Jump to content

Recommended Posts

Hello there.

Recently I've started to have some problems with my MalwareBytes, it blocks a website for being potentially malicious.

 

IP:  37.221.163.211 (SolidFiles one it seems)

Port: 49732

Program: chrome.exe

 

I've ran MalwareBytes and it didn't detect anything.

 
Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then....please start HERE <-------- (may not run on W8)

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

=============================================================================

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hello and thanks for the reply, I downloaded DDS and I have these 2 logs.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by Nelson at 18:49:34 on 2014-04-01
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.351.1033.18.4095.1716 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Nelson\Desktop\shammy chatlog\ChatlogArchiverx86.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uRun: [Akamai NetSession Interface] "C:\Users\Nelson\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Nelson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CHATLO~1.LNK - C:\Users\Nelson\Desktop\shammy chatlog\ChatlogArchiverx86.exe
StartupFolder: C:\Users\Nelson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INICIA~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{25FD20F5-DD01-4A8C-A1BC-A4F75687A801} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B3C89AE5-9F83-4EF6-B751-FB07E6AF5AAA} : DHCPNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\dc1d6a9p.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-1-8 283200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-14 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-14 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-17 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-14 16941856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-10 411936]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-9 5316448]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-14 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-16 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-4-4 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-5 1255736]
.
=============== Created Last 30 ================
.
2014-03-31 17:33:18 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{065C5976-CDDF-4AD4-941D-BA02D790635E}\mpengine.dll
2014-03-30 12:33:14 15584 ----a-w- C:\Users\Nelson\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2014-03-30 12:30:59 -------- d-----w- C:\Users\Nelson\AppData\Local\Rockstar Games
2014-03-30 12:26:20 -------- d-sh--w- C:\ProgramData\SecuROM
2014-03-30 11:46:54 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2014-03-30 11:00:22 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FEA5B6A-86A6-4EA2-A1E2-0F4BB7396BAE}\gapaengine.dll
2014-03-30 11:00:05 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-22 19:01:28 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-21 20:51:39 -------- d-----w- C:\Users\Nelson\AppData\Local\Skype
2014-03-19 16:52:37 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-19 16:52:37 -------- d-----w- C:\Program Files\iTunes
2014-03-19 16:52:37 -------- d-----w- C:\Program Files\iPod
2014-03-19 16:52:37 -------- d-----w- C:\Program Files (x86)\iTunes
2014-03-14 21:08:07 -------- d-----w- C:\Users\Nelson\AppData\Roaming\Process Hacker 2
2014-03-14 20:20:23 -------- d-----w- C:\Users\Nelson\AppData\Roaming\Malwarebytes
2014-03-14 20:20:15 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-14 20:20:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-14 20:20:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 20:17:16 -------- d-----w- C:\Windows\ERUNT
2014-03-14 20:15:19 -------- d-----w- C:\Windows\pss
2014-03-11 14:46:00 -------- d-----w- C:\ProgramData\Oracle
2014-03-10 20:56:00 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M  ====================
.
2014-03-11 19:27:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 19:27:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-02-15 18:10:13 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-02-15 18:09:16 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-02-08 18:34:51 1885472 ----a-w- C:\Windows\System32\nvdispco6433489.dll
2014-02-08 18:34:51 1515296 ----a-w- C:\Windows\System32\nvdispgenco6433489.dll
2014-02-05 09:31:00 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-02-05 09:30:41 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-15 23:13:01 1885472 ----a-w- C:\Windows\System32\nvdispco6433467.dll
2014-01-15 23:13:01 1515296 ----a-w- C:\Windows\System32\nvdispgenco6433467.dll
2014-01-07 23:34:17 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
.
============= FINISH: 18:50:28,16 ===============
 
