Jump to content

REemOveThEAiddApp extension in Chrome, I believe it's the cause of random ad popups


Recommended Posts

I have ran several malware scanners on my machine and the problem still persists. I have everything on my computer that I can think of since the time the problem started, and then some. I sometimes get the same ads that pop up on different websites. I've noticed that the comments section on youtube no longer loads. Also, occasionally when I click a link I get redirected to a site saying i'm infected and need to pay money for some BS software to clean my machine. No, I did not pay for and download that bogus software.

 

I followed the steps in the "I'm Infected - What do I do now?" thread. Following is the contents of the dds.txt and attach.txt files. Thank you for any help and support!!

 

DDS.TXT:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.51.2
Run by skittlebeezy at 11:12:51 on 2014-03-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8089.4913 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{1CA24785-E68E-4C5E-8352-CF32758DC74A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8F664338-1302-43D0-B677-83512522DAF5} : DHCPNameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{8F664338-1302-43D0-B677-83512522DAF5}\24C65756D4563786E233139343 : DHCPNameServer = 10.31.94.1
TCP: Interfaces\{8F664338-1302-43D0-B677-83512522DAF5}\3516E6364757162797 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8F664338-1302-43D0-B677-83512522DAF5}\541445021402449434B4C2022494453484121212 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8F664338-1302-43D0-B677-83512522DAF5}\940286433702864387032733460216C6C60257270296E6473327773326371212 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8F664338-1302-43D0-B677-83512522DAF5}\C484D47455543545 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{8F664338-1302-43D0-B677-83512522DAF5}\D4F687965602A4146514 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~2\gssupp~1\assist~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: {83B3033A-AF6A-7615-28A5-CD88C02C5A4B} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-3-11 16152]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2013-11-15 32544]
R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\windows\System32\drivers\bflwfx64.sys [2012-6-29 66928]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-12 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-3-12 2429544]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-3-12 127320]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-12 162648]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2012-4-27 160768]
R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-16 12800]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2013-3-12 138768]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-19 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-15 15129376]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2013-6-15 14112]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-3 171416]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-12 362840]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-10-13 31216]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2013-3-11 143144]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-3-11 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-3-11 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-3-11 788760]
R3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\windows\System32\drivers\e22W7x64.sys [2012-6-29 161648]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2013-3-12 32344]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2013-3-12 14136]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2013-12-20 39200]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\drivers\RtsPStor.sys [2013-3-12 340072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-3 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-3 1042272]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-6-16 49152]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2012-2-13 95232]
S3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2014-1-20 131912]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-3-12 57856]
S3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\windows\System32\drivers\ladfGSCamd64.sys [2013-4-15 410008]
S3 LADF_RenderOnly;LADF Render Filter Driver;C:\windows\System32\drivers\ladfGSRamd64.sys [2013-4-15 102808]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-3-29 273168]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8187.sys [2014-1-31 448512]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\windows\System32\drivers\ScreamingBAudio64.sys [2009-3-27 27160]
S3 ts_arusb;[CommView] Atheros Wireless Network Adapter Service;C:\windows\System32\drivers\ts_arusbx.sys [2010-5-22 1206504]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S4 HPSIService;HP SI Service;C:\windows\System32\HPSIsvc.exe [2013-6-28 126880]
S4 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-6-29 489472]
.
=============== Created Last 30 ================
.
2014-03-14 05:53:14 -------- d-----w- C:\Users\skittlebeezy\AppData\Roaming\SUPERAntiSpyware.com
2014-03-14 05:52:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-03-14 05:52:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-03-03 07:46:41 21040 ----a-w- C:\windows\System32\sdnclean64.exe
2014-03-03 07:46:37 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-03-03 07:46:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-21 15:57:30 -------- d-----w- C:\Program Files (x86)\Terraria
2014-02-15 02:05:08 -------- d-----w- C:\Users\skittlebeezy\AppData\Roaming\Mumble
2014-02-15 02:00:11 -------- d-----w- C:\Program Files (x86)\Mumble
2014-02-15 01:34:25 28672 ----a-w- C:\windows\SysWow64\TraceServer.dll
2014-02-15 01:34:25 262230 ----a-w- C:\windows\SysWow64\CCNSMT.dll
2014-02-15 01:06:51 -------- d-----w- C:\Users\skittlebeezy\AppData\Roaming\.minecraft
.
==================== Find3M  ====================
.
2014-03-07 04:06:51 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2014-02-12 00:30:40 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-01-27 07:13:19 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-27 07:13:19 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe
2013-12-19 04:09:39 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 11:14:49.71 ===============
 
 
ATTACH.TXT:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 6/15/2013 3:18:18 PM
System Uptime: 3/14/2014 10:47:19 AM (1 hours ago)
.
Motherboard: Micro-Star International Co., Ltd. |  | MS-16GA
Processor: Intel® Core i5-3230M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 413 GiB total, 252.796 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP139: 3/6/2014 9:08:01 AM - Windows Update
RP140: 3/9/2014 11:08:31 AM - Windows Update
RP141: 3/12/2014 11:06:43 PM - Windows Update
RP142: 3/14/2014 9:54:02 AM - Removed Grand Theft Auto IV
RP143: 3/14/2014 10:01:20 AM - Removed MorphVOX Pro
RP144: 3/14/2014 10:05:12 AM - Removed Rockstar Games Social Club
RP145: 3/14/2014 10:10:49 AM - Removed System Requirements Lab CYRI
RP146: 3/14/2014 10:11:18 AM - Removed Vizzed Retro Game Room
.
==== Installed Programs ======================
.
????
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arma 2
Arma 2: DayZ Mod
Arma 2: Operation Arrowhead
Arma 2: Operation Arrowhead Beta
AutoIt v3.3.8.1
Battery Calibration
Battle.net
BattlEye for OA Uninstall
BattlEye Uninstall
Bonjour
BurnRecovery
Corel WinDVD
CyberLink YouCam
D3DX10
DayZ Commander
DayZero Launcher
Desura
eReg
ETDWare PS/2-X64 8.0.5.7_WHQL
Firefall
Galerie de photos
Galería de fotos
GeForce Experience NvStream Client Components
GIMP 2.8.6
Google Chrome
Google Update Helper
GS Supporter 1.80
Hearthstone
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2484841)
HP LaserJet Professional P1100-P1560-P1600 Series
ImgBurn
Intel PROSet Wireless
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 51
Java 7 Update 51 (64-bit)
Java Auto Updater
Junk Mail filter update
Logitech Gaming Software
Logitech Gaming Software 8.50
Logitech SetPoint 6.61
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft XNA Framework Redistributable 4.0 Refresh
Movie Maker
MSI Afterburner 2.3.1
MSI HOUSE
MSI Kombustor 2.5.0
MSI Remind Manager
MSI Software Install
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Mumble 1.2.5
NVIDIA Control Panel 331.65
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 331.65
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 10.11.15
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 10.11.15
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
OpenOffice 4.0.0
Origin
Path of Exile
Photo Common
Photo Gallery
Project Zomboid
Qualcomm Atheros Killer Network Manager
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
roConnect
S-Bar
SHIELD Streaming
Spybot - Search & Destroy
Steam
Super-Charger
SUPERAntiSpyware
Team Fortress 2
TeamSpeak 3 Client
The Elder Scrolls Online Beta
THX TruStudio Pro
Unity Web Player
VLC media player 2.0.0
WampServer 2.4
Windows Live
Windows Live ???
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
3/14/2014 8:17:15 AM, Error: Service Control Manager [7024]  - The VMware Workstation Server service terminated with service-specific error %%-1.
3/14/2014 8:16:10 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
3/14/2014 8:16:10 AM, Error: Service Control Manager [7000]  - The HOSTS Anti-PUPs service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/14/2014 3:48:49 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
3/14/2014 3:47:57 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
3/14/2014 3:47:30 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/14/2014 3:47:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/14/2014 3:47:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/14/2014 3:47:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/14/2014 3:47:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/14/2014 3:47:09 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/14/2014 3:47:03 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/14/2014 3:46:49 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BfLwf DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The VMware Workstation Server service depends on the Workstation service which failed to start because of the following error:  The dependency service or group failed to start.
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/14/2014 3:46:49 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/14/2014 3:46:36 AM, Error: sptd [4]  - Driver detected an internal error in its data structures for .
3/14/2014 10:49:24 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
3/14/2014 10:49:24 AM, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/14/2014 10:49:03 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/14/2014 10:48:53 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
3/14/2014 10:48:53 AM, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Updating Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/14/2014 10:08:01 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/14/2014 10:08:01 AM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/13/2014 3:30:52 AM, Error: Service Control Manager [7030]  - The HOSTS Anti-PUPs service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/10/2014 5:01:06 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer E-MACHINE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F664338-1302-43D0-B677-83512522DAF5}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
 
