im infected.. and it freaking sucks

xbriceyx · January 11, 2014

so i have a bunch of ads, like snickers commercials and music BLASTING out of my speakers.. from the "host process for windows service" tab in my sound mixer.. so i ran malwarebytes twice.. two nights ago... the first time got rid of all my malware.. but i heard it again.. so i ran it again for a second time that night and there it was.. THE STRAGLER... one infected file that i missed i guess... that had to be the problem.. RIGHT? WRONG... because after a full day of silence i was on my pc just kicking it on face book, and my pc said somthing was terminated.. and it just restarted on me.. soon after that, the noise came back.. SO i ran malwarebytes for a third time.. and ive no infected files.. atleast according to malwarebytes.. HELP MY...BROTHERS HELP ME! WHAT AM I MISSING HERE..

kevinf80 · January 11, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin

xbriceyx · January 11, 2014

thanks for the quick responce.. bare with me when i first tired to scan my pc restarted.. may take a minute. and all my p2p software is DISABLED

thanks again

xbriceyx · January 11, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014

Ran by Brice Ortiz (administrator) on BRICEORTIZ-PC on 10-01-2014 19:43:57

Running from C:\Users\Brice Ortiz\Desktop

Windows 7 Ultimate (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Spotify Ltd) C:\Users\Brice Ortiz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000 2013-05-16] (NVIDIA Corporation)

HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [30208 2005-12-07] (Cyberlink Corp.)

HKLM-x32\...\Run: [LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [49152 2006-04-13] ()

HKLM-x32\...\Run: [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-04-29] (RealNetworks, Inc.)

HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)

HKCU\...\Run: [] - [x]

HKCU\...\Run: [spotify Web Helper] - C:\Users\Brice Ortiz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-04] (Spotify Ltd)

HKCU\...\Run: [RIMDeviceManager] - C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2469392 2013-11-05] (Research In Motion Limited)

HKCU\...\Run: [Google Update] - C:\Users\Brice Ortiz\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-18] (Google Inc.)

MountPoints2: F - F:\Installer.exe

MountPoints2: {620ebddd-4a01-11e2-bce2-902b34adc190} - E:\Installer.exe

HKU\mom\...\Run: [spotify Web Helper] - C:\Users\mom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-08] (Spotify Ltd)

HKU\mom\...\Run: [spotify] - C:\Users\mom\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-08] (Spotify Ltd)

AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7C786AA02EF1CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.00000

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - DefaultScope {8133387F-10FE-4676-8F7B-BB24F93FE16E} URL =

SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=Tightrope&dpid=Tightrope&co=US&userid=4de38d54-31dd-4203-ba13-f6edee8604c5&searchtype=ds&q={searchTerms}

SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242576

SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000

SearchScopes: HKCU - DefaultScope {8133387F-10FE-4676-8F7B-BB24F93FE16E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3315010&CUI=UN30924395681510516&UM=2

SearchScopes: HKCU - 328EBD1CBBB44E4BBD97BEE577910C5A URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=Tightrope&dpid=Tightrope&co=US&userid=4de38d54-31dd-4203-ba13-f6edee8604c5&searchtype=ds&q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {794FD6B8-374C-4EF5-A7E7-080FFA74AD50} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

SearchScopes: HKCU - {8133387F-10FE-4676-8F7B-BB24F93FE16E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3315010&CUI=UN30924395681510516&UM=2

SearchScopes: HKCU - {D6719141-CF3E-4854-9186-B827C35F3380} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^YYYYYY^YY^US&apn_uid=EBBFAB01-4A88-44DC-AE52-B9AF179F8DBC&apn_sauid=901C79CC-316D-4F7F-9290-13F841370898

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: No Name - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - No File

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Desktop Animated Toolbar - {ba997733-32e8-407c-a157-6abef22ee411} - C:\Program Files (x86)\Desktop_Animated\prxtbDes0.dll (Conduit Ltd.)

BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File

Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File

Toolbar: HKLM-x32 - Desktop Animated Toolbar - {ba997733-32e8-407c-a157-6abef22ee411} - C:\Program Files (x86)\Desktop_Animated\prxtbDes0.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\..\Interfaces\{48413AA4-1B0F-460A-82CB-3B8ED0224CF4}: [NameServer]167.206.251.129,167.206.251.130

FireFox:

========

FF ProfilePath: C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default

FF user.js: detected! => C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\user.js

FF DefaultSearchEngine: KeyBar 1.29 Customized Web Search

FF SearchEngineOrder.1: Ask Search

FF SearchEngineOrder.3: Bing

FF SelectedSearchEngine: KeyBar 1.29 Customized Web Search

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Brice Ortiz\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Brice Ortiz\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF SearchPlugin: C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\searchplugins\ask-search.xml

FF SearchPlugin: C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\searchplugins\askcom.xml

FF SearchPlugin: C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\searchplugins\babylon1.xml

FF SearchPlugin: C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\searchplugins\bingp.xml

FF SearchPlugin: C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\searchplugins\conduit.xml

FF SearchPlugin: C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\searchplugins\sweetim.xml

FF SearchPlugin: C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\searchplugins\Web Search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

FF Extension: Ask Toolbar - C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\Extensions\toolbar@ask.com

FF Extension: Yahoo! Toolbar - C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: KeyBar 1.29 - C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\Extensions\{8a184644-a171-4b05-bc9a-28d75ffc9505}

FF Extension: BitTorrentControl_v12 - C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\Firefox\Profiles\0vn9fp5p.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com

FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:

=======

CHR DefaultSearchKeyword: search.conduit.com

CHR DefaultSearchProvider: Conduit

CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23353245872373516&ctid=CT3315010&UM=2

CHR DefaultNewTabURL:

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()

CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)

CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

CHR Plugin: (Google Update) - C:\Users\Brice Ortiz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Google Talk Plugin) - C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Brice Ortiz\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Extension: (Google Docs) - C:\Users\Brice Ortiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Brice Ortiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Brice Ortiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Brice Ortiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (GFACE Experience Plugin) - C:\Users\Brice Ortiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.38.0_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Brice Ortiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR Extension: (Battlefield Play4Free) - C:\Users\Brice Ortiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0

CHR Extension: (Gmail) - C:\Users\Brice Ortiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKCU\...\Chrome\Extension: [bolmicibdhjnmppjidlkppdaeplaphpi] - C:\Users\Brice Ortiz\AppData\Local\CRE\bolmicibdhjnmppjidlkppdaeplaphpi.crx

CHR HKCU\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Brice Ortiz\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx

CHR HKCU\...\Chrome\Extension: [jadmiphpbpjbfngipbjmjaajaeiflhkc] - C:\Users\Brice Ortiz\AppData\Local\CRE\jadmiphpbpjbfngipbjmjaajaeiflhkc.crx

CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Brice Ortiz\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx

CHR HKLM-x32\...\Chrome\Extension: [anmphbplcihjjkljdofccokpafageioj] - C:\Users\Brice Ortiz\AppData\Local\Lucky Savings\Chrome\Lucky Savings.crx

CHR HKLM-x32\...\Chrome\Extension: [bolmicibdhjnmppjidlkppdaeplaphpi] - C:\Users\Brice Ortiz\AppData\Local\CRE\bolmicibdhjnmppjidlkppdaeplaphpi.crx

CHR HKLM-x32\...\Chrome\Extension: [cjolcfnbehgbbodlpklcogifnnfklkfo] - C:\Users\mom\AppData\Local\CRE\cjolcfnbehgbbodlpklcogifnnfklkfo.crx

CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Brice Ortiz\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

CHR HKLM-x32\...\Chrome\Extension: [jadmiphpbpjbfngipbjmjaajaeiflhkc] - C:\Users\Brice Ortiz\AppData\Local\CRE\jadmiphpbpjbfngipbjmjaajaeiflhkc.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-05] ()

R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited)

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1501144 2013-09-21] (Echobit LLC)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-12-09] ()

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [167936 2006-05-04] ()

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-19] (DT Soft Ltd)

R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-09-21] (Echobit, LLC)

R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 gdrv; \??\C:\Windows\gdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-10 19:43 - 2014-01-10 19:44 - 00027464 _____ C:\Users\Brice Ortiz\Desktop\FRST.txt

2014-01-10 19:39 - 2014-01-10 19:40 - 00039481 _____ C:\Users\Brice Ortiz\Downloads\FRST.txt

2014-01-10 19:39 - 2014-01-10 19:39 - 00000000 ____D C:\FRST

2014-01-10 19:38 - 2014-01-10 19:38 - 01932166 _____ (Farbar) C:\Users\Brice Ortiz\Desktop\FRST64.exe