 
And: 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 03-09-2013 16:16:45
System Uptime: 01-04-2014 16:57:23 (2 hours ago)
.
Motherboard: ASRock |  | G41M-GS3
Processor: Intel® Core2 Duo CPU     E8400  @ 3.00GHz | CPUSocket | 2999/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 370,485 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP87: 22-03-2014 18:48:16 - Removed Skype™ 6.14
RP88: 22-03-2014 18:50:50 - Removed Skype™ 6.14
RP89: 22-03-2014 18:57:45 - Removed Skype™ 6.14
RP90: 24-03-2014 18:36:21 - Windows Update
RP91: 28-03-2014 14:31:49 - Windows Update
RP92: 30-03-2014 12:46:42 - Installed Grand Theft Auto: Episodes From Liberty City
RP93: 30-03-2014 14:22:12 - Installed Windows Live ID Sign-in Assistant
RP94: 30-03-2014 14:22:42 - Installed Microsoft Games for Windows - LIVE Redistributable
RP95: 30-03-2014 14:32:31 - Installed Grand Theft Auto: Episodes from Liberty City
RP96: 31-03-2014 18:32:57 - Windows Update
RP97: 01-04-2014 16:48:33 - Removed Java 7 Update 51
RP98: 01-04-2014 16:50:48 - Removed Microsoft Games for Windows - LIVE Redistributable
RP99: 01-04-2014 16:53:43 - Removed Windows Live ID Sign-in Assistant
RP100: 01-04-2014 16:59:25 - Removed Microsoft Games for Windows - LIVE
RP101: 01-04-2014 17:00:38 - Removed Grand Theft Auto: Episodes From Liberty City
RP102: 01-04-2014 17:15:09 - Removed Microsoft Visual C++ 2005 Redistributable
.
==== Installed Programs ======================
.
Adobe Flash Player 12 Plugin
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Combat Arms EU
DAEMON Tools Pro
Driver San Francisco
Driver San Francisco version 1.0
Fraps
GameRanger
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
Grand Theft Auto: Episodes from Liberty City
GRID
iTunes
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (Portuguese (Portugal)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
mIRC
Mozilla Firefox 23.0.1 (x86 pt-PT)
Mozilla Maintenance Service
NVIDIA 3D Vision Controller Driver 335.21
NVIDIA 3D Vision Driver 335.23
NVIDIA Control Panel 335.23
NVIDIA GeForce Experience 1.8.2.1
NVIDIA Graphics Driver 335.23
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 11.10.13
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 11.10.13
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
OpenAL
PhotoScape
Realtek High Definition Audio Driver
S.W.A.T. 4
SHIELD Streaming
Skype™ 6.14
Speccy
Suporte para Aplicações Apple
TeamSpeak 3 Client
TeamViewer 9
WinRAR 5.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
01-04-2014 16:57:35, Error: Microsoft-Windows-Kernel-Processor-Power [6]  - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
01-04-2014 12:08:14, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
01-04-2014 12:08:14, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
01-04-2014 12:08:11, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
01-04-2014 12:07:46, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
01-04-2014 12:07:46, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
 
I have downloaded RogueKiller and it detected something, it was removed right there, I didn't click on anything, it just removed itself.
Link to post
Share on other sites

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Nelson [Admin rights]

Mode : Scan -- Date : 04/01/2014 18:56:29

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] ChatlogArchiverx86.exe -- C:\Users\Nelson\Desktop\shammy chatlog\ChatlogArchiverx86.exe [-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 3 ¤¤¤

[V1][sUSP PATH] Funmoods.job : C:\Users\Nelson\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

[V2][sUSP PATH] Dealply : C:\Users\Nelson\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

[V2][sUSP PATH] Funmoods : C:\Users\Nelson\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++

--- User ---

[MBR] 4d186a8b54c7f1b8a44fc0d5a37c237d

[bSP] 59a34c03b63ce64edf90aebdb594645a : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_04012014_185629.txt >>
Link to post
Share on other sites

Do you recognize this:
C:\Users\Nelson\Desktop\shammy chatlog

 

-----------------------

Lets run some scans:

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png
  • Put a checkmark beside loaded modules.

    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg
  • Click the Start Scan button.

    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:


If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg


Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.




---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Okay, TDSSKiller Log:

19:20:58.0056 0x179c  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
19:21:01.0032 0x179c  ============================================================
19:21:01.0032 0x179c  Current date / time: 2014/04/01 19:21:01.0032
19:21:01.0032 0x179c  SystemInfo:
19:21:01.0032 0x179c  
19:21:01.0032 0x179c  OS Version: 6.1.7601 ServicePack: 1.0
19:21:01.0032 0x179c  Product type: Workstation
19:21:01.0032 0x179c  ComputerName: NELSON-PC
19:21:01.0032 0x179c  UserName: Nelson
19:21:01.0032 0x179c  Windows directory: C:\Windows
19:21:01.0032 0x179c  System windows directory: C:\Windows
19:21:01.0032 0x179c  Running under WOW64
19:21:01.0032 0x179c  Processor architecture: Intel x64
19:21:01.0032 0x179c  Number of processors: 2
19:21:01.0032 0x179c  Page size: 0x1000
19:21:01.0032 0x179c  Boot type: Normal boot
19:21:01.0032 0x179c  ============================================================
19:21:02.0421 0x179c  KLMD registered as C:\Windows\system32\drivers\68893277.sys
19:21:02.0745 0x179c  System UUID: {13C2BEFE-AC3D-6FA1-E8C3-0D32D190B016}
19:21:03.0784 0x179c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:21:03.0795 0x179c  ============================================================
19:21:03.0795 0x179c  \Device\Harddisk0\DR0:
19:21:03.0795 0x179c  MBR partitions:
19:21:03.0795 0x179c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:21:03.0795 0x179c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
19:21:03.0795 0x179c  ============================================================
19:21:03.0833 0x179c  C: <-> \Device\Harddisk0\DR0\Partition2
19:21:03.0833 0x179c  ============================================================
19:21:03.0833 0x179c  Initialize success
19:21:03.0833 0x179c  ============================================================
19:21:09.0000 0x0fa0  ============================================================
19:21:09.0000 0x0fa0  Scan started
19:21:09.0000 0x0fa0  Mode: Manual; 
19:21:09.0000 0x0fa0  ============================================================
19:21:09.0000 0x0fa0  KSN ping started
19:21:22.0906 0x0fa0  KSN ping finished: true
19:21:23.0164 0x0fa0  ================ Scan system memory ========================
19:21:23.0164 0x0fa0  System memory - ok
19:21:23.0164 0x0fa0  ================ Scan services =============================
19:21:23.0270 0x0fa0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:21:23.0274 0x0fa0  1394ohci - ok
19:21:23.0288 0x0fa0  Scan was interrupted by user!
19:21:23.0288 0x0fa0  Waiting for KSN requests completion. In queue: 1
19:21:24.0288 0x0fa0  Waiting for KSN requests completion. In queue: 1
19:21:25.0288 0x0fa0  Waiting for KSN requests completion. In queue: 1
19:21:26.0302 0x0fa0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.3.216.0 ), 0x61000 ( enabled : updated )
19:21:26.0349 0x0fa0  Win FW state via NFP2: enabled
19:21:28.0777 0x0fa0  ============================================================
19:21:28.0777 0x0fa0  Scan finished
19:21:28.0777 0x0fa0  ============================================================
19:21:28.0785 0x0f80  Detected object count: 0
19:21:28.0785 0x0f80  Actual detected object count: 0
19:23:37.0060 0x1718  KLMD registered as C:\Windows\system32\drivers\50438405.sys
19:23:37.0927 0x1718  Deinitialize success
 