Link to post
Share on other sites

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

Backup Your Registry

  • Please download, transfer it to the affected computer via USB flash drive and install Tweaking.com-Registry Backup.
  • Open Tweaking.com-Registry Backup and click on Backup Now.
  • Close the application.

 

 

STEP 2

 

(this should be detected by MBAM as Win64/Adware.MultiPlug.A smile.png) so please do the following:

 

  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.

 

 

STEP 3

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi

Link to post
Share on other sites

MBAM LOG:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2014.03.14.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
skittlebeezy :: PWNB0X2 [administrator]
 
Protection: Disabled
 
3/14/2014 12:02:11 PM
mbam-log-2014-03-14 (12-02-11).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273269
Time elapsed: 3 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
FRST.TXT:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by skittlebeezy (administrator) on PWNB0X2 on 14-03-2014 12:09:30
Running from C:\Users\skittlebeezy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2598696 2012-02-29] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3268596063-2030829406-357516194-1001\...\MountPoints2: {13dab54b-b677-11e2-b7da-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-3268596063-2030829406-357516194-1001\...\MountPoints2: {7957624b-d70e-11e2-b9f0-8c89a50b1407} - F:\Setup.exe
HKU\S-1-5-21-3268596063-2030829406-357516194-1001\...\MountPoints2: {e26acade-8a90-11e3-b996-8c89a50b1407} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [2759168 2014-01-04] ()
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32:  c:\progra~2\gssupp~1\assist~1.dll => C:\Program Files (x86)\GS Supporter\Assistant.dll [3041792 2014-01-04] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {FAFF581A-A13F-4339-B3D8-C5941D425EEF} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&pc=MAMIJS&src=IE9TR
SearchScopes: HKLM - {FAFF581A-A13F-4339-B3D8-C5941D425EEF} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&pc=MAMIJS&src=IE9TR
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {83B3033A-AF6A-7615-28A5-CD88C02C5A4B} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Vizzed Retro Game Room Plugin) - C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\skittlebeezy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Raidcall plugin) - C:\Users\skittlebeezy\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
CHR Extension: (Google Docs) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-15]
CHR Extension: (Google Drive) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-15]
CHR Extension: (YouTube) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-15]
CHR Extension: (Adblock Plus) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-07]
CHR Extension: (Google Search) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-15]
CHR Extension: (REemOveThEAiddApp) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcigocanoknjlefmanbmpkddfihnkimc [2014-01-30]
CHR Extension: (AdBlock) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-07]
CHR Extension: (YouTube Customizer (by Adblock Plus)) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmddkphkkipkepkllomhcbooojhhhcpa [2014-01-07]
CHR Extension: (Adblock Advisor) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplojogpbcbnjoemcalepfmbcpnkpjjo [2014-03-12]
CHR Extension: (Google Wallet) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-16] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-14] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2012-04-27] (Micro-Star International Co., Ltd.)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S4 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [489472 2012-06-29] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2012-06-29] (Qualcomm Atheros, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161648 2012-06-29] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-06-16] ()
S3 ts_arusb; C:\Windows\System32\DRIVERS\ts_arusbx.sys [1206504 2011-05-13] (TamoSoft)
U3 ag0ccwx7; C:\Windows\System32\Drivers\ag0ccwx7.sys [0 ] (Microsoft Corporation)
S3 CV2K1; system32\DRIVERS\cv2k1.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-14 12:09 - 2014-03-14 12:10 - 00016702 _____ () C:\Users\skittlebeezy\Downloads\FRST.txt
2014-03-14 12:09 - 2014-03-14 12:09 - 00000000 ____D () C:\FRST
2014-03-14 12:08 - 2014-03-14 12:08 - 02157056 _____ (Farbar) C:\Users\skittlebeezy\Downloads\FRST64.exe
2014-03-14 11:58 - 2014-03-14 11:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\skittlebeezy\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-14 11:58 - 2014-03-14 11:58 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PWNB0X2-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-03-14 11:57 - 2014-03-14 11:57 - 00002245 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-03-14 11:57 - 2014-03-14 11:57 - 00000000 ____D () C:\RegBackup
2014-03-14 11:56 - 2014-03-14 11:56 - 03944112 _____ () C:\Users\skittlebeezy\Downloads\tweaking.com_registry_backup_setup.exe
2014-03-14 11:56 - 2014-03-14 11:56 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-14 11:29 - 2014-03-14 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 11:29 - 2014-03-14 11:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\skittlebeezy\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 11:29 - 2014-03-14 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 11:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-14 11:15 - 2014-03-14 11:15 - 00013471 _____ () C:\Users\skittlebeezy\Desktop\attach.txt
2014-03-14 11:15 - 2014-03-14 11:14 - 00018117 _____ () C:\Users\skittlebeezy\Desktop\dds.txt
2014-03-14 09:40 - 2014-03-14 09:40 - 00688992 ____R (Swearware) C:\Users\skittlebeezy\Desktop\dds.scr
2014-03-13 23:58 - 2014-03-13 23:58 - 00050688 _____ (Atribune.org) C:\Users\skittlebeezy\Downloads\ATF-Cleaner.exe
2014-03-13 23:53 - 2014-03-13 23:53 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\SUPERAntiSpyware.com
2014-03-13 23:52 - 2014-03-13 23:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-13 23:52 - 2014-03-13 23:52 - 00001818 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-03-13 23:52 - 2014-03-13 23:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-13 03:51 - 2014-03-13 03:51 - 00001444 _____ () C:\Users\skittlebeezy\Desktop\Terraria.lnk
2014-03-13 03:29 - 2014-03-13 03:29 - 00076800 ___SH () C:\Users\skittlebeezy\Downloads\Thumbs.db
2014-03-13 03:03 - 2014-03-13 03:03 - 01949184 _____ () C:\Users\skittlebeezy\Downloads\AdwCleaner.exe
2014-03-11 16:15 - 2014-03-11 16:15 - 01143808 _____ () C:\Users\skittlebeezy\Desktop\TerrariViewer.exe
2014-03-03 01:46 - 2014-03-03 03:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-03 01:46 - 2014-03-03 01:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-03 01:46 - 2014-03-03 01:46 - 00001389 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-03 01:46 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-02-21 09:57 - 2014-02-21 10:42 - 00000000 ____D () C:\Program Files (x86)\Terraria
2014-02-14 20:13 - 2014-02-14 20:13 - 00002377 _____ () C:\Users\skittlebeezy\Documents\MumbleAutomaticCertificateBackup.p12
2014-02-14 20:05 - 2014-03-12 19:59 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\Mumble
2014-02-14 20:04 - 2014-03-12 19:59 - 00063488 _____ () C:\Users\skittlebeezy\murmur.sqlite
2014-02-14 20:00 - 2014-02-14 20:04 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-02-14 19:34 - 2014-02-14 19:34 - 00262230 _____ () C:\windows\SysWOW64\CCNSMT.dll
2014-02-14 19:34 - 2014-02-14 19:34 - 00028672 _____ (Cisco Systems Inc.) C:\windows\SysWOW64\TraceServer.dll
2014-02-14 19:30 - 2014-02-14 19:30 - 00003154 _____ () C:\windows\System32\Tasks\{197FEB32-25D5-4A6B-AF59-3468DD835011}
2014-02-14 19:06 - 2014-03-14 10:01 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\.minecraft
 
