TechSpot

PC runs slow unit.exe with high CPU usage

Solved
By spoocter
Mar 17, 2014
  1. Hello,
    recently my pc has been jamming up and it starts to run very slow. I managed to open Task manager and I saw that unit.exe has a high CPU usage. Otherwise when I press ctrl alt del I get an error message, saying that security options cannot be loaded.
    My problem is similar to this guys problem - http://www.techspot.com/community/topics/my-dads-pc-is-infected-by-unit-virus-unit-exe.188831/
    I followed what the guy was told and did a Combo fix scan and a Rogue Killer scan. Both scans in Safe mode without networking.
    Ad-Aware keeps finding Tracking Cookies in roaming/Internet Explorer/ and I keep deleting them.
    Here is a log from Combo fix:
    Code:
    ComboFix 14-03-16.01 - Bogdan 17.03.2014  15:07:02.5.4 - x64 MINIMAL
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3948.2459 [GMT 1:00]
    running from:: c:\users\Bogdan\scan\ComboFix.exe
    AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
    SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Neuer Wiederherstellungspunkt wurde erstellt
    .
    .
    (((((((((((((((((((((((   Files Created from 2014-02-17 to 2014-03-17  ))))))))))))))))))))))))))))))
    .
    .
    2014-03-17 14:16 . 2014-03-17 14:16    --------    d-----w-    c:\users\user\AppData\Local\temp
    2014-03-17 13:51 . 2014-03-17 13:54    --------    d-----w-    c:\users\Bogdan\scan
    2014-03-17 13:40 . 2014-02-06 09:01    10536864    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9BE75D2C-7088-4453-BE0E-A4423369FC48}\mpengine.dll
    2014-03-16 03:05 . 2014-02-06 09:01    10536864    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-03-14 23:24 . 2014-02-20 13:33    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC8665F7-2B7F-43D5-832C-B63A62A2FFE1}\gapaengine.dll
    2014-03-13 23:08 . 2014-03-13 23:08    0    ----a-w-    c:\windows\SysWow64\shoC44D.tmp
    2014-03-10 09:08 . 2014-03-10 09:08    --------    d-----w-    c:\programdata\Oracle
    2014-03-10 09:08 . 2013-12-18 20:09    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-02-28 09:21 . 2014-02-28 09:21    --------    d-----w-    c:\program files (x86)\Common Files\COMODO
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-12 09:48 . 2012-05-15 12:51    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-12 09:48 . 2011-10-14 03:49    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-20 13:33 . 2013-03-12 11:44    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-02-09 13:20 . 2014-02-09 13:20    0    ----a-w-    c:\windows\SysWow64\sho2AFE.tmp
    2014-01-19 07:33 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))
    .
    .*Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2012-09-20 20:06    87448    ----a-w-    c:\program files (x86)\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2007-05-18 23423528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
    "Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
    "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
    "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
    "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-07-23 606056]
    "tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-02-27 2327248]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Start GeekBuddy.lnk - c:\program files (x86)\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2014-2-27 49360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "Norton Online Backup"=c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    .
    R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
    R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
    R1 MpKsl4860f61b;MpKsl4860f61b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A08C7E61-F13F-4678-AB2A-6A54E8E4725C}\MpKsl4860f61b.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A08C7E61-F13F-4678-AB2A-6A54E8E4725C}\MpKsl4860f61b.sys [x]
    R2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
    R2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
    R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
    R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
    R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
    R2 lmgrd;Flexlm;c:\orcad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe;c:\orcad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
    R2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
    R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
    R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
    R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    R3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    
    R3 NisSrv;Microsoft-Networkinspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
    R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
    S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
    S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    S3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
    S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 09:48]
    .
    2014-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2014414143-318086852-356521060-1001Core.job
    - c:\users\Bogdan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 20:48]
    .
    2014-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2014414143-318086852-356521060-1001UA.job
    - c:\users\Bogdan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 20:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan  -------
    .
    uStart Page = hxxp://acer.msn.com
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = 178.254.251.39:8888
    TCP: DhcpNameServer = 80.69.100.110 80.69.100.214
    TCP: Interfaces\{3B7F2F84-982A-49EA-9368-45FB5BC144D9}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\0527564747970264C6970264F62702140275966496: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\0527564747970264C6970264F62702160275966496: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\14C4943454D275C414E40353: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\849444540295F402B494443502849444540295F40275C414E4: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\D4C6164656E6: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\5t5tpkr4.default\
    .
    .
    ------- File type association -------
    .
    .scr does not exist!
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    --------------------- Blocked Registry entries ---------------------
    .
    [HKEY_USERS\S-1-5-21-2014414143-318086852-356521060-1001\Software\SecuROM\License information*]
    "datasecu"=hex:19,13,4f,6b,72,bd,89,d2,f3,5b,ea,db,c4,e6,29,aa,74,21,d9,8d,b3,
       39,a1,d3,99,38,5d,32,33,87,71,d5,67,e9,16,2d,fd,8a,12,4f,1a,b6,19,6a,1e,82,\
    "rkeysecu"=hex:21,ec,47,6e,07,05,dd,4d,c3,fb,b8,c5,7e,a7,5c,1e
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Zeit der Fertigstellung: 2014-03-17  15:19:17
    ComboFix-quarantined-files.txt  2014-03-17 14:19
    ComboFix2.txt  2013-02-19 02:53
    .
    Vor Suchlauf: 21 Verzeichnis(se), 456.237.936.640 Bytes frei
    Nach Suchlauf: 23 Verzeichnis(se), 455.941.873.664 Bytes frei
    .
    - - End Of File - - B9CFA9FBB79A1B7C26DA767338F4820D
    

    And a Rogue Killer log

    Code:
    RogueKiller V8.8.11 _x64_ [Mar 14 2014] durch Adlice Software
    mail : http://www.adlice.com/contact/
    Kommentare : http://forum.adlice.com
    Webseite : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    OS : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User : Bogdan [Admin Rights]
    Mode : Scan -- Date : 03/17/2014 15:31:36
    | ARK || FAK || MBR |
    
    ¤¤¤ Bad Processes : 0 ¤¤¤
    
    ¤¤¤ Registry Entries : 11 ¤¤¤
    [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (178.254.251.39:8888 [Country: , City: ]) -> FOUND
    [DNS][PUM] HKLM\[...]\CCSet\[...]\{3B7F2F84-982A-49EA-9368-45FB5BC144D9} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS][PUM] HKLM\[...]\CCSet\[...]\{91D87618-5F1F-4D11-90A2-B15D7ED38768} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS][PUM] HKLM\[...]\CS001\[...]\{3B7F2F84-982A-49EA-9368-45FB5BC144D9} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS][PUM] HKLM\[...]\CS001\[...]\{91D87618-5F1F-4D11-90A2-B15D7ED38768} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS][PUM] HKLM\[...]\CS002\[...]\{3B7F2F84-982A-49EA-9368-45FB5BC144D9} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS][PUM] HKLM\[...]\CS002\[...]\{91D87618-5F1F-4D11-90A2-B15D7ED38768} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    
    ¤¤¤ Planned Tasks : 0 ¤¤¤
    
    ¤¤¤ Autostart-Entries : 0 ¤¤¤
    
    ¤¤¤ Web-Browsers : 0 ¤¤¤
    
    ¤¤¤ Browser Addons : 0 ¤¤¤
    
    ¤¤¤ Particular Files / Folders: ¤¤¤
    
    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    
    ¤¤¤ External Hives: ¤¤¤
    
    ¤¤¤ Infection :  ¤¤¤
    
    ¤¤¤ Hosts: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts
    
    
    127.0.0.1       localhost
    
    
    ¤¤¤ MBR Check: ¤¤¤
    
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD7500BPVT-22HXZT1 +++++
    --- User ---
    [MBR] 020df4439df62d5daf3c3735c1e1d988
    [BSP] 2cbd8c022c9342ee9bcffa68787e2e22 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 696870 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    
    Finished : << RKreport[0]_S_03172014_153136.txt >>
    
    
    
    
    After few restarts computer is still jamming up with high ressources. Can you please help me?
     
