62608    ----a-w-    c:\windows\system32\nvshext.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\neto\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Spotify Web Helper"="c:\users\Alienware\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-06 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-12-01 1636208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 Origin Client Service;Origin Client Service;c:\neto\Origin\OriginClientService.exe;c:\neto\Origin\OriginClientService.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\neto\MSI Afterburner\RTCore64.sys;c:\neto\MSI Afterburner\RTCore64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R4 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [x]
S2 CtHdaSvc;Sound Core3D Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\neto\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\neto\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\neto\Malwarebytes Anti-Malware\mbamservice.exe;c:\neto\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 cthda;Sound Core3D(CtHda.sys);c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-19 20:01    1087816    ----a-w-    c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-14 15:22]
.
2015-01-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-TERRA1-Alienware.job
- c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2014-03-02 03:10]
.
2015-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 21:15]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Alienware\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2014-09-11 16:11    3140096    ----a-w-    c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-12-22 14:28    776520    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-12-22 14:28    776520    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-12-22 14:28    776520    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-12-22 14:28    776520    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-12-22 14:28    776520    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-06-15 12656]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-08-23 4805936]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: dell.com
TCP: DhcpNameServer = 88.223.0.1 88.222.0.1
FF - ProfilePath - c:\users\Alienware\AppData\Roaming\Mozilla\Firefox\Profiles\hk8nrqfi.default-1381092860934\
FF - prefs.js: network.proxy.http - 177.234.12.202
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{869A65AF-221D-4D60-841D-C5D8A231680A} - c:\users\Alienware\AppData\Local\{D3597CE0-1AC3-46BE-B855-3565CF5B0E91}\WiFiPrivacyInstallation.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-193931360-3802640553-4084731090-1000\Software\SecuROM\License information*]
"datasecu"=hex:4d,86,b6,70,25,8b,29,c0,e3,87,4d,73,91,69,08,05,1f,b0,61,05,5e,
   3c,35,f8,b5,f4,e8,49,89,3a,4f,40,b4,e7,49,c0,fb,f5,1b,47,43,f3,3f,07,d5,41,\
"rkeysecu"=hex:a3,4d,c3,33,dd,a4,ed,61,89,39,a2,2f,9f,b7,29,d1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
.
**************************************************************************
.
Completion time: 2015-01-20  20:19:15 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-20 18:19
.
Pre-Run: 211.578.322.944 bytes free
Post-Run: 211.437.686.784 bytes free
.
- - End Of File - - CD90CA3E382F2CC29F85435EFF4071C9
 

 

=================================================================================================

 

And from RogueKiller :

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alienware [Administrator]
Mode : Scan -- Date : 01/20/2015  20:27:59

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 23 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider | (default) : {FC9D8189-520A-4417-AED7-9EAC810C6FBA}  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-193931360-3802640553-4084731090-1000\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-193931360-3802640553-4084731090-1000\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 88.223.0.1 88.222.0.1 [(Unknown Country?) (XX)][LITHUANIA (LT)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 88.223.0.1 88.222.0.1 [(Unknown Country?) (XX)][LITHUANIA (LT)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 88.223.0.1 88.222.0.1 [(Unknown Country?) (XX)][LITHUANIA (LT)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{077D3E22-B31A-4E86-86A9-7DD2AD9A2508} | DhcpNameServer : 88.223.0.1 88.222.0.1 [(Unknown Country?) (XX)][LITHUANIA (LT)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{077D3E22-B31A-4E86-86A9-7DD2AD9A2508} | DhcpNameServer : 88.223.0.1 88.222.0.1 [(Unknown Country?) (XX)][LITHUANIA (LT)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{077D3E22-B31A-4E86-86A9-7DD2AD9A2508} | DhcpNameServer : 88.223.0.1 88.222.0.1 [(Unknown Country?) (XX)][LITHUANIA (LT)]  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] hk8nrqfi.default-1381092860934 : user_pref("network.proxy.http", "177.234.12.202"); -> Found
[PUM.Proxy][FIREFX:Config] hk8nrqfi.default-1381092860934 : user_pref("network.proxy.http_port", 3128); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Intel Raid 0 Volume SCSI Disk Device +++++
--- User ---
[MBR] 09e2a196345e073080d7e14035559051
[BSP] 6fcc275b2da1ae5ae986a9ae1af55b04 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953773 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:56 PM

Posted 20 January 2015 - 03:25 PM

Very good. Can you tell me if you set these Proxy settings? The IP address returns to a Mexico location. You are in Lithuania, correct?
 

FF - prefs.js: network.proxy.http - 177.234.12.202
FF - prefs.js: network.proxy.http_port - 3128


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users