==================== One Month Modified Files and Folders =======
 
2014-03-14 12:10 - 2014-03-14 12:09 - 00016702 _____ () C:\Users\skittlebeezy\Downloads\FRST.txt
2014-03-14 12:09 - 2014-03-14 12:09 - 00000000 ____D () C:\FRST
2014-03-14 12:08 - 2014-03-14 12:08 - 02157056 _____ (Farbar) C:\Users\skittlebeezy\Downloads\FRST64.exe
2014-03-14 12:05 - 2013-06-15 15:37 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-14 11:59 - 2014-03-14 11:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\skittlebeezy\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-14 11:58 - 2014-03-14 11:58 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PWNB0X2-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-03-14 11:57 - 2014-03-14 11:57 - 00002245 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-03-14 11:57 - 2014-03-14 11:57 - 00000000 ____D () C:\RegBackup
2014-03-14 11:56 - 2014-03-14 11:56 - 03944112 _____ () C:\Users\skittlebeezy\Downloads\tweaking.com_registry_backup_setup.exe
2014-03-14 11:56 - 2014-03-14 11:56 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-14 11:30 - 2014-03-14 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 11:29 - 2014-03-14 11:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\skittlebeezy\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 11:29 - 2014-03-14 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 11:15 - 2014-03-14 11:15 - 00013471 _____ () C:\Users\skittlebeezy\Desktop\attach.txt
2014-03-14 11:14 - 2014-03-14 11:15 - 00018117 _____ () C:\Users\skittlebeezy\Desktop\dds.txt
2014-03-14 10:57 - 2009-07-13 22:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 10:57 - 2009-07-13 22:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-14 10:54 - 2009-07-13 23:13 - 00779018 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-14 10:53 - 2013-06-15 15:19 - 01341928 _____ () C:\windows\WindowsUpdate.log
2014-03-14 10:48 - 2014-01-04 17:47 - 00000474 ____H () C:\windows\Tasks\GS.Enabler-S-926685765.job
2014-03-14 10:48 - 2013-06-15 15:37 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-14 10:48 - 2013-03-12 11:08 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-03-14 10:47 - 2010-11-20 21:47 - 00926754 _____ () C:\windows\PFRO.log
2014-03-14 10:47 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-14 10:47 - 2009-07-13 22:51 - 00131109 _____ () C:\windows\setupact.log
2014-03-14 10:42 - 2013-06-19 18:00 - 00000000 ____D () C:\Users\skittlebeezy\Documents\My Games
2014-03-14 10:22 - 2013-06-15 15:18 - 00000000 ____D () C:\Users\skittlebeezy
2014-03-14 10:15 - 2013-06-15 16:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-14 10:12 - 2013-06-17 17:42 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\VMware
2014-03-14 10:09 - 2013-06-15 16:53 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-14 10:05 - 2013-03-12 11:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-14 10:02 - 2013-12-23 01:43 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\NexonLauncher
2014-03-14 10:01 - 2014-02-14 19:06 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\.minecraft
2014-03-14 09:59 - 2013-09-18 11:30 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-03-14 09:58 - 2013-06-15 15:37 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Local\Deployment
2014-03-14 09:57 - 2013-09-09 17:34 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\Ubisoft
2014-03-14 09:56 - 2013-06-15 16:18 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\uTorrent
2014-03-14 09:40 - 2014-03-14 09:40 - 00688992 ____R (Swearware) C:\Users\skittlebeezy\Desktop\dds.scr
2014-03-14 00:00 - 2014-01-04 17:47 - 00000000 ____D () C:\Program Files (x86)\GS Supporter
2014-03-13 23:58 - 2014-03-13 23:58 - 00050688 _____ (Atribune.org) C:\Users\skittlebeezy\Downloads\ATF-Cleaner.exe
2014-03-13 23:55 - 2013-06-16 01:15 - 00001945 _____ () C:\windows\epplauncher.mif
2014-03-13 23:53 - 2014-03-13 23:53 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\SUPERAntiSpyware.com
2014-03-13 23:53 - 2014-03-13 23:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-13 23:52 - 2014-03-13 23:52 - 00001818 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-03-13 23:52 - 2014-03-13 23:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-13 16:06 - 2013-03-12 11:08 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-03-13 03:51 - 2014-03-13 03:51 - 00001444 _____ () C:\Users\skittlebeezy\Desktop\Terraria.lnk
2014-03-13 03:29 - 2014-03-13 03:29 - 00076800 ___SH () C:\Users\skittlebeezy\Downloads\Thumbs.db
2014-03-13 03:03 - 2014-03-13 03:03 - 01949184 _____ () C:\Users\skittlebeezy\Downloads\AdwCleaner.exe
2014-03-12 19:59 - 2014-02-14 20:05 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\Mumble
2014-03-12 19:59 - 2014-02-14 20:04 - 00063488 _____ () C:\Users\skittlebeezy\murmur.sqlite
2014-03-11 16:15 - 2014-03-11 16:15 - 01143808 _____ () C:\Users\skittlebeezy\Desktop\TerrariViewer.exe
2014-03-06 22:06 - 2013-10-19 10:57 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys
2014-03-06 22:06 - 2013-10-19 10:57 - 00001876 _____ () C:\windows\LkmdfCoInst.log
2014-03-05 17:31 - 2009-07-13 23:08 - 00032610 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-03-05 12:55 - 2013-09-12 15:03 - 00000000 ____D () C:\Users\skittlebeezy\Documents\Important Docs
2014-03-03 03:38 - 2014-03-03 01:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-03 01:51 - 2014-03-03 01:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-03 01:46 - 2014-03-03 01:46 - 00001389 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-01 04:03 - 2013-06-15 21:51 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\vlc
2014-02-21 10:42 - 2014-02-21 09:57 - 00000000 ____D () C:\Program Files (x86)\Terraria
2014-02-19 17:42 - 2013-07-22 10:29 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\redsn0w
2014-02-17 17:45 - 2013-10-01 12:34 - 00000000 ____D () C:\ProgramData\Origin
2014-02-17 17:44 - 2013-10-01 12:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-16 17:38 - 2013-11-21 01:46 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-02-15 14:24 - 2013-06-15 18:55 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Local\ArmA 2 OA
2014-02-14 20:13 - 2014-02-14 20:13 - 00002377 _____ () C:\Users\skittlebeezy\Documents\MumbleAutomaticCertificateBackup.p12
2014-02-14 20:04 - 2014-02-14 20:00 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-02-14 19:34 - 2014-02-14 19:34 - 00262230 _____ () C:\windows\SysWOW64\CCNSMT.dll
2014-02-14 19:34 - 2014-02-14 19:34 - 00028672 _____ (Cisco Systems Inc.) C:\windows\SysWOW64\TraceServer.dll
2014-02-14 19:30 - 2014-02-14 19:30 - 00003154 _____ () C:\windows\System32\Tasks\{197FEB32-25D5-4A6B-AF59-3468DD835011}
 