  2. spoocter

    spoocter TS Rookie Topic Starter

    Edit: Tracking cookies are foung in C:\Users\Bogdan\appdata\roaming\microsoft\windows\cookies
     
  3. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    Do NOT wrap your logs in "code" brackets.
     
  4. spoocter

    spoocter TS Rookie Topic Starter

    As said here is MBAM.log

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.18.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    Bogdan :: BOGDAN-PC [administrator]

    18.03.2014 10:25:51
    mbam-log-2014-03-18 (10-25-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 306006
    Time elapsed: 9 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0M1S2T1G2T1Q1W1O2V1LtGtAtI0L -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    DDS.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.51.2
    Run by Bogdan at 10:38:45 on 2014-03-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3948.1209 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
    SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Logitech Gaming Software\LCore.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe
    C:\Dolby PCEE4\pcee4.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\PROGRA~2\AD-AWA~1\AdAware.exe
    C:\Program Files (x86)\COMODO\GeekBuddy\unit.exe
    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskeng.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://acer.msn.com
    uProxyServer = 178.254.251.39:8888
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: NameServer = 80.69.100.110 80.69.100.214
    TCP: Interfaces\{3B7F2F84-982A-49EA-9368-45FB5BC144D9} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768} : DHCPNameServer = 80.69.100.110 80.69.100.214
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\0527564747970264C6970264F62702140275966496 : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\0527564747970264C6970264F62702140275966496 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\0527564747970264C6970264F62702160275966496 : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\0527564747970264C6970264F62702160275966496 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\14C4943454D275C414E40353 : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\14C4943454D275C414E40353 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\849444540295F402B494443502849444540295F40275C414E4 : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\849444540295F402B494443502849444540295F40275C414E4 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\D4C6164656E6 : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\D4C6164656E6 : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
    x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
    x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\5t5tpkr4.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-9-15 30496]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 577824]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 43248]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-28 283200]
    R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-7-24 41704]
    R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-10-23 57976]
    R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-9-20 1236368]
    R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-2-27 70352]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-10-14 353360]
    R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-12-3 872552]
    R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-2-27 2327248]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-14 13592]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-10-14 255376]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
    R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-4-18 625304]
    R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
    R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-14 2656280]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
    R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-5-16 51240]
    R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-5-6 86056]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-12 138024]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-1-28 169752]
    R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-13 342528]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-10 425000]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-1 25928]
    R3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
    R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2013-7-10 33464]
    R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-7-10 137400]
    R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2013-7-10 30904]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-5-8 11856]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe --> C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [?]
    S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [?]
    S2 lmgrd;Flexlm;"C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe" --> C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe [?]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-18 701512]
    S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2013-5-22 12672]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-27 19456]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-13 31800]
    S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-10-23 60536]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-27 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-27 30208]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== File Associations ===============
    .
    .scr: <filetype is not registered>
    .
    =============== Created Last 30 ================
    .
    2014-03-17 14:19:21 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-03-17 14:04:59 98816 ----a-w- C:\Windows\sed.exe
    2014-03-17 14:04:59 256000 ----a-w- C:\Windows\PEV.exe
    2014-03-17 14:04:59 208896 ----a-w- C:\Windows\MBR.exe
    2014-03-17 13:51:20 -------- d-----w- C:\Users\Bogdan\scan
    2014-03-17 13:40:34 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BE75D2C-7088-4453-BE0E-A4423369FC48}\mpengine.dll
    2014-03-16 03:05:34 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-03-14 23:24:15 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC8665F7-2B7F-43D5-832C-B63A62A2FFE1}\gapaengine.dll
    2014-03-13 23:08:17 0 ----a-w- C:\Windows\SysWow64\shoC44D.tmp
    2014-03-10 09:08:48 -------- d-----w- C:\ProgramData\Oracle
    2014-03-10 09:08:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-02-28 09:21:02 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
    .
    ==================== Find3M ====================
    .
    2014-03-12 09:48:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-12 09:48:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-02-09 13:20:52 0 ----a-w- C:\Windows\SysWow64\sho2AFE.tmp
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 10:40:17.55 ===============




