Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected w/ .bProtector (Did not see rules post, redo)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected w/ .bProtector (Did not see rules post, redo)

Unread postby CrisG » February 22nd, 2014, 1:51 pm

Sorry about messing up my last thread by replying to it, I didn't see the announcement that everyone is supposed to read first before posting. So I will not reply to this post and I will have the DDS and attach.txt within this post.

Within the last day, if I was on a website using Adobe Flash on Firefox and I opened Skype, Skype wouldn't update my chats and it would cause Flash to crash. I originally thought it was Skype 6.14 causing the problem as, once it was removed, Firefox and other programs started working again, but then the problem persisted when I attempted a Skype call on the newly installed 6.9.

I did a scan using MalwareBytes and it found PUP.bProtector in several files on my PC. I'm actually surprised the cause is a virus since this is the first known major virus that I have had in over 10 years.

Based on viewtopic.php?f=11&t=62157#.UwjO-IV5FqP, I already went ahead and ran ERUNT, AdwCleaner, OTL, and SystemLook. I came to post since I don't really understand what went into deciding which files should be used in the Custom Scans/Fixes box of OTL.

One thing I wondered is, due to the fact that I have 5 hard drives (C = regular programs, A = normal files, B = steam and game programs, E = pictures, I = Backup for others), are AdwCleaner, OTL, and SystemLook scanning drives other than C?

I also wish I could find out what the source was for the virus, as I have mostly been going to my regular sites.

Thanks for your help.
_________________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by CRISTINA at 12:13:48 on 2014-02-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12255.9541 [GMT -5:00]
.
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\taskhost.exe
A:\Downloads\AdwCleaner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dn ... 162148&ir=
mWinlogon: Userinit = userinit.exe
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\CRISTINA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0D35918F-046F-42CC-A270-3EA5758CC45E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~3\bprote~1\261519~1.190\{eab34~1\protec~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: 2014-01-07 21:52; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2014-01-07 21:52; {5C655500-E712-41e7-9349-CE462F844B19}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
FF - ExtSQL: 2014-01-07 21:52; autofillForms@blueimp.net ; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\autofillForms@blueimp.net.xpi
FF - ExtSQL: 2014-01-14 12:54; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2014-01-27 15:23; jid1-pFvSABavHgXrRQ@jetpack; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\jid1-pFvSABavHgXrRQ@jetpack.xpi
FF - ExtSQL: 2014-02-15 22:30; {7b1bf0b6-a1b9-42b0-b75d-252036438bdc}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-7 55856]
R1 ArcSec;archlp;C:\Windows\System32\drivers\ArcSec.sys [2012-4-7 312184]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-3-11 22736]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 584056]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-24 410008]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-24 102808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-2-3 115272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-29 39200]
S2 bProtector;bProtector;C:\ProgramData\bProtectorForWindows\2.6.1519.190\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe --> C:\ProgramData\bProtectorForWindows\2.6.1519.190\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-18 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-19 111616]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-8 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-8 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\System32\drivers\vasdDev.sys [2012-5-17 1454896]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-7 1255736]
S4 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-3-26 49152]
S4 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-6 13592]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-4-6 133800]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-12 1593632]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-12 16939296]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
S4 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-10-18 16000]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-6 2656280]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
.
=============== Created Last 30 ================
.
2014-02-22 15:34:24 -------- d-----w- C:\AdwCleaner
2014-02-22 11:55:59 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-22 10:20:32 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-02-19 02:16:24 -------- d-----w- C:\ProgramData\Damned
2014-02-19 02:16:00 -------- d-----w- C:\Python27
2014-02-15 04:03:08 225656 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-02-09 08:52:42 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\Mp3tag
2014-02-09 08:52:15 -------- d-----w- C:\Program Files (x86)\Mp3tag
2014-02-08 20:49:11 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AEEF20F2-7FE8-4851-9C8F-3C33B674D688}\offreg.dll
2014-02-07 22:56:34 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\JRT Studio
2014-02-07 22:56:30 -------- d-----w- C:\Program Files (x86)\JRT Studio
2014-02-07 19:52:59 -------- d-----w- C:\Program Files\iPod
2014-02-07 19:52:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 19:52:58 -------- d-----w- C:\Program Files\iTunes
2014-02-07 19:52:58 -------- d-----w- C:\Program Files (x86)\iTunes
2014-01-29 10:59:13 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-01-29 10:59:13 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-01-29 03:12:04 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\uTorrent
2014-01-26 18:01:39 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-01-24 09:59:47 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\backbeat
2014-01-24 09:59:46 -------- d-----w- C:\Users\CRISTINA\AppData\Local\CrashRpt
2014-01-24 09:59:45 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\Ascension
.
==================== Find3M ====================
.
2014-02-22 10:19:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 10:19:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-22 13:52:10 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-01-22 13:52:10 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2014-01-21 02:53:40 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-01-21 02:53:29 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-01-19 07:33:29 270496 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-12-27 18:42:16 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-19 18:53:46 6671648 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-19 17:20:22 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-12-19 05:01:48 3539040 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-11 22:26:06 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\SETA17.tmp
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 12:15:13.30 ===============