 
ComboFix, it is scanning now.
Link to post
Share on other sites

ComboFix logs. (Apologies for the foreign language.)

ComboFix 14-03-24.01 - Nelson 01-04-2014  19:39:30.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.351.1033.18.4095.2460 [GMT 1:00]
Executando de: C:\Users\Nelson\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\Windows\SysWow64\tmp8424.tmp
C:\Windows\SysWow64\tmp8464.tmp
 
 
((((((((((((((((   Arquivos/Ficheiros criados de 2014-03-01 to 2014-04-01  ))))))))))))))))))))))))))))
 
 
2014-04-01 18:43:54 . 2014-04-01 18:43:54 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-03-22 19:01:29 . 2014-03-22 19:01:29 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2014-03-22 19:01:28 . 2014-03-22 19:01:29 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-21 20:51:39 . 2014-03-21 20:51:39 -------- d-----w- C:\Users\Nelson\AppData\Local\Skype
2014-03-19 16:52:37 . 2014-03-19 16:53:12 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-19 16:52:37 . 2014-03-19 16:53:10 -------- d-----w- C:\Program Files\iTunes
2014-03-19 16:52:37 . 2014-03-19 16:53:09 -------- d-----w- C:\Program Files (x86)\iTunes
2014-03-19 16:52:37 . 2014-03-19 16:52:37 -------- d-----w- C:\Program Files\iPod
2014-03-14 21:08:07 . 2014-03-14 21:08:07 -------- d-----w- C:\Users\Nelson\AppData\Roaming\Process Hacker 2
2014-03-14 20:20:23 . 2014-03-14 20:20:23 -------- d-----w- C:\Users\Nelson\AppData\Roaming\Malwarebytes
2014-03-14 20:20:15 . 2014-03-14 20:20:15 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-14 20:20:13 . 2014-03-14 20:20:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 20:20:13 . 2013-04-04 14:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2014-03-14 20:17:16 . 2014-03-14 20:17:16 -------- d-----w- C:\Windows\ERUNT
2014-03-11 14:46:00 . 2014-03-11 14:46:00 -------- d-----w- C:\ProgramData\Oracle
2014-03-10 20:56:00 . 2014-03-04 11:32:59 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
 