2014-01-09 11:15 - 2014-01-09 11:15 - 00109192 _____ () C:\Users\mom\Downloads\Setup.exe

2014-01-09 00:50 - 2014-01-09 00:53 - 00000000 ____D C:\Users\Brice Ortiz\Desktop\RK_Quarantine

2014-01-09 00:49 - 2014-01-09 00:50 - 04406784 _____ C:\Users\Brice Ortiz\Downloads\RogueKillerX64.exe

2014-01-09 00:14 - 2014-01-09 00:14 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-09 00:09 - 2014-01-09 00:09 - 00037376 _____ C:\Windows\system32\gjdi.agz

2014-01-08 23:59 - 2014-01-10 19:23 - 00000083 _____ C:\Windows\system32\otebi.efg

2014-01-08 23:58 - 2014-01-09 00:09 - 00000096 _____ C:\Windows\system32\dnmy.soq

2014-01-08 23:58 - 2014-01-08 23:58 - 00000064 _____ C:\Windows\system32\hwwz.pji

2014-01-08 23:42 - 2014-01-08 23:42 - 00219314 ____S C:\Windows\system32\cnsbatm.nsj

2014-01-08 14:36 - 2014-01-08 14:36 - 00118149 _____ C:\Users\Brice Ortiz\Downloads\wmpChrome (2).crx

2013-12-31 13:28 - 2013-12-31 13:28 - 00000222 _____ C:\Users\Brice Ortiz\Desktop\Age of Empires II HD Edition.url

2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Local\ArchiveInvalidation

2013-12-31 13:23 - 2013-12-31 13:23 - 00000000 ____D C:\Users\Brice Ortiz\Desktop\New folder (3)

2013-12-31 13:22 - 2013-12-31 13:22 - 03045384 _____ C:\Users\Brice Ortiz\Desktop\ArchiveInvalidation File Generator v3_2-52402-3-2.zip

2013-12-30 15:28 - 2013-12-30 15:28 - 00000000 ____D C:\Users\Brice Ortiz\Downloads\Fallout New Vegas DLC

2013-12-29 23:38 - 2013-12-29 23:42 - 203145992 _____ C:\Users\Brice Ortiz\Downloads\weapon_retexture_project_1dot95-38285-1-95.7z

2013-12-29 23:28 - 2013-12-29 23:49 - 1188594344 _____ C:\Users\Brice Ortiz\Downloads\NMCs Textures NV LARGE Pack Part 3 of 3 FOR NMM-43135-1-0.7z

2013-12-29 23:13 - 2013-12-29 23:13 - 00000000 ____D C:\Users\Brice Ortiz\Downloads\Facebook_files

2013-12-29 23:12 - 2013-12-29 23:13 - 01113067 _____ C:\Users\Brice Ortiz\Downloads\Facebook.htm

2013-12-29 22:52 - 2013-12-29 23:15 - 1110471037 _____ C:\Users\Brice Ortiz\Desktop\NMCs Textures NV LARGE Pack Part 2 of 3 FOR NMM -43135-1-0.7z

2013-12-29 22:29 - 2013-12-29 22:50 - 1132280378 _____ C:\Users\Brice Ortiz\Downloads\NMCs Textures NV LARGE Pack Part 1 of 3 FOR NMM -43135-1-0.7z

2013-12-29 17:58 - 2013-12-29 17:58 - 00000221 _____ C:\Users\Brice Ortiz\Desktop\Fallout New Vegas.url

2013-12-26 17:26 - 2013-12-26 17:26 - 00000222 _____ C:\Users\Brice Ortiz\Desktop\Rust.url

2013-12-26 17:21 - 2014-01-10 00:14 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Local\DayZ

2013-12-26 17:21 - 2013-12-26 17:21 - 00000000 ____D C:\Users\Brice Ortiz\Documents\DayZ

2013-12-26 16:08 - 2013-12-26 16:08 - 00000222 _____ C:\Users\Brice Ortiz\Desktop\DayZ.url

2013-12-22 21:02 - 2013-12-22 21:02 - 00055639 _____ C:\Users\Brice Ortiz\Downloads\Yog-Sothoth_couleur.jpeg

2013-12-21 10:14 - 2013-12-21 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-18 23:53 - 2013-12-18 23:53 - 00007678 _____ C:\Users\Brice Ortiz\Downloads\cute-face-meme-66287433884.jpeg