    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 05.05.2012 10:34:07
    System Uptime: 18.03.2014 10:21:00 (0 hours ago)
    .
    Motherboard: Acer | | JE50_HR
    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU1 | 2501/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 681 GiB total, 424.712 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl4860f61b
    Device ID: ROOT\LEGACY_MPKSL4860F61B\0000
    Manufacturer:
    Name: MpKsl4860f61b
    PNP Device ID: ROOT\LEGACY_MPKSL4860F61B\0000
    Service: MpKsl4860f61b
    .
    ==== System Restore Points ===================
    .
    RP307: 02.03.2014 17:31:08 - Windows Update
    RP308: 06.03.2014 17:27:18 - Windows Update
    RP309: 10.03.2014 10:06:05 - Installed Java 7 Update 51
    RP310: 10.03.2014 14:21:58 - Windows Update
    RP311: 15.03.2014 00:20:47 - Windows Update
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
    7-Zip 9.20
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Ad-Aware Antivirus
    Ad-Aware Security Add-on
    Adobe AIR
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader X (10.1.9) MUI
    Adobe Shockwave Player 11.6
    AIDA64 Extreme Edition v1.50
    ASIO4ALL
    µTorrent
    Audacity 2.0.5
    Backup Manager V3
    Battlefield Play4Free
    Broadcom Card Reader Driver Installer
    Broadcom NetLink Controller
    CADopia IntelliCAD 4
    clear.fi
    clear.fi Client
    COMODO Internet Security
    Cool Edit Pro 2.1
    Counter-Strike: Global Offensive
    Counter-Strike: Global Offensive - SDK
    Crystal XI
    Crystal10
    D3DX10
    DAEMON Tools Lite
    DayZ
    Diablo III Public Test
    DivX-Setup
    Dolby Advanced Audio v2
    Don't Starve
    Dota 2
    eBay Worldwide
    ETDWare PS/2-X64 8.0.6.0_WHQL
    Far Cry 3
    ffdshow v1.3.4500 [2013-01-06]
    FL Studio 10
    Fotogalerija Windows Live
    Full Tilt Poker.Eu
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galeria fotogràfica del Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    GCFScape 1.8.4
    GeekBuddy
    Google Chrome
    Grand Theft Auto IV
    GtkRadiant 1.5.0
    Guitar Pro 6
    HiJackThis
    Identity Card
    IL Download Manager
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Java 7 Update 51
    Java Auto Updater
    Java(TM) 6 Update 32
    Junk Mail filter update
    Launch Manager
    Logitech Gaming Software
    Logitech Gaming Software 8.50
    Mafia II
    Malwarebytes Anti-Malware version 1.75.0.1300
    Mesh Runtime
    Metro 2033
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile DEU Language Pack
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Help Viewer 1.0
    Microsoft Office 2010
    Microsoft Office Klick-und-Los 2010
    Microsoft Office Starter 2010 - Deutsch
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server System CLR Types
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    MIDI-OX
    Minecraft 1.6.2
    mIRC
    Mozilla Firefox 15.0.1 (x86 de)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Native Instruments Massive
    Norton Online Backup
    NTI Media Maker 9
    NVIDIA Grafiktreiber 320.49
    NVIDIA Install Application
    NVIDIA Optimus 4.11.9
    NVIDIA PhysX
    NVIDIA PhysX-Systemsoftware 9.13.0604
    NVIDIA Systemsteuerung 320.49
    NVIDIA Update Components
    Ohm Force - Ohmicide VST
    Pandora Service
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    PokerStars
    Pošta Windows Live
    Proteus 7 Demonstration
    Quake Live Mozilla Plugin
    Raccolta foto di Windows Live
    Razer Synapse 2.0
    Revo Uninstaller Pro 3.0.7
    S?????? f?t???af??? t?? Windows Live
    Scope
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Sid Meier's Civilization V
    Skype Click to Call
    Skype™ 3.2
    StarCraft II
    Steam
    swMSM
    System Requirements Lab CYRI
    System Requirements Lab for Intel
    System Requirements Lab Test
    The KMPlayer (remove only)
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
    Uplay
    Valve Hammer Editor
    VC80CRTRedist - 8.0.50727.6195
    VirtualDJ PRO Full
    Winamp
    Winamp Detector Plug-in
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    Windows Resource Kit Tools
    WinRAR 4.11 (64-bit)
    WinZip
    WSC Real 09
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    [​IMG] You're running two AV programs, MSE and Lavasoft and two firewalls, Comodo and Lavasoft.
    You must uninstall one AV program and one firewall.
    I suggest Lavasoft goes.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  6. spoocter

    spoocter TS Rookie Topic Starter

    Rogue Killer 1 Log

    RogueKiller V8.8.11 [Mar 14 2014] durch Adlice Software
    mail : http://www.adlice.com/contact/
    Kommentare : http://forum.adlice.com
    Webseite : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestartet in : Normaler Modus
    Benutzer : Bogdan [Admin Rechte]
    Funktion : Entfernen -- Datum : 03/19/2014 00:46:14
    | ARK || FAK || MBR |

    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤

    ¤¤¤ Registry entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : adawarebp_DATA_FOLDER (cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q [x][-]) -> deleted
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : adawarebp_INSTALL_FOLDER (cmd.exe /c rmdir "C:\Users\Bogdan\AppData\Local\adawarebp" /s /q [x][-]) -> deleted
    [RUN][SUSP PATH] HKUS\S-1-5-21-2014414143-318086852-356521060-1001\[...]\RunOnce : adawarebp_DATA_FOLDER (cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q [x][-]) -> [0x2] Not found.
    [RUN][SUSP PATH] HKUS\S-1-5-21-2014414143-318086852-356521060-1001\[...]\RunOnce : adawarebp_INSTALL_FOLDER (cmd.exe /c rmdir "C:\Users\Bogdan\AppData\Local\adawarebp" /s /q [x][-]) -> [0x2] Not found.
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Replaced (0)
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Replaced (0)

    ¤¤¤ Geplante Tasks : 0 ¤¤¤

    ¤¤¤ Autostart-Einträge : 0 ¤¤¤

    ¤¤¤ Web-Browsern : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

    ¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

    ¤¤¤ Externe Hives: ¤¤¤

    ¤¤¤ Infektion : ¤¤¤

    ¤¤¤ Hosts-Datei: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR überprüfen: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD7500BPVT-22HXZT1 +++++
    --- User ---
    [MBR] 020df4439df62d5daf3c3735c1e1d988
    [BSP] 2cbd8c022c9342ee9bcffa68787e2e22 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 696870 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Abgeschlossen : << RKreport[0]_D_03192014_004614.txt >>
    RKreport[0]_D_03172014_153406.txt;RKreport[0]_H_03192014_004609.txt;RKreport[0]_S_03172014_153136.txt
    RKreport[0]_S_03172014_153603.txt;RKreport[0]_S_03192014_004507.txt



    Log 2



    RogueKiller V8.8.11 [Mar 14 2014] durch Adlice Software
    mail : http://www.adlice.com/contact/
    Kommentare : http://forum.adlice.com
    Webseite : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestartet in : Normaler Modus
    Benutzer : Bogdan [Admin Rechte]
    Funktion : Reparierte Proxy-Einstellungen -- Datum : 03/19/2014 00:45:56
    | ARK || FAK || MBR |

    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (178.254.251.39:8888 [Country: (Unknown Country?) (XX), City: (Unknown City?)]) -> Deleted

    ¤¤¤ Web-Browsern : 0 ¤¤¤

    ¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

    ¤¤¤ Externe Hives: ¤¤¤

    ¤¤¤ Infektion : ¤¤¤

    Abgeschlossen : << RKreport[0]_PR_03192014_004556.txt >>
    RKreport[0]_D_03172014_153406.txt;RKreport[0]_S_03172014_153136.txt;RKreport[0]_S_03172014_153603.txt
    RKreport[0]_S_03192014_004507.txt



    Log 3



    RogueKiller V8.8.11 [Mar 14 2014] durch Adlice Software
    mail : http://www.adlice.com/contact/
    Kommentare : http://forum.adlice.com
    Webseite : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestartet in : Normaler Modus
    Benutzer : Bogdan [Admin Rechte]
    Funktion : Reparierte DNS-Einstellungen -- Datum : 03/19/2014 00:45:47
    | ARK || FAK || MBR |

    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤

    ¤¤¤ Registry entries : 6 ¤¤¤
    [DNS][PUM] HKLM\[...]\CCSet\[...]\{3B7F2F84-982A-49EA-9368-45FB5BC144D9} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> Replaced ()
    [DNS][PUM] HKLM\[...]\CCSet\[...]\{91D87618-5F1F-4D11-90A2-B15D7ED38768} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> Replaced ()
    [DNS][PUM] HKLM\[...]\CS001\[...]\{3B7F2F84-982A-49EA-9368-45FB5BC144D9} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> Replaced ()
    [DNS][PUM] HKLM\[...]\CS001\[...]\{91D87618-5F1F-4D11-90A2-B15D7ED38768} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> Replaced ()
    [DNS][PUM] HKLM\[...]\CS002\[...]\{3B7F2F84-982A-49EA-9368-45FB5BC144D9} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> Replaced ()
    [DNS][PUM] HKLM\[...]\CS002\[...]\{91D87618-5F1F-4D11-90A2-B15D7ED38768} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> Replaced ()

    ¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

    ¤¤¤ Externe Hives: ¤¤¤

    ¤¤¤ Infektion : ¤¤¤

    Abgeschlossen : << RKreport[0]_DN_03192014_004547.txt >>
    RKreport[0]_D_03172014_153406.txt;RKreport[0]_S_03172014_153136.txt;RKreport[0]_S_03172014_153603.txt
    RKreport[0]_S_03192014_004507.txt






    MBAR.log


    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.03.18.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    Bogdan :: BOGDAN-PC [administrator]

    19.03.2014 00:56:30
    mbar-log-2014-03-19 (00-56-30).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
    Objects scanned: 334074
    Time elapsed: 28 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)




    system.log





    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16721

    Java version: 1.6.0_32

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.494000 GHz
    Memory total: 4139630592, free: 1428590592

    Downloaded database version: v2014.03.18.10
    Downloaded database version: v2014.02.20.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    03/19/2014 00:56:24
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\sptd.sys
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\nvpciflt.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\DRIVERS\cmdguard.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\hssdrv6.sys
    \SystemRoot\system32\DRIVERS\inspect.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\bScsiSDa.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\bScsiMSa.sys
    \SystemRoot\system32\DRIVERS\b57xdbd.sys
    \SystemRoot\system32\DRIVERS\bcmwl664.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\ETD.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\CmBatt.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\System32\Drivers\atlwarwq.SYS
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\taphss.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\LGBusEnum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\b57xdmp.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\rzdaendpt.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\rzudd.sys
    \SystemRoot\system32\DRIVERS\rzvkeyboard.sys
    \SystemRoot\System32\drivers\mshidkmdf.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\TurboB.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
    \SystemRoot\system32\drivers\LGVirHid.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\clbcatq.dll
    \Windows\System32\lpk.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\msctf.dll
    \Windows\System32\nsi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\shell32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80075c5060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa80050fe050
    Lower Device Driver Name: \Driver\iaStor\
    IRP handler 0 of \Driver\iaStor is hooked
    IRP handler 2 of \Driver\iaStor is hooked
    IRP handler 14 of \Driver\iaStor is hooked
    IRP handler 15 of \Driver\iaStor is hooked
    IRP handler 16 of \Driver\iaStor is hooked
    IRP handler 22 of \Driver\iaStor is hooked
    IRP handler 23 of \Driver\iaStor is hooked
    IRP handler 27 of \Driver\iaStor is hooked
    Unhooking enabled.
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80075c5060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa80050fe050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80075c5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80075c5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80075c5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80050fe050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00c38b550, 0xfffffa80075c5060, 0xfffffa8004766790
    Lower DeviceData: 0xfffff8a003c48880, 0xfffffa80050fe050, 0xfffffa800a3f3820
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4250938A

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 37748736

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 37750784 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 37955584 Numsec = 1427189760

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-37750784-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16721

    Java version: 1.6.0_32

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.494000 GHz
    Memory total: 4139630592, free: 1618366464

    =======================================


    Can I ask what those us ph proxies are?
     
  7. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    If you're not familiar with them, most likely added by some malware.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. spoocter

    spoocter TS Rookie Topic Starter

    Combofix ran fine, I didnt have to run rkill


    ComboFix 14-03-19.01 - Bogdan 19.03.2014 16:33:45.6.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3948.1974 [GMT 1:00]
    ausgeführt von:: c:\users\Bogdan\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((( Files created von 2014-02-19 bis 2014-03-19 ))))))))))))))))))))))))))))))
    .
    .
    2014-03-19 15:46 . 2014-03-19 15:46 -------- d-----w- c:\users\user\AppData\Local\temp
    2014-03-19 15:46 . 2014-03-19 15:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-03-19 15:46 . 2014-03-19 15:46 -------- d-----w- c:\users\UpdatusUser.Bogdan-PC\AppData\Local\temp
    2014-03-19 15:46 . 2014-03-19 15:46 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-03-19 15:46 . 2014-03-19 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-03-19 13:15 . 2014-03-19 13:27 -------- d-----w- c:\program files (x86)\PokerStove
    2014-03-18 23:56 . 2014-03-19 00:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-03-18 23:56 . 2014-03-18 23:56 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-03-18 23:55 . 2014-03-19 00:27 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-03-18 16:30 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{358DBE4A-CDD3-47BE-AE21-16C44AE2858D}\mpengine.dll
    2014-03-17 13:51 . 2014-03-18 09:38 -------- d-----w- c:\users\Bogdan\scan
    2014-03-17 13:40 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-03-14 23:24 . 2014-02-20 13:33 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC8665F7-2B7F-43D5-832C-B63A62A2FFE1}\gapaengine.dll
    2014-03-13 23:08 . 2014-03-13 23:08 0 ----a-w- c:\windows\SysWow64\shoC44D.tmp
    2014-03-10 09:08 . 2014-03-10 09:08 -------- d-----w- c:\programdata\Oracle
    2014-03-10 09:08 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-02-28 09:21 . 2014-02-28 09:21 -------- d-----w- c:\program files (x86)\Common Files\COMODO
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M report ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-12 09:48 . 2012-05-15 12:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-12 09:48 . 2011-10-14 03:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-20 13:33 . 2013-03-12 11:44 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-02-09 13:20 . 2014-02-09 13:20 0 ----a-w- c:\windows\SysWow64\sho2AFE.tmp
    2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    (((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2007-05-18 23423528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
    "Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
    "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
    "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
    "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-07-23 606056]
    "tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-02-27 2327248]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Start GeekBuddy.lnk - c:\program files (x86)\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2014-2-27 49360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "Norton Online Backup"=c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    .
    R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
    R1 MpKsl4860f61b;MpKsl4860f61b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A08C7E61-F13F-4678-AB2A-6A54E8E4725C}\MpKsl4860f61b.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A08C7E61-F13F-4678-AB2A-6A54E8E4725C}\MpKsl4860f61b.sys [x]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
    R2 lmgrd;Flexlm;c:\orcad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe;c:\orcad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
    S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
    S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
    S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
    S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
    S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
    S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
    S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 09:48]
    .
    2014-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2014414143-318086852-356521060-1001Core.job
    - c:\users\Bogdan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 20:48]
    .
    2014-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2014414143-318086852-356521060-1001UA.job
    - c:\users\Bogdan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 20:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://acer.msn.com
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 80.69.100.110 80.69.100.214
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\0527564747970264C6970264F62702140275966496: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\0527564747970264C6970264F62702160275966496: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\14C4943454D275C414E40353: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\849444540295F402B494443502849444540295F40275C414E4: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}\D4C6164656E6: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\5t5tpkr4.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    .
    .
    ------- shortcut -------
    .
    .scr does not exist!
    .
    - - - - removed orphans - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
    HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe
    .
    .
    .
    --------------------- Blocked Registry entries ---------------------
    .
    [HKEY_USERS\S-1-5-21-2014414143-318086852-356521060-1001\Software\SecuROM\License information*]
    "datasecu"=hex:19,13,4f,6b,72,bd,89,d2,f3,5b,ea,db,c4,e6,29,aa,74,21,d9,8d,b3,
    39,a1,d3,99,38,5d,32,33,87,71,d5,67,e9,16,2d,fd,8a,12,4f,1a,b6,19,6a,1e,82,\
    "rkeysecu"=hex:21,ec,47,6e,07,05,dd,4d,c3,fb,b8,c5,7e,a7,5c,1e
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Zeit der Fertigstellung: 2014-03-19 17:00:50
    ComboFix-quarantined-files.txt 2014-03-19 16:00
    ComboFix2.txt 2014-03-17 14:19
    ComboFix3.txt 2013-02-19 02:53
    .
    Vor Suchlauf: 22 Verzeichnis(se), 457.896.562.688 Bytes frei
    Nach Suchlauf: 23 Verzeichnis(se), 457.739.100.160 Bytes frei
    .
    - - End Of File - - D0C32D7EF5570873801348206F3DF546
     