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 4/6/2012 6:11:20 AM
System Uptime: 2/22/2014 9:55:46 AM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO GEN3
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 1584/100mhz
.
==== Disk Partitions =========================
.
A: is FIXED (NTFS) - 932 GiB total, 235.679 GiB free.
B: is FIXED (NTFS) - 932 GiB total, 594.822 GiB free.
C: is FIXED (NTFS) - 119 GiB total, 25.38 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 444.027 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is FIXED (NTFS) - 3726 GiB total, 1312.014 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_10438410&REV_1003\4&2CB35CC7&0&0001
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_10438410&REV_1003\4&2CB35CC7&0&0001
Service: HdAudAddService
.
==== System Restore Points ===================
.
RP401: 2/22/2014 3:07:32 AM - Installed Skype™ 6.9
RP402: 2/22/2014 3:17:44 AM - Removed Skype™ 6.9
RP403: 2/22/2014 3:23:57 AM - Installed Skype™ 6.9
RP404: 2/22/2014 3:36:19 AM - Restore Operation
RP405: 2/22/2014 3:43:46 AM - Removed Skype™ 6.11
RP406: 2/22/2014 3:46:00 AM - Installed Skype™ 6.9
RP407: 2/22/2014 4:05:41 AM - Restore Operation
RP408: 2/22/2014 4:56:32 AM - Removed Skype™ 6.11
RP409: 2/22/2014 5:17:07 AM - Installed Java 7 Update 51
RP410: 2/22/2014 5:41:52 AM - Installed Skype™ 6.9
RP411: 2/22/2014 6:09:56 AM - Removed Skype™ 6.9
RP412: 2/22/2014 6:55:48 AM - Installed Skype™ 6.9
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
A Virus Named TOM
Ace of Spades
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adventures of Shuggy
Age of Empires Online
And Yet It Moves
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Theatre 5
ARMA 2 Dedicated Server
Ascension: Deckbuilding Game
Asmedia ASM104x USB 3.0 Host Controller Driver
Atom Zombie Smasher
Audacity 2.0
Bastion
Batman: Arkham City™
Battle.net
BattlEye for OA Uninstall
BattlEye Uninstall
BIT.TRIP BEAT
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
BIT.TRIP RUNNER
BitTorrent
Botanicula
bProtector for Windows
CameraHelperMsi
Castle Crashers
Cave Story+
Cogs
Comodo Dragon
COMODO GeekBuddy
COMODO Internet Security
Counter-Strike: Source Beta
Crayon Physics Deluxe
DayZ Commander
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Don't Starve
Dual-Core Optimizer
Dungeon Defenders
Dungeons of Dredmor
DVDFab 8.2.1.0 (07/09/2012) Qt
Electronic Super Joy
erLT
ERUNT 1.1j
Escape Goat
EVGA OC Scanner X 2.0.1
EVGA Precision 2.0.4
FINAL FANTASY XIV - A Realm Reborn
FTL: Faster Than Light
Garry's Mod
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
Gratuitous Space Battles
Guacamelee! Gold Edition
Gyazo 2.0.2
Half-Life
Half-Life 2
Half-Life: Source
Hammerfight
HandBrake 0.9.6
Hearthstone
Hewlett-Packard ACLM.NET v1.1.0.0
HOARD
HP FWUpdateEDO2