2013-12-16 00:14 - 2013-12-16 00:14 - 00000653 _____ C:\Users\Brice Ortiz\Downloads\ce0dc23a1bbf66c19100881f36547778.htm

2013-12-13 01:41 - 2013-12-13 01:41 - 01741678 _____ C:\Users\Brice Ortiz\Downloads\Coat_of_Arms_of_Puerto_Rico.svg

2013-12-13 01:41 - 2013-12-13 01:41 - 01741678 _____ C:\Users\Brice Ortiz\Downloads\Coat_of_Arms_of_Puerto_Rico (1).svg

==================== One Month Modified Files and Folders =======

2014-01-10 19:44 - 2014-01-10 19:43 - 00027464 _____ C:\Users\Brice Ortiz\Desktop\FRST.txt

2014-01-10 19:41 - 2013-01-18 21:27 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-10 19:41 - 2012-12-17 23:11 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs

2014-01-10 19:41 - 2012-12-17 19:41 - 00347496 _____ C:\Windows\PFRO.log

2014-01-10 19:41 - 2012-12-17 19:41 - 00083321 _____ C:\Windows\setupact.log

2014-01-10 19:41 - 2012-12-17 18:18 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-10 19:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-10 19:40 - 2014-01-10 19:39 - 00039481 _____ C:\Users\Brice Ortiz\Downloads\FRST.txt

2014-01-10 19:40 - 2012-12-18 09:29 - 01548728 _____ C:\Windows\WindowsUpdate.log

2014-01-10 19:39 - 2014-01-10 19:39 - 00000000 ____D C:\FRST

2014-01-10 19:38 - 2014-01-10 19:38 - 01932166 _____ (Farbar) C:\Users\Brice Ortiz\Desktop\FRST64.exe

2014-01-10 19:36 - 2009-07-13 23:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-10 19:36 - 2009-07-13 23:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-10 19:30 - 2013-02-14 13:54 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264361256-2442009338-2428154096-1000UA.job

2014-01-10 19:30 - 2013-02-14 13:54 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264361256-2442009338-2428154096-1000Core.job

2014-01-10 19:23 - 2014-01-08 23:59 - 00000083 _____ C:\Windows\system32\otebi.efg

2014-01-10 19:11 - 2012-12-22 12:18 - 00000000 ____D C:\Users\mom\AppData\Roaming\Spotify

2014-01-10 19:02 - 2013-01-18 21:27 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-10 18:57 - 2013-11-30 18:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-10 16:57 - 2012-12-18 03:14 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Roaming\Spotify

2014-01-10 02:58 - 2012-12-19 01:23 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Roaming\Skype

2014-01-10 00:14 - 2013-12-26 17:21 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Local\DayZ

2014-01-10 00:14 - 2012-12-22 20:46 - 00000000 ____D C:\Program Files (x86)\Steam

2014-01-09 11:15 - 2014-01-09 11:15 - 00109192 _____ () C:\Users\mom\Downloads\Setup.exe

2014-01-09 00:53 - 2014-01-09 00:50 - 00000000 ____D C:\Users\Brice Ortiz\Desktop\RK_Quarantine

2014-01-09 00:50 - 2014-01-09 00:49 - 04406784 _____ C:\Users\Brice Ortiz\Downloads\RogueKillerX64.exe

2014-01-09 00:45 - 2013-09-30 21:00 - 00000000 ____D C:\ProgramData\Conduit

2014-01-09 00:45 - 2013-08-18 15:35 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Roaming\Search Protection

2014-01-09 00:14 - 2014-01-09 00:14 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-09 00:14 - 2012-12-17 18:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-09 00:09 - 2014-01-09 00:09 - 00037376 _____ C:\Windows\system32\gjdi.agz

2014-01-09 00:09 - 2014-01-08 23:58 - 00000096 _____ C:\Windows\system32\dnmy.soq

2014-01-08 23:58 - 2014-01-08 23:58 - 00000064 _____ C:\Windows\system32\hwwz.pji

2014-01-08 23:42 - 2014-01-08 23:42 - 00219314 ____S C:\Windows\system32\cnsbatm.nsj

2014-01-08 20:02 - 2013-07-16 21:17 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Roaming\TS3Client

2014-01-08 17:37 - 2013-12-05 17:43 - 00000000 ____D C:\Users\Brice Ortiz\Documents\Infestation Survivor Stories