  9. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. spoocter

    spoocter TS Rookie Topic Starter

    AdwCleaner log

    # AdwCleaner v3.022 - Bericht erstellt am 21/03/2014 um 13:34:19
    # Aktualisiert 13/03/2014 von Xplode
    # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Benutzername : Bogdan - BOGDAN-PC
    # Gestartet von : C:\Users\Bogdan\Desktop\adwcleaner.exe
    # Option : Löschen

    ***** [ Dienste ] *****

    Dienst Gelöscht : hshld
    [#] Dienst Gelöscht : HssSrv
    [#] Dienst Gelöscht : hsstrayservice
    [#] Dienst Gelöscht : hsswd

    ***** [ Files / Folders ] *****

    Ordner Gelöscht : C:\ProgramData\hotspot shield
    Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
    Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
    Ordner Gelöscht : C:\Users\Bogdan\AppData\LocalLow\boost_interprocess

    ***** [ Verknüpfungen ] *****


    ***** [ Registry ] *****

    Key deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
    Key deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
    Key deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
    Key deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
    Key deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Value deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
    Key deleted : HKCU\Software\APN PIP
    Key deleted : HKCU\Software\Conduit
    Key deleted : HKLM\Software\Conduit
    Key deleted : HKLM\Software\hotspotshield
    Key deleted : HKLM\Software\PIP

    ***** [ Browser ] *****

    -\\ Internet Explorer v10.0.9200.16720


    -\\ Mozilla Firefox v15.0.1 (de)

    [ Datei : C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\5t5tpkr4.default\prefs.js ]


    -\\ Google Chrome v

    [ Datei : C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3556 octets] - [21/03/2014 13:31:32]
    AdwCleaner[S0].txt - [3259 octets] - [21/03/2014 13:34:19]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3319 octets] ##########



    JRT found a infected module and rebooted my pc. After finishing the scan here is the log.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Bogdan on 21.03.2014 at 13:48:01.60
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



    ~~~ Files

    Successfully deleted: [File] C:\Windows\syswow64\sho2AFE.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho570F.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho594F.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho5DE5.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho693A.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho77A5.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho9138.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoC44D.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoD679.tmp



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Bogdan\appdata\local\adawarebp"
    Successfully deleted: [Empty Folder] C:\Users\Bogdan\appdata\local\{5F85E9A0-EAE6-4F8A-BE22-F8D0E540E97C}
    Successfully deleted: [Empty Folder] C:\Users\Bogdan\appdata\local\{6982F9D1-30EB-4462-9D4A-4B75091D53FF}
    Successfully deleted: [Empty Folder] C:\Users\Bogdan\appdata\local\{B32320F4-008A-4308-BB0A-5FB579C9001D}
    Successfully deleted: [Empty Folder] C:\Users\Bogdan\appdata\local\{B6276A77-EA9B-4406-B115-5A0455BD37E0}
    Successfully deleted: [Empty Folder] C:\Users\Bogdan\appdata\local\{C678ED7E-4A42-4F95-9568-6E482666EEBD}
    Successfully deleted: [Empty Folder] C:\Users\Bogdan\appdata\local\{D2912A0F-C4A3-43A7-AF33-6E57888D1B05}
    Successfully deleted: [Empty Folder] C:\Users\Bogdan\appdata\local\{D53DCC4A-6F3E-4B08-BED8-21B677B94CDC}
    Successfully deleted: [Empty Folder] C:\Users\Bogdan\appdata\local\{F25CB1F7-DDEE-4AD1-AE92-D136EEB535C0}



    ~~~ FireFox

    Emptied folder: C:\Users\Bogdan\AppData\Roaming\mozilla\firefox\profiles\5t5tpkr4.default\minidumps [26 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 21.03.2014 at 13:51:25.49
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  11. spoocter

    spoocter TS Rookie Topic Starter

    OTL log

    OTL logfile created on: 21.03.2014 13:52:59 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bogdan\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16721)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    3.86 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 55.75% Memory free
    7.71 Gb Paging File | 5.88 Gb Available in Paging File | 76.30% Paging File free
    Paging file location(s): c:\pagefile.sys 3947 5920 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 680.54 Gb Total Space | 423.53 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
    Drive E: | 1.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: BOGDAN-PC | User Name: Bogdan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014.03.20 22:17:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bogdan\Desktop\OTL.exe
    PRC - [2014.02.27 12:33:18 | 000,233,168 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe
    PRC - [2014.02.27 12:33:16 | 000,219,856 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\COMODO\GeekBuddy\unit.exe
    PRC - [2014.02.27 12:33:16 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    PRC - [2014.02.27 10:28:36 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    PRC - [2013.12.18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013.07.23 10:52:18 | 000,606,056 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    PRC - [2013.07.14 17:36:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2013.06.26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2013.06.26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2013.05.16 15:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013.01.08 09:41:08 | 003,674,320 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2012.09.28 08:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
    PRC - [2012.09.28 08:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
    PRC - [2012.06.28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2012.04.24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    PRC - [2011.08.26 14:14:40 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    PRC - [2011.08.24 18:03:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    PRC - [2011.08.24 18:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    PRC - [2011.07.01 03:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    PRC - [2011.07.01 03:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2011.07.01 03:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2011.07.01 03:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    PRC - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011.04.24 02:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2011.04.24 02:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013.10.10 02:57:40 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
    MOD - [2013.10.10 02:57:39 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
    MOD - [2013.10.10 02:57:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f58dc6b661c4fb91c68945da9b701135\System.Xml.Linq.ni.dll
    MOD - [2013.10.10 02:25:14 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
    MOD - [2013.10.10 02:24:53 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
    MOD - [2013.10.10 02:24:49 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
    MOD - [2013.10.10 02:24:41 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
    MOD - [2013.10.10 02:24:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
    MOD - [2013.10.10 02:24:31 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
    MOD - [2013.08.16 02:43:23 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
    MOD - [2013.08.16 02:41:26 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
    MOD - [2013.08.16 02:40:05 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
    MOD - [2013.08.16 02:21:53 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
    MOD - [2013.08.16 02:21:50 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
    MOD - [2013.08.16 02:21:46 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
    MOD - [2013.08.16 02:21:43 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
    MOD - [2013.07.12 02:07:56 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
    MOD - [2011.08.24 18:03:42 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
    MOD - [2011.08.24 18:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    MOD - [2011.04.24 02:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2014.03.12 10:48:18 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014.02.27 12:33:16 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
    SRV - [2014.02.27 10:28:36 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
    SRV - [2014.02.25 22:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013.12.18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013.08.12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013.08.12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013.07.14 17:36:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2013.06.26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013.06.26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2013.05.16 15:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013.03.22 09:14:30 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012.09.28 08:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
    SRV - [2012.09.06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.05.29 19:46:48 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2012.04.24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
    SRV - [2012.04.05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
    SRV - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2011.12.03 10:47:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011.08.02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV - [2011.07.01 03:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011.04.24 02:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2011.03.29 05:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013.07.10 07:29:44 | 000,033,464 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
    DRV:64bit: - [2013.07.10 07:29:42 | 000,030,904 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
    DRV:64bit: - [2013.07.10 07:29:32 | 000,137,400 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
    DRV:64bit: - [2013.06.26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2013.06.26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2013.06.26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2013.06.26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2013.06.21 13:06:36 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2013.06.18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013.03.08 18:10:18 | 005,358,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2013.01.28 03:23:25 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2013.01.28 03:21:00 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012.07.24 21:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
    DRV:64bit: - [2012.07.24 21:11:52 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
    DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011.09.20 11:02:55 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2011.09.20 11:02:55 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2011.07.14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.07.14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011.06.08 17:36:14 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2011.05.16 14:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
    DRV:64bit: - [2011.05.10 04:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2011.05.06 10:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
    DRV:64bit: - [2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011.01.20 18:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
    DRV:64bit: - [2011.01.20 18:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
    DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010.11.21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.11.12 13:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2009.12.30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009.11.24 01:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
    DRV:64bit: - [2009.11.24 01:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
    DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007.08.02 16:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
    DRV - [2012.09.03 08:20:00 | 000,037,976 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\CFRMD.sys -- (CFRMD)
    DRV - [2012.05.08 14:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2014414143-318086852-356521060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    IE - HKU\S-1-5-21-2014414143-318086852-356521060-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2014414143-318086852-356521060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2014414143-318086852-356521060-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    IE - HKU\S-1-5-21-2014414143-318086852-356521060-1008\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2014414143-318086852-356521060-1008\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-2014414143-318086852-356521060-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bogdan\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bogdan\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.18 12:50:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.03.19 00:40:36 | 000,000,000 | ---D | M]