Some content of TEMP:
====================
C:\Users\skittlebeezy\AppData\Local\Temp\Uninstaller-5196.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-11 00:37
 
==================== End Of Log ============================

MBAM LOG:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2014.03.14.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
skittlebeezy :: PWNB0X2 [administrator]
 
Protection: Disabled
 
3/14/2014 12:02:11 PM
mbam-log-2014-03-14 (12-02-11).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273269
Time elapsed: 3 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
FRST.TXT:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by skittlebeezy (administrator) on PWNB0X2 on 14-03-2014 12:09:30
Running from C:\Users\skittlebeezy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2598696 2012-02-29] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3268596063-2030829406-357516194-1001\...\MountPoints2: {13dab54b-b677-11e2-b7da-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-3268596063-2030829406-357516194-1001\...\MountPoints2: {7957624b-d70e-11e2-b9f0-8c89a50b1407} - F:\Setup.exe
HKU\S-1-5-21-3268596063-2030829406-357516194-1001\...\MountPoints2: {e26acade-8a90-11e3-b996-8c89a50b1407} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [2759168 2014-01-04] ()
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32:  c:\progra~2\gssupp~1\assist~1.dll => C:\Program Files (x86)\GS Supporter\Assistant.dll [3041792 2014-01-04] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {FAFF581A-A13F-4339-B3D8-C5941D425EEF} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&pc=MAMIJS&src=IE9TR
SearchScopes: HKLM - {FAFF581A-A13F-4339-B3D8-C5941D425EEF} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&pc=MAMIJS&src=IE9TR
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {83B3033A-AF6A-7615-28A5-CD88C02C5A4B} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Vizzed Retro Game Room Plugin) - C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\skittlebeezy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Raidcall plugin) - C:\Users\skittlebeezy\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
CHR Extension: (Google Docs) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-15]
CHR Extension: (Google Drive) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-15]
CHR Extension: (YouTube) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-15]
CHR Extension: (Adblock Plus) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-07]
CHR Extension: (Google Search) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-15]
CHR Extension: (REemOveThEAiddApp) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcigocanoknjlefmanbmpkddfihnkimc [2014-01-30]
CHR Extension: (AdBlock) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-07]
CHR Extension: (YouTube Customizer (by Adblock Plus)) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmddkphkkipkepkllomhcbooojhhhcpa [2014-01-07]
CHR Extension: (Adblock Advisor) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplojogpbcbnjoemcalepfmbcpnkpjjo [2014-03-12]
CHR Extension: (Google Wallet) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-16] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-14] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2012-04-27] (Micro-Star International Co., Ltd.)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S4 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [489472 2012-06-29] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2012-06-29] (Qualcomm Atheros, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161648 2012-06-29] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-06-16] ()
S3 ts_arusb; C:\Windows\System32\DRIVERS\ts_arusbx.sys [1206504 2011-05-13] (TamoSoft)
U3 ag0ccwx7; C:\Windows\System32\Drivers\ag0ccwx7.sys [0 ] (Microsoft Corporation)
S3 CV2K1; system32\DRIVERS\cv2k1.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-14 12:09 - 2014-03-14 12:10 - 00016702 _____ () C:\Users\skittlebeezy\Downloads\FRST.txt
2014-03-14 12:09 - 2014-03-14 12:09 - 00000000 ____D () C:\FRST
2014-03-14 12:08 - 2014-03-14 12:08 - 02157056 _____ (Farbar) C:\Users\skittlebeezy\Downloads\FRST64.exe
2014-03-14 11:58 - 2014-03-14 11:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\skittlebeezy\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-14 11:58 - 2014-03-14 11:58 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PWNB0X2-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-03-14 11:57 - 2014-03-14 11:57 - 00002245 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-03-14 11:57 - 2014-03-14 11:57 - 00000000 ____D () C:\RegBackup
2014-03-14 11:56 - 2014-03-14 11:56 - 03944112 _____ () C:\Users\skittlebeezy\Downloads\tweaking.com_registry_backup_setup.exe
2014-03-14 11:56 - 2014-03-14 11:56 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-14 11:29 - 2014-03-14 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 11:29 - 2014-03-14 11:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\skittlebeezy\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 11:29 - 2014-03-14 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 11:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-14 11:15 - 2014-03-14 11:15 - 00013471 _____ () C:\Users\skittlebeezy\Desktop\attach.txt
2014-03-14 11:15 - 2014-03-14 11:14 - 00018117 _____ () C:\Users\skittlebeezy\Desktop\dds.txt
2014-03-14 09:40 - 2014-03-14 09:40 - 00688992 ____R (Swearware) C:\Users\skittlebeezy\Desktop\dds.scr
2014-03-13 23:58 - 2014-03-13 23:58 - 00050688 _____ (Atribune.org) C:\Users\skittlebeezy\Downloads\ATF-Cleaner.exe
2014-03-13 23:53 - 2014-03-13 23:53 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\SUPERAntiSpyware.com
2014-03-13 23:52 - 2014-03-13 23:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-13 23:52 - 2014-03-13 23:52 - 00001818 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-03-13 23:52 - 2014-03-13 23:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-13 03:51 - 2014-03-13 03:51 - 00001444 _____ () C:\Users\skittlebeezy\Desktop\Terraria.lnk
2014-03-13 03:29 - 2014-03-13 03:29 - 00076800 ___SH () C:\Users\skittlebeezy\Downloads\Thumbs.db
2014-03-13 03:03 - 2014-03-13 03:03 - 01949184 _____ () C:\Users\skittlebeezy\Downloads\AdwCleaner.exe
2014-03-11 16:15 - 2014-03-11 16:15 - 01143808 _____ () C:\Users\skittlebeezy\Desktop\TerrariViewer.exe
2014-03-03 01:46 - 2014-03-03 03:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-03 01:46 - 2014-03-03 01:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-03 01:46 - 2014-03-03 01:46 - 00001389 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-03 01:46 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-02-21 09:57 - 2014-02-21 10:42 - 00000000 ____D () C:\Program Files (x86)\Terraria
2014-02-14 20:13 - 2014-02-14 20:13 - 00002377 _____ () C:\Users\skittlebeezy\Documents\MumbleAutomaticCertificateBackup.p12
2014-02-14 20:05 - 2014-03-12 19:59 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\Mumble
2014-02-14 20:04 - 2014-03-12 19:59 - 00063488 _____ () C:\Users\skittlebeezy\murmur.sqlite
2014-02-14 20:00 - 2014-02-14 20:04 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-02-14 19:34 - 2014-02-14 19:34 - 00262230 _____ () C:\windows\SysWOW64\CCNSMT.dll
2014-02-14 19:34 - 2014-02-14 19:34 - 00028672 _____ (Cisco Systems Inc.) C:\windows\SysWOW64\TraceServer.dll
2014-02-14 19:30 - 2014-02-14 19:30 - 00003154 _____ () C:\windows\System32\Tasks\{197FEB32-25D5-4A6B-AF59-3468DD835011}
2014-02-14 19:06 - 2014-03-14 10:01 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\.minecraft
 