 
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2014-03-11 19:27:29 . 2013-09-03 17:25:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 19:27:29 . 2013-09-03 17:25:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35:23 . 2013-09-04 16:46:04 2715264 ----a-w- C:\Windows\SysWow64\nvapi.dll
2014-03-04 14:35:23 . 2013-02-25 23:32:42 14709720 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2014-03-04 14:35:23 . 2013-02-25 23:32:40 3093280 ----a-w- C:\Windows\system32\nvapi64.dll
2014-03-04 14:35:23 . 2013-02-25 23:32:38 947808 ----a-w- C:\Windows\system32\nvumdshimx.dll
2014-03-04 13:06:00 . 2013-09-03 15:22:09 6714312 ----a-w- C:\Windows\system32\nvcpl.dll
2014-03-04 13:06:00 . 2013-09-03 15:22:09 3497816 ----a-w- C:\Windows\system32\nvsvc64.dll
2014-03-04 13:05:58 . 2013-09-03 15:22:09 922968 ----a-w- C:\Windows\system32\nvvsvc.exe
2014-03-04 13:05:58 . 2013-09-03 15:22:09 64968 ----a-w- C:\Windows\system32\nvshext.dll
2014-03-04 13:05:57 . 2013-09-03 15:22:09 386336 ----a-w- C:\Windows\system32\nvmctray.dll
2014-03-04 13:05:53 . 2013-09-03 15:22:09 3649185 ----a-w- C:\Windows\system32\nvcoproc.bin
2014-02-20 19:35:35 . 2013-09-07 11:56:42 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-15 18:10:13 . 2014-02-15 18:01:21 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-02-15 18:09:16 . 2014-02-15 18:01:26 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-02-08 18:34:51 . 2014-02-18 20:13:57 1885472 ----a-w- C:\Windows\system32\nvdispco6433489.dll
2014-02-08 18:34:51 . 2014-02-18 20:13:57 1515296 ----a-w- C:\Windows\system32\nvdispgenco6433489.dll
2014-02-05 09:31:00 . 2013-12-14 14:56:49 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-02-05 09:30:41 . 2013-12-14 14:56:49 1179576 ----a-w- C:\Windows\system32\nvspcap64.dll
2014-01-19 07:33:29 . 2010-11-21 03:27:21 270496 ------w- C:\Windows\system32\MpSigStub.exe
2014-01-15 23:13:01 . 2014-02-16 12:11:53 1885472 ----a-w- C:\Windows\system32\nvdispco6433467.dll
2014-01-15 23:13:01 . 2014-02-16 12:11:53 1515296 ----a-w- C:\Windows\system32\nvdispgenco6433467.dll
2014-01-07 23:34:17 . 2014-01-07 23:34:17 283200 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
 
 
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
 
 
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-12 17:05:34 1163072]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47:42 31016]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 03:54:40 152392]
 
C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Iniciação Rápida do Microsoft Office OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;C:\Windows\system32\drivers\EagleX64.sys;C:\Windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys;D:\CDriver64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys;C:\Windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys;C:\Windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys;C:\Windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\system32\DRIVERS\usb80236.sys;C:\Windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys;C:\Windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe;c:\Program Files\Microsoft Security Client\NisSrv.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
 
 
--- =Outros Serviços/Drivers Na Memória ---
 
*NewlyCreated* - 98205038
*Deregistered* - 98205038
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-01 14:20:46 1150280 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
 
Conteúdo da pasta 'Tarefas Agendadas'
 
2014-04-01 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-03 17:25:40 . 2014-03-11 19:27:29]
 
2014-04-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01 14:20:26 . 2014-04-01 14:20:23]
 
2014-04-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01 14:20:26 . 2014-04-01 14:20:23]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 08:37:18 11905128]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2013-07-18 19:25:20 1356240]
"ShadowPlay"="C:\Windows\system32\nvspcap64.dll" [2014-02-05 09:30:41 1179576]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 09:32:47 2234144]
 
------- Scan Suplementar -------
 
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\dc1d6a9p.default\
 
- - - - ORFÃOS REMOVIDOS - - - -
 
Wow6432Node-HKCU-Run-Akamai NetSession Interface - C:\Users\Nelson\AppData\Local\Akamai\netsession_win.exe
C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChatlogArchiverx86 - Shortcut.lnk - C:\Users\Nelson\Desktop\shammy chatlog\ChatlogArchiverx86.exe
SafeBoot-98205038.sys
HKLM-Run-Nvtmru - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-S.W.A.T. 4_is1 - C:\Program Files (x86)\S.W.A.T. 4\unins000.exe
Link to post
Share on other sites

MisterCharlie, if I may ask, while ComboFix was scanning, I couldn't connect to the internet, is that normal?

Yes it is, it's in the instructions for ComboFix.

Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next.........

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

MrC

Link to post
Share on other sites

# AdwCleaner v3.023 - Report created 01/04/2014 at 19:55:14

# Updated 01/04/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Nelson - NELSON-PC

# Running from : C:\Users\Nelson\Downloads\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Nelson\AppData\Local\CrashRpt

File Deleted : C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\dc1d6a9p.default\searchplugins\conduit-search.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\Popajar

Key Deleted : HKCU\Software\SmileysWeLove

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16635

 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Mozilla Firefox v23.0.1 (pt-PT)

 

[ File : C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\dc1d6a9p.default\prefs.js ]

 

Line Deleted : user_pref("browser.search.defaultenginename", "qone8");

 

-\\ Google Chrome v33.0.1750.154

 

[ File : C:\Users\Nelson\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2010 octets] - [01/04/2014 19:53:31]

AdwCleaner[s0].txt - [1518 octets] - [01/04/2014 19:55:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1578 octets] ##########
Link to post
Share on other sites

Lastly, JRT.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x64
Ran by Nelson on 01-04-2014 at 19:59:08,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-04-2014 at 20:05:56,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Oh and Malwarebytes log:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.04.01.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Nelson :: NELSON-PC [administrator]
 