    [2012.09.12 22:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bogdan\AppData\Roaming\mozilla\Extensions
    [2014.03.19 00:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bogdan\AppData\Roaming\mozilla\Firefox\Profiles\5t5tpkr4.default\extensions
    [2012.10.23 21:42:30 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Bogdan\AppData\Roaming\mozilla\Firefox\Profiles\5t5tpkr4.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2012.09.12 22:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013.03.12 16:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
    [2013.03.12 16:26:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bogdan\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Bogdan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google-Suche = C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: AdBlock = C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
    CHR - Extension: Google Wallet = C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Mehr Leistung und Videoformate für dein HTML5 \u003Cvideo> = C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Battlefield Play4Free = C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
    CHR - Extension: Google Mail = C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    end of part1
     
     
  12. spoocter

    spoocter TS Rookie Topic Starter

    Part 2


    O1 HOSTS File: ([2014.03.19 00:46:09 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
    O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
    O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\S-1-5-21-2014414143-318086852-356521060-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2014414143-318086852-356521060-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-2014414143-318086852-356521060-1008..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2014414143-318086852-356521060-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2014414143-318086852-356521060-1008..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-2014414143-318086852-356521060-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-2014414143-318086852-356521060-1008..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2014414143-318086852-356521060-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2014414143-318086852-356521060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2014414143-318086852-356521060-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2014414143-318086852-356521060-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.51.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.51.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.110 80.69.100.214
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91D87618-5F1F-4D11-90A2-B15D7ED38768}: DhcpNameServer = 80.69.100.110 80.69.100.214
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014.03.21 13:41:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014.03.21 13:31:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014.03.20 22:17:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bogdan\Desktop\OTL.exe
    [2014.03.20 22:17:14 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Bogdan\Desktop\JRT.exe
    [2014.03.19 17:56:08 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
    [2014.03.19 17:56:06 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
    [2014.03.19 17:56:06 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
    [2014.03.19 17:56:06 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
    [2014.03.19 17:56:05 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
    [2014.03.19 17:56:00 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
    [2014.03.19 17:56:00 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
    [2014.03.19 17:56:00 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
    [2014.03.19 17:56:00 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
    [2014.03.19 17:55:55 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2014.03.19 17:55:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2014.03.19 17:55:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2014.03.19 17:55:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2014.03.19 17:55:54 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2014.03.19 17:55:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2014.03.19 17:55:49 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
    [2014.03.19 17:55:48 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
    [2014.03.19 17:55:48 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
    [2014.03.19 17:55:48 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
    [2014.03.19 17:55:48 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
    [2014.03.19 17:55:46 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
    [2014.03.19 17:55:45 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
    [2014.03.19 17:55:45 | 001,868,944 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
    [2014.03.19 17:55:44 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
    [2014.03.19 17:55:44 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
    [2014.03.19 17:54:50 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2014.03.19 17:54:46 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
    [2014.03.19 17:54:46 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
    [2014.03.19 17:54:45 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
    [2014.03.19 17:54:42 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
    [2014.03.19 17:54:41 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
    [2014.03.19 17:54:41 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
    [2014.03.19 17:54:40 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
    [2014.03.19 17:54:40 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
    [2014.03.19 17:54:40 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
    [2014.03.19 17:54:40 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
    [2014.03.19 17:54:40 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
    [2014.03.19 17:54:38 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
    [2014.03.19 17:01:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014.03.19 16:28:27 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Bogdan\Desktop\rkill.exe
    [2014.03.19 16:27:35 | 005,190,052 | R--- | C] (Swearware) -- C:\Users\Bogdan\Desktop\ComboFix.exe
    [2014.03.19 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
    [2014.03.19 14:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStove
    [2014.03.19 14:15:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStove
    [2014.03.19 00:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014.03.19 00:56:24 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014.03.19 00:55:53 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014.03.19 00:55:31 | 000,000,000 | ---D | C] -- C:\Users\Bogdan\Desktop\mbar
    [2014.03.19 00:55:13 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Bogdan\Desktop\mbar-1.07.0.1009.exe
    [2014.03.18 10:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014.03.17 15:30:01 | 000,000,000 | ---D | C] -- C:\Users\Bogdan\Desktop\RK_Quarantine
    [2014.03.17 15:19:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014.03.17 15:04:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014.03.17 15:04:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014.03.17 15:04:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014.03.17 14:51:20 | 000,000,000 | ---D | C] -- C:\Users\Bogdan\scan
    [2014.03.10 10:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014.03.10 10:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2014.02.28 10:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014.03.21 13:53:23 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014.03.21 13:53:23 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014.03.21 13:48:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014.03.21 13:44:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014.03.21 13:44:24 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
    [2014.03.21 13:41:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2014414143-318086852-356521060-1001UA.job
    [2014.03.21 11:41:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2014414143-318086852-356521060-1001Core.job
    [2014.03.20 22:17:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bogdan\Desktop\OTL.exe
    [2014.03.20 22:17:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Bogdan\Desktop\JRT.exe
    [2014.03.20 22:16:56 | 001,950,720 | ---- | M] () -- C:\Users\Bogdan\Desktop\adwcleaner.exe
    [2014.03.19 16:28:34 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Bogdan\Desktop\rkill.exe
    [2014.03.19 16:27:54 | 005,190,052 | R--- | M] (Swearware) -- C:\Users\Bogdan\Desktop\ComboFix.exe
    [2014.03.19 14:16:56 | 000,000,995 | ---- | M] () -- C:\Users\Bogdan\Desktop\PStove.lnk
    [2014.03.19 01:47:09 | 000,007,621 | ---- | M] () -- C:\Users\Bogdan\AppData\Local\Resmon.ResmonCfg
    [2014.03.19 01:27:12 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014.03.19 00:56:24 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014.03.19 00:55:25 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Bogdan\Desktop\mbar-1.07.0.1009.exe
    [2014.03.19 00:42:26 | 003,901,952 | ---- | M] () -- C:\Users\Bogdan\Desktop\RogueKiller.exe