2014-01-08 14:36 - 2014-01-08 14:36 - 00118149 _____ C:\Users\Brice Ortiz\Downloads\wmpChrome (2).crx

2014-01-07 19:00 - 2012-12-22 21:53 - 00291128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

2014-01-07 19:00 - 2012-12-22 21:47 - 00291128 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2014-01-04 23:23 - 2012-12-22 21:47 - 00291128 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2014-01-01 15:52 - 2013-06-19 13:46 - 00000000 ____D C:\ProgramData\Package Cache

2013-12-31 13:28 - 2013-12-31 13:28 - 00000222 _____ C:\Users\Brice Ortiz\Desktop\Age of Empires II HD Edition.url

2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Local\ArchiveInvalidation

2013-12-31 13:23 - 2013-12-31 13:23 - 00000000 ____D C:\Users\Brice Ortiz\Desktop\New folder (3)

2013-12-31 13:22 - 2013-12-31 13:22 - 03045384 _____ C:\Users\Brice Ortiz\Desktop\ArchiveInvalidation File Generator v3_2-52402-3-2.zip

2013-12-30 17:11 - 2012-12-19 17:27 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Roaming\BitTorrent

2013-12-30 16:30 - 2009-07-14 00:13 - 00778278 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-30 15:28 - 2013-12-30 15:28 - 00000000 ____D C:\Users\Brice Ortiz\Downloads\Fallout New Vegas DLC

2013-12-30 10:41 - 2012-12-22 12:18 - 00000000 ____D C:\Users\mom\AppData\Local\Spotify

2013-12-29 23:49 - 2013-12-29 23:28 - 1188594344 _____ C:\Users\Brice Ortiz\Downloads\NMCs Textures NV LARGE Pack Part 3 of 3 FOR NMM-43135-1-0.7z

2013-12-29 23:42 - 2013-12-29 23:38 - 203145992 _____ C:\Users\Brice Ortiz\Downloads\weapon_retexture_project_1dot95-38285-1-95.7z

2013-12-29 23:17 - 2013-01-22 23:56 - 00000000 ____D C:\Users\Brice Ortiz\Documents\Nexus Mod Manager

2013-12-29 23:15 - 2013-12-29 22:52 - 1110471037 _____ C:\Users\Brice Ortiz\Desktop\NMCs Textures NV LARGE Pack Part 2 of 3 FOR NMM -43135-1-0.7z

2013-12-29 23:13 - 2013-12-29 23:13 - 00000000 ____D C:\Users\Brice Ortiz\Downloads\Facebook_files

2013-12-29 23:13 - 2013-12-29 23:12 - 01113067 _____ C:\Users\Brice Ortiz\Downloads\Facebook.htm

2013-12-29 22:50 - 2013-12-29 22:29 - 1132280378 _____ C:\Users\Brice Ortiz\Downloads\NMCs Textures NV LARGE Pack Part 1 of 3 FOR NMM -43135-1-0.7z

2013-12-29 17:58 - 2013-12-29 17:58 - 00000221 _____ C:\Users\Brice Ortiz\Desktop\Fallout New Vegas.url

2013-12-29 17:58 - 2013-01-03 16:05 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Local\FalloutNV

2013-12-29 17:05 - 2012-12-17 18:49 - 00610518 _____ C:\Windows\DirectX.log

2013-12-26 17:26 - 2013-12-26 17:26 - 00000222 _____ C:\Users\Brice Ortiz\Desktop\Rust.url

2013-12-26 17:21 - 2013-12-26 17:21 - 00000000 ____D C:\Users\Brice Ortiz\Documents\DayZ

2013-12-26 16:08 - 2013-12-26 16:08 - 00000222 _____ C:\Users\Brice Ortiz\Desktop\DayZ.url

2013-12-22 21:02 - 2013-12-22 21:02 - 00055639 _____ C:\Users\Brice Ortiz\Downloads\Yog-Sothoth_couleur.jpeg

2013-12-21 15:38 - 2012-12-19 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-21 10:14 - 2013-12-21 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-21 09:17 - 2009-07-14 00:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-12-18 23:53 - 2013-12-18 23:53 - 00007678 _____ C:\Users\Brice Ortiz\Downloads\cute-face-meme-66287433884.jpeg

2013-12-18 16:54 - 2012-12-18 03:14 - 00000000 ____D C:\Users\Brice Ortiz\AppData\Local\Spotify