Protection: Enabled
 
01-04-2014 20:07:15
mbam-log-2014-04-01 (20-07-15).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228337
Time elapsed: 2 minute(s), 18 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

OK...Next:

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Nelson (administrator) on NELSON-PC on 01-04-2014 20:32:49

Running from C:\Users\Nelson\Downloads

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)

HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)

HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKU\S-1-5-21-2172485806-420245576-3544497890-1001\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [1163072 2012-04-12] (DT Soft Ltd)

Startup: C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iniciação Rápida do Microsoft Office OneNote 2007.lnk

ShortcutTarget: Iniciação Rápida do Microsoft Office OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x273B5349BFA8CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-PT

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\dc1d6a9p.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\priberam.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sapo.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-ptpt.xml

FF Extension: wareztuga streamer - C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\dc1d6a9p.default\Extensions\jid0-2qiv5fkuGh0lTr6izdBsmkrqs5c@jetpack [2013-09-03]

FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\dc1d6a9p.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2013-11-29]

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Nelson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01]

CHR Extension: (Google Drive) - C:\Users\Nelson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]

CHR Extension: (YouTube) - C:\Users\Nelson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]

CHR Extension: (Pesquisa do Google) - C:\Users\Nelson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]

CHR Extension: (Google Wallet) - C:\Users\Nelson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]

CHR Extension: (Gmail) - C:\Users\Nelson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]

 

==================== Services (Whitelisted) =================

 

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-08] (DT Soft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-04-04] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 MSICDSetup; \??\D:\CDriver64.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-01 20:32 - 2014-04-01 20:33 - 00010126 _____ () C:\Users\Nelson\Downloads\FRST.txt

2014-04-01 20:32 - 2014-04-01 20:32 - 02157056 _____ (Farbar) C:\Users\Nelson\Downloads\FRST64.exe

2014-04-01 20:32 - 2014-04-01 20:32 - 00000000 ____D () C:\FRST

2014-04-01 20:05 - 2014-04-01 20:05 - 00000622 _____ () C:\Users\Nelson\Desktop\JRT.txt

2014-04-01 19:58 - 2014-04-01 19:58 - 01038974 _____ (Thisisu) C:\Users\Nelson\Downloads\JRT.exe

2014-04-01 19:53 - 2014-04-01 20:30 - 00000000 ____D () C:\AdwCleaner

2014-04-01 19:53 - 2014-04-01 19:53 - 01426178 _____ () C:\Users\Nelson\Downloads\adwcleaner.exe

2014-04-01 19:47 - 2014-04-01 19:47 - 00013752 _____ () C:\ComboFix.txt

2014-04-01 19:37 - 2014-04-01 19:47 - 00000000 ____D () C:\Qoobox

2014-04-01 19:37 - 2014-04-01 19:44 - 00000000 ____D () C:\Windows\erdnt

2014-04-01 19:37 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-01 19:37 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-01 19:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-01 19:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-01 19:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-01 19:37 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-01 19:37 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-01 19:37 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-04-01 19:36 - 2014-04-01 19:36 - 05192353 ____R (Swearware) C:\Users\Nelson\Downloads\ComboFix.exe

2014-04-01 19:20 - 2014-04-01 19:20 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Nelson\Downloads\tdsskiller.exe

2014-04-01 19:14 - 2014-04-01 19:14 - 00001593 _____ () C:\Users\Nelson\Desktop\RKreport[0]_S_04012014_191459.txt

2014-04-01 19:12 - 2014-04-01 19:12 - 00002248 _____ () C:\Users\Nelson\Desktop\RKreport[0]_D_04012014_191236.txt

2014-04-01 19:10 - 2014-04-01 19:10 - 00109296 _____ () C:\Users\Nelson\AppData\Local\GDIPFONTCACHEV1.DAT

2014-04-01 18:56 - 2014-04-01 18:56 - 00002189 _____ () C:\Users\Nelson\Desktop\RKreport[0]_S_04012014_185629.txt

2014-04-01 18:52 - 2014-04-01 19:12 - 00000000 ____D () C:\Users\Nelson\Desktop\RK_Quarantine

2014-04-01 18:52 - 2014-04-01 18:52 - 04527616 _____ () C:\Users\Nelson\Downloads\RogueKillerX64.exe

2014-04-01 18:50 - 2014-04-01 18:50 - 00014620 _____ () C:\Users\Nelson\Desktop\dds.txt

2014-04-01 18:50 - 2014-04-01 18:50 - 00005630 _____ () C:\Users\Nelson\Desktop\attach.txt