==================== One Month Modified Files and Folders =======
 
2014-03-14 12:10 - 2014-03-14 12:09 - 00016702 _____ () C:\Users\skittlebeezy\Downloads\FRST.txt
2014-03-14 12:09 - 2014-03-14 12:09 - 00000000 ____D () C:\FRST
2014-03-14 12:08 - 2014-03-14 12:08 - 02157056 _____ (Farbar) C:\Users\skittlebeezy\Downloads\FRST64.exe
2014-03-14 12:05 - 2013-06-15 15:37 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-14 11:59 - 2014-03-14 11:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\skittlebeezy\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-14 11:58 - 2014-03-14 11:58 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PWNB0X2-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-03-14 11:57 - 2014-03-14 11:57 - 00002245 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-03-14 11:57 - 2014-03-14 11:57 - 00000000 ____D () C:\RegBackup
2014-03-14 11:56 - 2014-03-14 11:56 - 03944112 _____ () C:\Users\skittlebeezy\Downloads\tweaking.com_registry_backup_setup.exe
2014-03-14 11:56 - 2014-03-14 11:56 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-14 11:30 - 2014-03-14 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 11:29 - 2014-03-14 11:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\skittlebeezy\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 11:29 - 2014-03-14 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 11:15 - 2014-03-14 11:15 - 00013471 _____ () C:\Users\skittlebeezy\Desktop\attach.txt
2014-03-14 11:14 - 2014-03-14 11:15 - 00018117 _____ () C:\Users\skittlebeezy\Desktop\dds.txt
2014-03-14 10:57 - 2009-07-13 22:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 10:57 - 2009-07-13 22:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-14 10:54 - 2009-07-13 23:13 - 00779018 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-14 10:53 - 2013-06-15 15:19 - 01341928 _____ () C:\windows\WindowsUpdate.log
2014-03-14 10:48 - 2014-01-04 17:47 - 00000474 ____H () C:\windows\Tasks\GS.Enabler-S-926685765.job
2014-03-14 10:48 - 2013-06-15 15:37 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-14 10:48 - 2013-03-12 11:08 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-03-14 10:47 - 2010-11-20 21:47 - 00926754 _____ () C:\windows\PFRO.log
2014-03-14 10:47 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-14 10:47 - 2009-07-13 22:51 - 00131109 _____ () C:\windows\setupact.log
2014-03-14 10:42 - 2013-06-19 18:00 - 00000000 ____D () C:\Users\skittlebeezy\Documents\My Games
2014-03-14 10:22 - 2013-06-15 15:18 - 00000000 ____D () C:\Users\skittlebeezy
2014-03-14 10:15 - 2013-06-15 16:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-14 10:12 - 2013-06-17 17:42 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\VMware
2014-03-14 10:09 - 2013-06-15 16:53 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-14 10:05 - 2013-03-12 11:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-14 10:02 - 2013-12-23 01:43 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\NexonLauncher
2014-03-14 10:01 - 2014-02-14 19:06 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\.minecraft
2014-03-14 09:59 - 2013-09-18 11:30 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-03-14 09:58 - 2013-06-15 15:37 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Local\Deployment
2014-03-14 09:57 - 2013-09-09 17:34 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\Ubisoft
2014-03-14 09:56 - 2013-06-15 16:18 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\uTorrent
2014-03-14 09:40 - 2014-03-14 09:40 - 00688992 ____R (Swearware) C:\Users\skittlebeezy\Desktop\dds.scr
2014-03-14 00:00 - 2014-01-04 17:47 - 00000000 ____D () C:\Program Files (x86)\GS Supporter
2014-03-13 23:58 - 2014-03-13 23:58 - 00050688 _____ (Atribune.org) C:\Users\skittlebeezy\Downloads\ATF-Cleaner.exe
2014-03-13 23:55 - 2013-06-16 01:15 - 00001945 _____ () C:\windows\epplauncher.mif
2014-03-13 23:53 - 2014-03-13 23:53 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\SUPERAntiSpyware.com
2014-03-13 23:53 - 2014-03-13 23:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-13 23:52 - 2014-03-13 23:52 - 00001818 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-03-13 23:52 - 2014-03-13 23:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-13 16:06 - 2013-03-12 11:08 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-03-13 03:51 - 2014-03-13 03:51 - 00001444 _____ () C:\Users\skittlebeezy\Desktop\Terraria.lnk
2014-03-13 03:29 - 2014-03-13 03:29 - 00076800 ___SH () C:\Users\skittlebeezy\Downloads\Thumbs.db
2014-03-13 03:03 - 2014-03-13 03:03 - 01949184 _____ () C:\Users\skittlebeezy\Downloads\AdwCleaner.exe
2014-03-12 19:59 - 2014-02-14 20:05 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\Mumble
2014-03-12 19:59 - 2014-02-14 20:04 - 00063488 _____ () C:\Users\skittlebeezy\murmur.sqlite
2014-03-11 16:15 - 2014-03-11 16:15 - 01143808 _____ () C:\Users\skittlebeezy\Desktop\TerrariViewer.exe