2013-12-18 15:20 - 2013-11-15 13:38 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-12-18 15:20 - 2013-11-15 13:38 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-12-18 15:20 - 2013-11-15 13:38 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-12-16 00:14 - 2013-12-16 00:14 - 00000653 _____ C:\Users\Brice Ortiz\Downloads\ce0dc23a1bbf66c19100881f36547778.htm

2013-12-13 01:41 - 2013-12-13 01:41 - 01741678 _____ C:\Users\Brice Ortiz\Downloads\Coat_of_Arms_of_Puerto_Rico.svg

2013-12-13 01:41 - 2013-12-13 01:41 - 01741678 _____ C:\Users\Brice Ortiz\Downloads\Coat_of_Arms_of_Puerto_Rico (1).svg

2013-12-11 01:57 - 2013-11-30 18:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-12-11 01:57 - 2013-11-30 18:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-11 01:57 - 2013-11-30 18:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:

====================

C:\Users\Brice Ortiz\AppData\Local\Temp\70c100fa4ed8d220df9dc57f3e585506.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\APNSetup.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\avgnt.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\avguidx.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\bfginstaller.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\conduitinstaller.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\drm_dyndata_7410004.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\F5038T1L1.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\gtalkwmp1.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\GUninstaller.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\Gw2.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\lowproc.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\lvid_lvid.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\Nexus%20Mod%20Manager-0.41.0.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\nsj9029.tmp.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\nvStInst.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\oi_{D173C716-7387-4130-AAB5-97485E7F65FD}.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\safeguard.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\setup.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\SetupAuto.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\SetupUpdater.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\SIMEEI2Installer.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\SIMEEIInstaller.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\sonarinst.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\stubhelper.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\swat4_update_en_10_11.EXE

C:\Users\Brice Ortiz\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\tbedrs.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\tbKeyB.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\Tsu34DF5C16.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\Tsu4C55749F.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\TsuBA3B178B.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\TsuD1F908E7.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\TsuE9FA1790.dll

C:\Users\Brice Ortiz\AppData\Local\Temp\uninst1.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\UNINSTALL.EXE

C:\Users\Brice Ortiz\AppData\Local\Temp\uninstall_flash_player.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\uttAA75.tmp.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\uttE528.tmp.exe

C:\Users\Brice Ortiz\AppData\Local\Temp\VidSaver_20121217.exe

C:\Users\mom\AppData\Local\Temp\avgnt.exe

C:\Users\mom\AppData\Local\Temp\avguidx.dll

C:\Users\mom\AppData\Local\Temp\TB_87C5.exe

C:\Users\mom\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 5D06C291B1EF52C19673E007263ACD59

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-09 13:15

==================== End Of Log ============================

Addition.txt

kevinf80 · January 11, 2014

OK definite infection, run this please:

Run FRST one more time:

Type the following in the edit box after "Search:".

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

xbriceyx · January 11, 2014

was afraid of that but it was.. holy crap its obvious.. haha.. and here it is..

Farbar Recovery Scan Tool (x64) Version: 10-01-2014

Ran by Brice Ortiz at 2014-01-10 20:22:13

Running from C:\Users\Brice Ortiz\Desktop

Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll

[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 5D06C291B1EF52C19673E007263ACD59

====== End Of Search ======

kevinf80 · January 11, 2014

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced logs, let me know if there is any improvement...

Kevin

Fixlist.txt

xbriceyx · January 11, 2014

so can i creat a folder for frst and put the fix in that folder and run it?

xbriceyx · January 11, 2014

HERE IT IS

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2014

Ran by Brice Ortiz at 2014-01-10 20:43:29 Run:1

Running from C:\Users\Brice Ortiz\Desktop\New folder (4)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

MountPoints2: F - F:\Installer.exe

MountPoints2: {620ebddd-4a01-11e2-bce2-902b34adc190} - E:\Installer.exe

AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll [ ] ()

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3.1010000.00000

SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://search.yahoo....&type=714647&p={searchTerms}

SearchScopes: HKCU - {8133387F-10FE-4676-8F7B-BB24F93FE16E} URL = http://websearch.ask...0031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^YYYYYY^YY^US&apn_uid=EBBFAB01-4A88-44DC-AE52-B9AF179F8DBC&apn_sauid=901C79CC-316D-4F7F-9290-13F841370898

BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

C:\Program Files (x86)\Ask.com