2014-04-01 16:57 - 2014-04-01 19:56 - 00001156 _____ () C:\Windows\PFRO.log

2014-04-01 15:20 - 2014-04-01 20:31 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-01 15:20 - 2014-04-01 20:25 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-01 15:20 - 2014-04-01 15:20 - 00004004 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-04-01 15:20 - 2014-04-01 15:20 - 00003752 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-04-01 15:20 - 2014-04-01 15:20 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-04-01 12:07 - 2014-04-01 20:31 - 00001176 _____ () C:\Windows\setupact.log

2014-04-01 12:07 - 2014-04-01 12:07 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-30 14:26 - 2014-03-30 14:26 - 00000000 ____D () C:\Users\Nelson\Documents\Rockstar Games

2014-03-30 13:30 - 2014-03-30 13:31 - 00000000 ____D () C:\Users\Nelson\AppData\Local\Rockstar Games

2014-03-30 13:28 - 2014-03-30 13:28 - 00000000 __RHD () C:\Users\Nelson\AppData\Roaming\SecuROM

2014-03-30 13:26 - 2014-03-30 13:26 - 00000000 __SHD () C:\ProgramData\SecuROM

2014-03-30 12:46 - 2014-04-01 17:01 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games

2014-03-22 20:01 - 2014-04-01 20:26 - 00000000 ____D () C:\Users\Nelson\AppData\Roaming\Skype

2014-03-22 20:01 - 2014-03-22 20:01 - 00002707 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-22 20:01 - 2014-03-22 20:01 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-22 19:39 - 2014-03-22 19:39 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Nelson\Downloads\SkypeSetup.exe

2014-03-21 21:51 - 2014-03-21 21:51 - 00000000 ____D () C:\Users\Nelson\AppData\Local\Skype

2014-03-19 17:53 - 2014-03-19 17:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-19 17:52 - 2014-03-19 17:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-19 17:52 - 2014-03-19 17:53 - 00000000 ____D () C:\Program Files\iTunes

2014-03-19 17:52 - 2014-03-19 17:53 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-03-19 17:52 - 2014-03-19 17:52 - 00000000 ____D () C:\Program Files\iPod

2014-03-16 14:25 - 2013-02-25 10:44 - 00000000 ____D () C:\Users\Nelson\Desktop\Los Santos Police SWAT with Kavinsky's mod fix

2014-03-16 14:24 - 2014-03-16 14:24 - 03815547 _____ () C:\Users\Nelson\Downloads\Los Santos Police SWAT version 4.rar

2014-03-14 22:08 - 2014-03-14 22:08 - 00000000 ____D () C:\Users\Nelson\AppData\Roaming\Process Hacker 2

2014-03-14 21:20 - 2014-03-14 21:20 - 00000000 ____D () C:\Users\Nelson\AppData\Roaming\Malwarebytes

2014-03-14 21:20 - 2014-03-14 21:20 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-14 21:20 - 2014-03-14 21:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-14 21:20 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-14 21:17 - 2014-03-14 21:17 - 00000000 ____D () C:\Windows\ERUNT

2014-03-14 21:15 - 2014-03-14 21:15 - 00000000 ____D () C:\Windows\pss

2014-03-14 20:02 - 2014-03-14 20:02 - 00133344 _____ () C:\Users\Nelson\Downloads\Squelch Sounds by Gooday.rar

2014-03-13 21:05 - 2014-03-13 21:05 - 00000000 ____D () C:\Users\Nelson\Desktop\Oggy's Kevlar Vest Mod

2014-03-11 15:46 - 2014-03-11 15:46 - 00000000 ____D () C:\ProgramData\Oracle

2014-03-11 15:45 - 2014-03-11 15:45 - 00000000 ____D () C:\ProgramData\Sun

2014-03-11 15:28 - 2014-03-13 21:05 - 00000000 ____D () C:\Users\Nelson\Desktop\New folder (2)

2014-03-10 21:56 - 2014-03-04 12:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-03-10 21:49 - 2014-03-04 15:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-03-10 21:49 - 2014-03-04 15:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-03-10 21:49 - 2014-03-04 15:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

 

==================== One Month Modified Files and Folders =======

 

2014-04-01 20:33 - 2014-04-01 20:32 - 00010126 _____ () C:\Users\Nelson\Downloads\FRST.txt

2014-04-01 20:32 - 2014-04-01 20:32 - 02157056 _____ (Farbar) C:\Users\Nelson\Downloads\FRST64.exe

2014-04-01 20:32 - 2014-04-01 20:32 - 00000000 ____D () C:\FRST

2014-04-01 20:31 - 2014-04-01 15:20 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-01 20:31 - 2014-04-01 12:07 - 00001176 _____ () C:\Windows\setupact.log

2014-04-01 20:31 - 2013-09-03 16:22 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-04-01 20:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-01 20:30 - 2014-04-01 19:53 - 00000000 ____D () C:\AdwCleaner

2014-04-01 20:30 - 2013-09-03 16:16 - 01512570 _____ () C:\Windows\WindowsUpdate.log