2014-03-06 22:06 - 2013-10-19 10:57 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys
2014-03-06 22:06 - 2013-10-19 10:57 - 00001876 _____ () C:\windows\LkmdfCoInst.log
2014-03-05 17:31 - 2009-07-13 23:08 - 00032610 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-03-05 12:55 - 2013-09-12 15:03 - 00000000 ____D () C:\Users\skittlebeezy\Documents\Important Docs
2014-03-03 03:38 - 2014-03-03 01:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-03 01:51 - 2014-03-03 01:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-03 01:46 - 2014-03-03 01:46 - 00001389 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-01 04:03 - 2013-06-15 21:51 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\vlc
2014-02-21 10:42 - 2014-02-21 09:57 - 00000000 ____D () C:\Program Files (x86)\Terraria
2014-02-19 17:42 - 2013-07-22 10:29 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Roaming\redsn0w
2014-02-17 17:45 - 2013-10-01 12:34 - 00000000 ____D () C:\ProgramData\Origin
2014-02-17 17:44 - 2013-10-01 12:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-16 17:38 - 2013-11-21 01:46 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-02-15 14:24 - 2013-06-15 18:55 - 00000000 ____D () C:\Users\skittlebeezy\AppData\Local\ArmA 2 OA
2014-02-14 20:13 - 2014-02-14 20:13 - 00002377 _____ () C:\Users\skittlebeezy\Documents\MumbleAutomaticCertificateBackup.p12
2014-02-14 20:04 - 2014-02-14 20:00 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-02-14 19:34 - 2014-02-14 19:34 - 00262230 _____ () C:\windows\SysWOW64\CCNSMT.dll
2014-02-14 19:34 - 2014-02-14 19:34 - 00028672 _____ (Cisco Systems Inc.) C:\windows\SysWOW64\TraceServer.dll
2014-02-14 19:30 - 2014-02-14 19:30 - 00003154 _____ () C:\windows\System32\Tasks\{197FEB32-25D5-4A6B-AF59-3468DD835011}
 
Some content of TEMP:
====================
C:\Users\skittlebeezy\AppData\Local\Temp\Uninstaller-5196.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-11 00:37
 
==================== End Of Log ============================
 

 

Addition.txt

Link to post
Share on other sites

Hi,

 

No worries. :)
 

 

Click on Start > type in appwiz.cpl in the search box and press Enter
Select GS Supporter 1.80 > press Uninstall
 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi

Link to post
Share on other sites

FIXLOG.TXT:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by skittlebeezy at 2014-03-14 12:59:36 Run:1
Running from C:\Users\skittlebeezy\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
AppInit_DLLs:  C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [2759168 2014-01-04] ()
C:\Program Files (x86)\GS Supporter
AppInit_DLLs-x32:  c:\progra~2\gssupp~1\assist~1.dll => C:\Program Files (x86)\GS Supporter\Assistant.dll [3041792 2014-01-04] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO: No Name - {83B3033A-AF6A-7615-28A5-CD88C02C5A4B} -  No File
CHR Extension: (REemOveThEAiddApp) - C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcigocanoknjlefmanbmpkddfihnkimc [2014-01-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {B22C0FAE-61FD-4E46-A8F2-2C8C5C4373DA} - System32\Tasks\GS.Enabler-S-926685765 => c:\programdata\softwarehouse\gs.enabler\GS.Enabler.exe <==== ATTENTION
Task: C:\windows\Tasks\GS.Enabler-S-926685765.job => c:\programdata\softwarehouse\gs.enabler\GS.Enabler.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
AlternateDataStreams: C:\Users\skittlebeezy\Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}1
AlternateDataStreams: C:\Users\skittlebeezy\My Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}1
C:\Users\skittlebeezy\AppData\Local\Temp
end
*****************
 
" C:\\PROGRA~2\\GSSUPP~1\\ASSIST~2.DLL" => Value Data not found.
"C:\Program Files (x86)\GS Supporter" => File/Directory not found.
" c:\\progra~2\\gssupp~1\\assist~1.dll" => Value Data not found.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83B3033A-AF6A-7615-28A5-CD88C02C5A4B} => Key deleted successfully.
HKCR\CLSID\{83B3033A-AF6A-7615-28A5-CD88C02C5A4B} => Key not found.
C:\Users\skittlebeezy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcigocanoknjlefmanbmpkddfihnkimc => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B22C0FAE-61FD-4E46-A8F2-2C8C5C4373DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B22C0FAE-61FD-4E46-A8F2-2C8C5C4373DA} => Key deleted successfully.
C:\Windows\System32\Tasks\GS.Enabler-S-926685765 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GS.Enabler-S-926685765 => Key deleted successfully.
C:\windows\Tasks\GS.Enabler-S-926685765.job => Moved successfully.
C:\Windows => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully.
"C:\Users\skittlebeezy\Documents" => ":{2C848322-7882-41E2-AFF6-B060B946FEE9}1" ADS not found.
"C:\Users\skittlebeezy\My Documents" => ":{2C848322-7882-41E2-AFF6-B060B946FEE9}1" ADS not found.
 