    [2014.03.18 17:21:35 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014.03.18 17:21:35 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2014.03.18 17:21:35 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014.03.18 17:21:35 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2014.03.18 17:21:35 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014.03.18 10:56:30 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2014.03.18 10:19:17 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014.02.28 10:21:04 | 000,002,007 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    [2014.02.28 10:21:04 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014.03.20 22:16:40 | 001,950,720 | ---- | C] () -- C:\Users\Bogdan\Desktop\adwcleaner.exe
    [2014.03.19 14:15:51 | 000,000,995 | ---- | C] () -- C:\Users\Bogdan\Desktop\PStove.lnk
    [2014.03.19 00:42:25 | 003,901,952 | ---- | C] () -- C:\Users\Bogdan\Desktop\RogueKiller.exe
    [2014.03.18 10:19:17 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014.03.17 15:04:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014.03.17 15:04:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014.03.17 15:04:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014.03.17 15:04:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014.03.17 15:04:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013.09.16 16:50:53 | 000,685,388 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go4.bsp
    [2013.09.16 16:50:53 | 000,030,300 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go4.prt
    [2013.09.16 16:50:50 | 000,060,943 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go4.vmx
    [2013.09.16 16:50:45 | 000,068,046 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go4.vmf
    [2013.09.16 14:37:33 | 000,635,820 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go3.bsp
    [2013.09.16 14:37:33 | 000,028,793 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go3.prt
    [2013.09.16 14:37:25 | 000,060,978 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go3.vmx
    [2013.09.16 14:37:21 | 000,060,942 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go3.vmf
    [2013.09.16 13:22:09 | 000,016,541 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go2.prt
    [2013.09.16 13:21:19 | 000,370,456 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go2.bsp
    [2013.09.16 13:21:16 | 000,053,999 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go2.vmx
    [2013.09.16 13:21:13 | 000,053,994 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go2.vmf
    [2013.09.16 12:59:01 | 000,029,007 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go.prt
    [2013.09.16 12:43:58 | 000,676,520 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go.bsp
    [2013.09.16 12:41:56 | 000,069,383 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go.vmx
    [2013.09.16 12:40:58 | 000,069,331 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake_go.vmf
    [2013.09.16 00:39:53 | 000,106,023 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake.rmx
    [2013.09.16 00:36:00 | 000,106,473 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake.rmf
    [2013.09.16 00:28:13 | 000,026,784 | ---- | C] () -- C:\Users\Bogdan\bl_counterquake.map
    [2013.09.15 21:25:50 | 000,059,078 | ---- | C] () -- C:\Users\Bogdan\cs-71-bl_counterquake.zip
    [2013.07.14 17:36:32 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2013.04.29 09:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\TransistorAmp.INI
    [2013.04.07 19:07:58 | 000,095,491 | ---- | C] () -- C:\Users\Bogdan\OC602.pdf
    [2013.04.07 19:01:01 | 000,093,360 | ---- | C] () -- C:\Users\Bogdan\SFT323.pdf
    [2013.04.07 18:35:33 | 000,046,076 | ---- | C] () -- C:\Users\Bogdan\datasheet.pdf
    [2013.04.07 18:34:06 | 000,094,006 | ---- | C] () -- C:\Users\Bogdan\AC122 (1).pdf
    [2013.04.07 18:32:29 | 000,179,540 | ---- | C] () -- C:\Users\Bogdan\AC122.pdf
    [2013.04.04 13:31:14 | 000,194,995 | ---- | C] () -- C:\Users\Bogdan\AC 121 VI.pdf
    [2013.03.27 23:03:22 | 000,007,621 | ---- | C] () -- C:\Users\Bogdan\AppData\Local\Resmon.ResmonCfg
    [2013.03.08 18:10:10 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2013.02.18 01:29:26 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2013.01.26 22:08:22 | 000,068,253 | ---- | C] () -- C:\Users\Bogdan\pcmoneymonitor.png
    [2013.01.26 22:04:10 | 000,152,307 | ---- | C] () -- C:\Users\Bogdan\pcpanels.png
    [2013.01.26 20:08:05 | 000,171,600 | ---- | C] () -- C:\Users\Bogdan\PCgiftcard.png
    [2013.01.20 18:07:03 | 004,937,257 | ---- | C] () -- C:\Users\Bogdan\DSCF0827.JPG
    [2013.01.20 18:07:01 | 003,650,690 | ---- | C] () -- C:\Users\Bogdan\DSCF0825.JPG
    [2013.01.20 17:54:10 | 000,549,638 | ---- | C] () -- C:\Users\Bogdan\IMG_0895.JPG
    [2013.01.15 00:26:32 | 000,189,938 | ---- | C] () -- C:\Users\Bogdan\Anschreiben.gif
    [2013.01.15 00:26:32 | 000,188,806 | ---- | C] () -- C:\Users\Bogdan\CVSite1.gif
    [2013.01.15 00:26:32 | 000,155,409 | ---- | C] () -- C:\Users\Bogdan\CVSite2.gif
    [2013.01.07 18:10:07 | 000,129,640 | ---- | C] () -- C:\Users\Bogdan\cm._2013-01-07_1809532395790719703278938.pdf
    [2013.01.03 23:45:15 | 002,126,048 | ---- | C] () -- C:\Users\Bogdan\ALIM5600.JPG
    [2012.12.30 10:21:11 | 000,013,182 | ---- | C] () -- C:\Users\Bogdan\D3R-085.rar
    [2012.12.24 18:20:18 | 000,059,049 | ---- | C] () -- C:\Users\Bogdan\ghfhg.png
    [2012.12.24 18:19:03 | 000,018,579 | ---- | C] () -- C:\Users\Bogdan\6149730_460s.jpg
    [2012.12.13 11:11:01 | 000,029,610 | ---- | C] () -- C:\Users\Bogdan\checkFileList.lst
    [2012.12.13 09:00:22 | 000,000,800 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_59.exe.md5
    [2012.12.13 08:51:21 | 000,000,448 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5906.bin.md5
    [2012.12.13 08:46:13 | 585,422,374 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5906.bin
    [2012.12.13 08:46:13 | 000,000,720 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5905.bin.md5
    [2012.12.13 08:37:27 | 923,158,519 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5905.bin
    [2012.12.13 08:37:26 | 000,000,752 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5904.bin.md5
    [2012.12.13 08:29:00 | 981,393,368 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5904.bin
    [2012.12.13 08:29:00 | 000,000,800 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5903.bin.md5
    [2012.12.13 08:20:00 | 1048,268,024 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5903.bin
    [2012.12.13 08:20:00 | 000,000,800 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5902.bin.md5
    [2012.12.13 08:11:01 | 1048,565,896 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5902.bin
    [2012.12.13 08:11:01 | 000,000,816 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5901.bin.md5
    [2012.12.13 07:46:29 | 1048,577,109 | ---- | C] () -- C:\Users\Bogdan\OA_setup_1_5901.bin
    [2012.12.12 16:38:16 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
    [2012.12.12 16:38:14 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
    [2012.12.10 19:37:33 | 000,063,416 | ---- | C] () -- C:\Users\Bogdan\facesischalt.pdf
    [2012.12.08 19:56:18 | 000,066,634 | ---- | C] () -- C:\Users\Bogdan\facegeschalt.pdf
    [2012.12.08 16:51:50 | 000,068,582 | ---- | C] () -- C:\Users\Bogdan\smiley-face-wallpaper-widescreen-001 (1).jpg
    [2012.12.08 16:51:43 | 000,068,582 | ---- | C] () -- C:\Users\Bogdan\smiley-face-wallpaper-widescreen-001.jpg
    [2012.12.01 11:42:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012.11.04 09:48:49 | 004,113,599 | ---- | C] () -- C:\Users\Bogdan\Krisko I 100 Kila - Padat buchki (heminei.com) (22535).mp3
    [2012.10.15 14:28:02 | 000,012,288 | ---- | C] () -- C:\Users\Bogdan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.08.01 19:22:48 | 000,000,146 | ---- | C] () -- C:\Windows\capture.INI
    [2012.07.31 19:35:03 | 000,011,170 | ---- | C] () -- C:\Users\Bogdan\microchip-pic16f.lbr
    [2012.07.31 19:32:45 | 000,150,458 | ---- | C] () -- C:\Users\Bogdan\jason-test.lbr
    [2012.07.31 19:22:28 | 000,005,503 | ---- | C] () -- C:\Users\Bogdan\pic18f2550.lbr
    [2012.07.30 21:34:53 | 000,000,480 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012.07.30 21:26:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\NMOCOD.DLL
    [2012.07.30 21:26:35 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\NMCLN.EXE
    [2012.07.30 21:22:45 | 000,903,168 | ---- | C] () -- C:\Windows\SysWow64\mitmdl30.dll
    [2012.07.30 21:22:45 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
    [2012.07.30 21:22:45 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
    [2012.07.30 21:22:45 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
    [2012.07.30 21:22:45 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
    [2012.07.30 21:22:45 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
    [2012.07.30 21:22:45 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
    [2012.07.30 21:22:45 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
    [2012.07.30 21:22:45 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
    [2012.07.30 21:22:45 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
    [2012.07.30 21:22:45 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
    [2012.07.30 21:22:45 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
    [2012.07.30 21:22:45 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
    [2012.07.30 21:22:45 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
    [2012.07.30 21:22:45 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
    [2012.07.30 21:09:34 | 000,000,000 | ---- | C] () -- C:\Windows\SPLASH.INI
    [2012.05.20 03:18:35 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012.05.19 18:39:10 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012.05.05 10:47:51 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini

    ========== ZeroAccess Check ==========

    [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013.10.31 22:08:59 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\.minecraft
    [2012.09.19 01:00:15 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\Ableton
    [2013.03.05 02:22:26 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\Arduino
    [2013.12.22 21:55:56 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\Audacity
    [2012.09.13 07:58:01 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\CadSoft
    [2013.01.28 03:24:24 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\DAEMON Tools Lite
    [2013.02.03 13:43:15 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\Doublefine
    [2012.09.19 19:47:20 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\Fritzing
    [2013.09.15 22:50:39 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\gtk-2.0
    [2012.07.29 17:47:14 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\Guitar Pro 6
    [2013.02.17 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\Image-Line
    [2013.10.11 02:06:09 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\Leadertech
    [2013.02.17 13:22:46 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\PowerCinema
    [2013.06.03 16:34:53 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\RadiantSettings
    [2013.12.20 17:03:25 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\scope
    [2012.05.05 09:37:04 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\Screensaver
    [2014.03.19 00:27:05 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\SoftGrid Client
    [2012.10.03 15:07:13 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\SynthMaker
    [2013.02.24 13:57:25 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\TeamViewer
    [2012.10.15 14:26:04 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\TechSmith
    [2012.05.19 18:40:02 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\TP
    [2012.05.22 15:48:28 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\TuneUp Software
    [2014.02.23 23:39:51 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\uTorrent
    [2012.05.05 13:19:30 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\wargaming.net
    [2012.07.28 03:01:33 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\WildTangent
    [2012.06.16 07:58:00 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\Windows Authenticator
    [2012.09.16 15:41:39 | 000,000,000 | ---D | M] -- C:\Users\Bogdan\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}

    ========== Purity Check ==========



    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. spoocter

    spoocter TS Rookie Topic Starter

    OTL.log

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bogdan
    ->Temp folder emptied: 56407173 bytes
    ->Temporary Internet Files folder emptied: 154039709 bytes
    ->Java cache emptied: 2402559 bytes
    ->FireFox cache emptied: 150398461 bytes
    ->Google Chrome cache emptied: 359786986 bytes
    ->Flash cache emptied: 313030 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: UpdatusUser.Bogdan-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: user
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 401408 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 65259 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42553919 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 731.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Bogdan
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    User: UpdatusUser.Bogdan-PC

    User: user

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Bogdan
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser.Bogdan-PC
    ->Flash cache emptied: 0 bytes

    User: user
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 03212014_215724

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Bogdan\AppData\Local\Temp\CVHLauncher(2014032114421019B0).log not found!
    C:\Users\Bogdan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Bogdan\AppData\Local\Temp\MMDUtl.log moved successfully.
    C:\Users\Bogdan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.
    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...




    checkup.log


    Results of screen317's Security Check version 0.99.81
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 32
    Java 7 Update 51
    Adobe Flash Player 12.0.0.77
    Adobe Reader 10.1.9 Adobe Reader out of Date!
    Mozilla Firefox 15.0.1 Firefox out of Date!
    Google Chrome 33.0.1750.146
    Google Chrome 33.0.1750.154
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    Symantec Norton Online Backup NOBuAgent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````




    FSS.txt



    Farbar Service Scanner Version: 25-02-2014
    Ran by Bogdan (administrator) on 21-03-2014 at 22:15:20
    Running from "C:\Users\Bogdan\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****



    TempFileCleaner found nothing and produced no log.


    ESET Scanner found nothing and produced no log.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    [​IMG] Update Firefox to the current 28.0 version.

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    ===================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  16. spoocter

    spoocter TS Rookie Topic Starter

    PC runs definetely better, faster boot time faster login time. I also had problems with winamp from time to time it stopped playing music, reinstalled sound drivers seems to fixed it for now.
    Since this thread began I havent had any problems.
    I thank you for all your help sincerely.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Yes!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.