2014-04-01 20:30 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-01 20:30 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-01 20:27 - 2014-01-17 18:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-01 20:26 - 2014-03-22 20:01 - 00000000 ____D () C:\Users\Nelson\AppData\Roaming\Skype

2014-04-01 20:25 - 2014-04-01 15:20 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-01 20:22 - 2009-07-14 06:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-01 20:05 - 2014-04-01 20:05 - 00000622 _____ () C:\Users\Nelson\Desktop\JRT.txt

2014-04-01 19:58 - 2014-04-01 19:58 - 01038974 _____ (Thisisu) C:\Users\Nelson\Downloads\JRT.exe

2014-04-01 19:56 - 2014-04-01 16:57 - 00001156 _____ () C:\Windows\PFRO.log

2014-04-01 19:53 - 2014-04-01 19:53 - 01426178 _____ () C:\Users\Nelson\Downloads\adwcleaner.exe

2014-04-01 19:47 - 2014-04-01 19:47 - 00013752 _____ () C:\ComboFix.txt

2014-04-01 19:47 - 2014-04-01 19:37 - 00000000 ____D () C:\Qoobox

2014-04-01 19:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2014-04-01 19:44 - 2014-04-01 19:37 - 00000000 ____D () C:\Windows\erdnt

2014-04-01 19:44 - 2013-09-03 16:17 - 00000000 ___RD () C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-01 19:43 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-04-01 19:36 - 2014-04-01 19:36 - 05192353 ____R (Swearware) C:\Users\Nelson\Downloads\ComboFix.exe

2014-04-01 19:23 - 2013-09-03 17:11 - 00000000 ____D () C:\Users\Nelson\AppData\Roaming\TS3Client

2014-04-01 19:20 - 2014-04-01 19:20 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Nelson\Downloads\tdsskiller.exe

2014-04-01 19:14 - 2014-04-01 19:14 - 00001593 _____ () C:\Users\Nelson\Desktop\RKreport[0]_S_04012014_191459.txt

2014-04-01 19:12 - 2014-04-01 19:12 - 00002248 _____ () C:\Users\Nelson\Desktop\RKreport[0]_D_04012014_191236.txt

2014-04-01 19:12 - 2014-04-01 18:52 - 00000000 ____D () C:\Users\Nelson\Desktop\RK_Quarantine

2014-04-01 19:10 - 2014-04-01 19:10 - 00109296 _____ () C:\Users\Nelson\AppData\Local\GDIPFONTCACHEV1.DAT

2014-04-01 18:56 - 2014-04-01 18:56 - 00002189 _____ () C:\Users\Nelson\Desktop\RKreport[0]_S_04012014_185629.txt

2014-04-01 18:52 - 2014-04-01 18:52 - 04527616 _____ () C:\Users\Nelson\Downloads\RogueKillerX64.exe

2014-04-01 18:50 - 2014-04-01 18:50 - 00014620 _____ () C:\Users\Nelson\Desktop\dds.txt

2014-04-01 18:50 - 2014-04-01 18:50 - 00005630 _____ () C:\Users\Nelson\Desktop\attach.txt

2014-04-01 17:01 - 2014-03-30 12:46 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games

2014-04-01 17:01 - 2013-09-03 16:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-01 16:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-04-01 16:50 - 2013-09-05 12:15 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-04-01 15:21 - 2013-09-03 17:05 - 00000000 ____D () C:\Users\Nelson\AppData\Local\Google

2014-04-01 15:20 - 2014-04-01 15:20 - 00004004 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-04-01 15:20 - 2014-04-01 15:20 - 00003752 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-04-01 15:20 - 2014-04-01 15:20 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-04-01 15:20 - 2013-09-03 17:05 - 00000000 ____D () C:\Users\Nelson\AppData\Local\Deployment

2014-04-01 15:20 - 2013-09-03 17:05 - 00000000 ____D () C:\Program Files (x86)\Google

2014-04-01 12:07 - 2014-04-01 12:07 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-30 14:26 - 2014-03-30 14:26 - 00000000 ____D () C:\Users\Nelson\Documents\Rockstar Games

2014-03-30 13:31 - 2014-03-30 13:30 - 00000000 ____D () C:\Users\Nelson\AppData\Local\Rockstar Games

2014-03-30 13:28 - 2014-03-30 13:28 - 00000000 __RHD () C:\Users\Nelson\AppData\Roaming\SecuROM

2014-03-30 13:26 - 2014-03-30 13:26 - 00000000 __SHD () C:\ProgramData\SecuROM

2014-03-29 18:33 - 2013-11-28 21:25 - 00000000 ____D () C:\Users\Nelson\Downloads\Juiced PC Game ( highly compressed ) @ Only By THE RAIN

2014-03-28 21:33 - 2013-10-12 12:47 - 00000000 ____D () C:\Users\Nelson\AppData\Roaming\uTorrent

2014-03-23 16:43 - 2013-12-07 00:19 - 00000000 ____D () C:\Users\Nelson\Desktop\Máquinas