"C:\Users\skittlebeezy\AppData\Local\Temp" directory move:
 
C:\Users\skittlebeezy\AppData\Local\Temp\.challenge_plain => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\accesstest.tmp => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\CFG4319.tmp => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\DDS.txt => Moved successfully.
Could not move "C:\Users\skittlebeezy\AppData\Local\Temp\etilqs_bhA4vEQwJ6a8hkY" => Scheduled to move on reboot.
Could not move "C:\Users\skittlebeezy\AppData\Local\Temp\etilqs_fTOQV6HM0An8wO5" => Scheduled to move on reboot.
Could not move "C:\Users\skittlebeezy\AppData\Local\Temp\etilqs_WazAvDaj8WGJxgV" => Scheduled to move on reboot.
Could not move "C:\Users\skittlebeezy\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\skittlebeezy\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\qtsingleapp-EAABFC-151a-1-lockfile => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\Uninstaller-5196.exe => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\utt5FDD.tmp => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\utt5FDD.tmp.bat => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\vminst.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\vmsetup.20140314101200.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\vmsetup.20140314101200.{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}.uninstall.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\vmsetup.20140314101200.{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}.uninstall.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\vmsetup.20140314101200.{197597A7-AD33-4898-9D8E-73066818B464}.uninstall.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\vmsetup.20140314101200.{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}.uninstall.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\vmsetup.20140314101200.{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}.uninstall.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\vmsetup.20140314101200.{D102611A-6466-4101-A51D-51069303AC65}.uninstall.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\vmsetup.20140314101200.{FFD9383C-01D5-4897-A954-43AF599AED30}.uninstall.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\wls8E00.tmp => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\wls8FB6.tmp => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\__tmp_29182755 => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\~DFA7CD5C92DF0BB9B1.TMP => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\vmware-skittlebeezy\vmware-vix-3656.log => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\4980_10916\crl-set => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\4980_10916\manifest.fingerprint => Moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\4980_10916\manifest.json => Moved successfully.
Could not move "C:\Users\skittlebeezy\AppData\Local\Temp" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-14 13:02:41)<=
 
C:\Users\skittlebeezy\AppData\Local\Temp\etilqs_bhA4vEQwJ6a8hkY => Is moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\etilqs_fTOQV6HM0An8wO5 => Is moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\etilqs_WazAvDaj8WGJxgV => Is moved successfully.
C:\Users\skittlebeezy\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
"C:\Users\skittlebeezy\AppData\Local\Temp" => Directory could not move.
 
==== End of Fixlog ====
Link to post
Share on other sites

Hello,

 

Great work! :)

 

How are things now? Do you still have any problems with Google Chrome?

 

I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

STEP 1

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

1.Please download HitmanPro

  • For 32-bit Operating System - dEMD6.gif.
  • For 64-bit Operating System - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon.

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 5-10 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.

Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

6-scanfin-choose.jpg

Navigate to C:\Documents and Settings\All Users\Application Data\HitmanPro\Logs (for Windows XP) or to C:\ProgramData\HitmanPro\Logs (for Windows Vista/7) open the report and copy and paste it to your next reply.

 

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi,

 

The logs are clean but before I let you go please run the following tool for me and post back the results:

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

 

Regards,

Georgi
 

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.80  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 51  

  Adobe Flash Player 11.9.900.170 Flash Player out of Date!  

 Adobe Reader 10.1.1 Adobe Reader out of Date!  

 Google Chrome 32.0.1700.102  

 Google Chrome 33.0.1750.149  

````````Process Check: objlist.exe by Laurent````````  

 Spybot Teatimer.exe is disabled! 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Hello,

 

 

I don't see an Anti Virus Program running on your machine.
Download and install an antivirus program, and make sure that you keep it updated.

You can find many freeware alternatives here and here. Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software..
Also having more than one "real-time" program can be a drain on your PC's efficiency so you should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

 

It's a good idea to clean the java cache:

http://www.java.com/en/download/help/plugin_cache.xml

 

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.06 to your PC's desktop.
 

  • Uninstall  Adobe Reader 10.1.1 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

 

Adobe Flash Player is out of date!

 

Please download and install the latest version from the links below:

 

Adobe Flash Player 12.0.0.77 Final for (Internet Explorer)

Adobe Flash Player 12.0.0.77 Final for (Firefox, Safari, Opera)

 

Note: Your browsers should be closed before proceeding with the installation process.

 

Next please run SecurityCheck again and post back the log file. :)

 

 

Regards,

Georgi

Link to post
Share on other sites

I was using MSSE as my antivirus until this morning when I uninstalled it before making this post originally. I didn't want anything on my machine that could possibly interfere with your instructions. I'll put it back on right away. As far as Adobe reader, I will go ahead and update that. However, I purposefully downgraded to that older version of flash because the newer ones were giving me major issued with streaming video content. I will try the newest one again and hope that they've fixed the issues.

 

I have one final question. Until now, I have always been able to hunt down and kill any malware on my machines. I was super frustrated with this one because I just didn't know where it was and how to get rid of it. My question is this. Could you direct me to some resources where I might learn up on how to do exactly what you have lead and instructed me to do today. I am somewhat fascinated with how these malware work and would love to know more about them and how to help myself and others in the future.

 

Thank you VERY VERY much for your help, I greatly appreciate everything you've done!!

Link to post
Share on other sites

Hello,

 

I was using MSSE as my antivirus until this morning when I uninstalled it before making this post originally. I didn't want anything on my machine that could possibly interfere with your instructions. I'll put it back on right away. As far as Adobe reader, I will go ahead and update that. However, I purposefully downgraded to that older version of flash because the newer ones were giving me major issued with streaming video content. I will try the newest one again and hope that they've fixed the issues.

 

I strongly suggest that you install the latest version of Adobe Flash Player to prevent malware attacks which are being exploited in the wild. Using old versions of the programs can lead your computer to be infected with viruses, rootkits and other malicious code.

 

For the same reason please install an antivirus program as soon as possible. :)

 

I have one final question. Until now, I have always been able to hunt down and kill any malware on my machines. I was super frustrated with this one because I just didn't know where it was and how to get rid of it. My question is this. Could you direct me to some resources where I might learn up on how to do exactly what you have lead and instructed me to do today. I am somewhat fascinated with how these malware work and would love to know more about them and how to help myself and others in the future.

 

The tools we use help us determine the malware load points and other changes made by malware so we can detect malware without the need of definitions. smile.png

However if you want to learn how to check for signs of infections then visit the sites below:

 

- BleepingComputer's Study Hall
- SpywareInfo Bootcamp
- Tech Support Forum Academy
- What the Tech Classroom

-GeekU – Malware Removal Training

 

Here are some open tutorials on how to use tools like OTL or FRST but keep in mind that they are very advanced tools used by experts with a solid knowledge of operating systems!!

I strongly advise you to Back up the registry before trying to use them on your own in case you delete or change legitimate settings by mistake.

 

 

Regards,

Georgi

Link to post
Share on other sites

Hello,

 

 

To remove all of the tools we used and the files and folders they created, please do the following:

 

 

Download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
It's no needed to post the log this time.

 

 

 

Please download OTC.exe by OldTimer and save it to your desktop.
 

  • Right-click the OTC.exe and choose Run as Administrator.
  • Click on CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

 

  • Next please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and click on the run button.
  • The tool will delete itself once it finishes.

 

Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

 

 

 

Here are my final recommendations:

 

Nicely done ! icon_bananas.gif This is the end of our journey if you don't have any more questions.

Thank you for following my instructions perfectly. :)
I have some final words for you.
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

 

 

 

STEP 1 SECURITY ADVICES


Change all your passwords !


Since your computer was infected for peace of mind, I would however advise you that all your passwords be changed immediately including those for bank accounts, credit cards and home loans, PIN codes etc)!! (just in case).

If you're storing password in the browser to access websites than they are non encrypted well (only if you use Firefox with master password protection activated provide better security). So I strongly recommend to change as much password as possible. Many of the modern malware samples have backdoor abilities and can steal confidential information from the compromised computer. Also you should check for any suspicious transactions if such occur. If you find out that you have been victim to fraud contact your bank or the appropriate institution for assistance.

Use different passwords for all your accounts. Also don't use easy passwords such as your favorite teams, bands or pets because this will allow people to guess your password.
You can use PC Tools Password Generator to create random passwords and then install an application like KeePass Password Safe to store them for easy access.If you do Online Banikng please read this article: Online Banking Protection Against Identity Theft

 

 

Keep your antivirus software turned on and up-to-date

 

  • Make sure your antivirus software is turned on and up-to-date.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note:
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • You should scan your computer with an AntiSpyware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software.
  • Be sure to check for and download any definition updates prior to performing a scan.
  • Also keep in mind that MBAM is not a replacement for antivirus software, it is meant to complement the protection provided by a full antivirus product and is designed to detect the threats that are missed by most antivirus software.

 

 

Install HIPS based software if needed (or use Limited Account with UAC enabled)

 

I usually recommend to users to install HIPS based software but this type software is only effective in the right hands since it require from the users to take the right decisions.

 

HIPS based software controls what an application is allowed to do and not allowed to do.
It monitors what each application tries to do, how it use the internet and give you the ability to block any suspicious activity occurring on your computer.
In my opinion the best way to prevent an unknown malware from gaining access is to use some HIPS programs (like COMODO Firewall, PrivateFirewall, Online Armor etc.) to control the access rights of legitimate applications, although this would only be advisable for experienced users. (so if you don't feel comfortable using such software then you can skip this advice)

 

However, you should be aware though that (if you install Comodo Firewall and not the whole package Comodo Internet Security) this is not an replacement for a standard antivirus application. It's a great tool to add another layer of protection to your existent antivirus application. Also note that if you have an antivirus installed then you should install Comodo Firewall (and not Comodo Internet Security to avoid conflicts).

 

It takes some time and knowledge to configure it for individual purposes but once done, you should not have a problems with it.
There are so many reviews on YouTube and blogs about all these programs.
Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs.
Also having more than one "real-time" program can be a drain on your PC's efficiency so please refrain doing so.

More information about HIPS can be found here: What is Host Intrusion Prevention System (HIPS) and how does it work?

 

If you like Comodo you should choose for yourself which version of Comodo you will use 5 or 7. Personally I stick to version 5 at least for now.

 

If these kind of programs are difficult for you to use then you can use limited user account (LUA) with UAC enabled. If you need administrative privileges to perform some tasks, then you can use Run As or log on as the administrator account for that specific task.

 

 

Be prepared for CryptoLocker:

 

 

CryptoLocker Ransomware Information Guide and FAQ

Cryptolocker Ransomware: What You Need To Know

New CryptoLocker Ransomware Variant Spread Through Yahoo Messenger

 

 

Since the prevention is better than cure you can use gpedit built-in Windows or CryptoPrevent (described in the first link) to secure the PC against this locker.

Another way is to use Comodo Firewall and to add all local disks to Protected Files and Folders

You may want to check HitmanPro.Alert.CryptoGuard and add install it to be safe when surfing the net.

 

 

Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.  Below are a list of simple precautions to take to keep your computer clean and running securely:
 

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • .exe, .com, .bat, .pif, .scr or .cmd do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
    Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams.  For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you.  We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

 

 

Tweak your browsers
 
 
MOZILLA FIREFOX


To prevent further infections be sure to install the following add-ons NoScript and AdBlock Plus

 

Adblock Plus hides all those annoying (and potentially dangerous) advertisements on websites that try and tempt you to buy or download something. AdBlock not only speeds up your browsing and makes it easier on your eyes, but also makes it safer.

 

Adblock Plus can be found here.

 

NoScript is only for advanced users as it blocks all the interactive parts of a webpage, such as login options. Obviously you wouldn’t want to block your ability to log on to your internet banking or your webmail, but thankfully you can tell NoScript to allow certain websites and block others. This is very useful to ensure that the website you’re visiting is not trying to tempt you to interact with another, more dangerous website.

 

NoScript can be found here
 

 

Google Chrome

 
If you like Google Chrome there are many similar extensions for this browser as well. Since I am not a Google Chrome user I can't tell you which of them are good and how they work. You should find out by yourself.

However Google Chrome can block a lot of unknown malware because of his sandbox.Beware of the fact that Google Chrome doesn't provide master password protection for your saved in the browser passwords. Check this out: Google Chrome security flaw offers unrestricted password access

 

 

For Internet Explorer 9/10 read the articles below:
 

Security and privacy features in Internet Explorer 9

Enhanced Protected Mode
Use Tracking Protection in Internet Explorer

Security in Internet Explorer 10

 

Immunize your browsers with SpywareBlaster 5.

Also MBAM acquired the following software Malwarebytes Anti-Exploit and it should work with the most popular browsers. Beware the product is in beta stage.

Changelog can be seen here and known issues here.

 

 
Make the extensions for known file types visible:
 

Be wary of files with a double extension such as jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.

 

 

 

Create an image of your system (you can use the built-in Windows software as well if you prefere)

 

  • Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
  • Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
  • The download link is here.
  • The tutorial on how to create an system image can be found here.
  • The tutorial on how to restore an system image can be found here.
  • Be sure to read the tutorial first.

 

 

Follow this list and your potential for being infected again will reduce dramatically.

Safe Surfing! smile.png

 

 

Regards,

Georgi

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.