2014-03-22 20:01 - 2014-03-22 20:01 - 00002707 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-22 20:01 - 2014-03-22 20:01 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-22 20:01 - 2013-09-03 17:22 - 00000000 ____D () C:\ProgramData\Skype

2014-03-22 19:39 - 2014-03-22 19:39 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Nelson\Downloads\SkypeSetup.exe

2014-03-21 21:51 - 2014-03-21 21:51 - 00000000 ____D () C:\Users\Nelson\AppData\Local\Skype

2014-03-19 17:53 - 2014-03-19 17:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-19 17:53 - 2014-03-19 17:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-19 17:53 - 2014-03-19 17:52 - 00000000 ____D () C:\Program Files\iTunes

2014-03-19 17:53 - 2014-03-19 17:52 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-03-19 17:52 - 2014-03-19 17:52 - 00000000 ____D () C:\Program Files\iPod

2014-03-19 17:49 - 2013-12-14 15:12 - 00000000 ____D () C:\ProgramData\Apple

2014-03-17 22:21 - 2013-09-04 14:34 - 00000000 ____D () C:\Users\Nelson\AppData\Roaming\mIRC

2014-03-16 14:24 - 2014-03-16 14:24 - 03815547 _____ () C:\Users\Nelson\Downloads\Los Santos Police SWAT version 4.rar

2014-03-15 11:08 - 2013-09-03 17:02 - 00000000 ____D () C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-03-14 23:14 - 2013-09-04 14:34 - 00000000 ____D () C:\Program Files (x86)\mIRC

2014-03-14 22:08 - 2014-03-14 22:08 - 00000000 ____D () C:\Users\Nelson\AppData\Roaming\Process Hacker 2

2014-03-14 21:29 - 2014-02-09 19:00 - 00000000 ____D () C:\Users\Nelson\Desktop\Unmarked Crown Vic

2014-03-14 21:25 - 2013-09-03 18:19 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-03-14 21:25 - 2013-09-03 16:17 - 00001413 _____ () C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-03-14 21:20 - 2014-03-14 21:20 - 00000000 ____D () C:\Users\Nelson\AppData\Roaming\Malwarebytes

2014-03-14 21:20 - 2014-03-14 21:20 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-14 21:20 - 2014-03-14 21:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-14 21:17 - 2014-03-14 21:17 - 00000000 ____D () C:\Windows\ERUNT

2014-03-14 21:15 - 2014-03-14 21:15 - 00000000 ____D () C:\Windows\pss

2014-03-14 20:02 - 2014-03-14 20:02 - 00133344 _____ () C:\Users\Nelson\Downloads\Squelch Sounds by Gooday.rar

2014-03-14 16:01 - 2013-09-03 17:10 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

2014-03-13 21:05 - 2014-03-13 21:05 - 00000000 ____D () C:\Users\Nelson\Desktop\Oggy's Kevlar Vest Mod

2014-03-13 21:05 - 2014-03-11 15:28 - 00000000 ____D () C:\Users\Nelson\Desktop\New folder (2)

2014-03-11 20:27 - 2014-01-17 18:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-03-11 20:27 - 2013-09-03 18:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-11 20:27 - 2013-09-03 18:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-11 15:46 - 2014-03-11 15:46 - 00000000 ____D () C:\ProgramData\Oracle

2014-03-11 15:45 - 2014-03-11 15:45 - 00000000 ____D () C:\ProgramData\Sun

2014-03-11 15:43 - 2014-02-04 19:13 - 00000000 ____D () C:\Users\Nelson\Desktop\New folder

2014-03-10 21:56 - 2013-09-03 16:21 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-03-09 13:36 - 2013-10-09 19:27 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-03-09 13:36 - 2013-10-09 19:26 - 00000000 ____D () C:\Program Files\CCleaner

2014-03-04 15:35 - 2014-03-10 21:49 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-03-04 15:35 - 2014-03-10 21:49 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-03-04 15:35 - 2014-03-10 21:49 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2014-03-04 15:35 - 2013-09-04 17:46 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2014-03-04 15:35 - 2013-09-03 16:21 - 00024544 _____ () C:\Windows\system32\nvinfo.pb

2014-03-04 15:35 - 2013-02-26 00:32 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2014-03-04 15:35 - 2013-02-26 00:32 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2014-03-04 15:35 - 2013-02-26 00:32 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2014-03-04 14:06 - 2013-09-03 16:22 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2014-03-04 14:06 - 2013-09-03 16:22 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2014-03-04 14:05 - 2013-09-03 16:22 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin

2014-03-04 14:05 - 2013-09-03 16:22 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2014-03-04 14:05 - 2013-09-03 16:22 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2014-03-04 14:05 - 2013-09-03 16:22 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2014-03-04 12:32 - 2014-03-10 21:56 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

 

Some content of TEMP:

====================

C:\Users\Nelson\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-03-30 13:52

 

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.