HP Photosmart 6510 series Basic Device Software
HP Product Detection
HP Update
HPDiagnosticAlert
iCloud
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 15.6.25.0
Intel(R) Rapid Storage Technology
iSyncr
iTunes
Jamestown
Java 7 Update 51
Java Auto Updater
JMicron JMB36X Driver
Jolly Rover
Killing Floor
LAME v3.99.3 (for Windows)
Left 4 Dead 2
LIMBO
Logitech Gaming Software
Logitech Gaming Software 8.51
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Machinarium
MagicDisc 2.7.106
Magicka
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Monaco
MotioninJoy Gamepad tool 0.7.0000
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.58
Mumble 1.2.4
NightSky
NVIDIA 3D Vision Controller Driver 332.21
NVIDIA 3D Vision Driver 332.21
NVIDIA Control Panel 332.21
NVIDIA GeForce Experience 1.8.2
NVIDIA Graphics Driver 332.21
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 11.10.11
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 11.10.11
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
NyxQuest
OpenAL
Orcs Must Die!
Origin
Osmos
osu!
Papers, Please
Papo & Yo
PDF Settings CS5
PixelJunk Eden
Plants vs. Zombies: Game of the Year
Play withSIX
Poker Night at the Inventory
Portal
Portal 2
Psychonauts
PxMergeModule
Q.U.B.E.
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revenge of the Titans
Rosetta Stone Version 3
Sam & Max 101: Culture Shock
Sam & Max 102: Situation: Comedy
Sam & Max 103: The Mole, the Mob and the Meatball
Sam & Max 104: Abe Lincoln Must Die!
Sam & Max 105: Reality 2.0
Sam & Max 106: Bright Side of the Moon
Sam & Max 201: Ice Station Santa
Samorost 2
SAMSUNG USB Driver for Mobile Phones
Seagate Dashboard 2.0
Sequence
Shank
SHIELD Streaming
Shroud of the Avatar
Sid Meier's Civilization V
SimCity™
Skype™ 6.9
Small World 2
Software Version Updater
Source SDK
Source SDK Base 2006
Source SDK Base 2007
Source SDK Base 2013 Multiplayer
Source SDK Base 2013 Singleplayer
SpaceChem
Steam
Steel Storm: Burning Retribution
Super Meat Boy
Surgeon Simulator 2013
swMSM
Swords and Soldiers HD
System Shock 2
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
Team Fortress 2
The Binding Of Isaac
The Clockwork Man
The Clockwork Man: The Hidden World
The Secret of Monkey Island: Special Edition
The Sims™ 3
The Sims™ 3 70s, 80s, & 90s Stuff
The Sims™ 3 Ambitions
The Sims™ 3 Diesel Stuff
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Master Suite Stuff
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Pets
The Sims™ 3 Seasons
The Sims™ 3 Showtime
The Sims™ 3 Supernatural
The Sims™ 3 Town Life Stuff
The Sims™ 3 University Life
The Sims™ 3 World Adventures
The Walking Dead
Ticket to Ride
Tomb Raider
Torchlight II
TRAUMA
Trials Evolution Gold Edition
Trine
Trine 2
Tropic Euro
Unstoppable Gorg
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Uplay
VC80CRTRedist - 8.0.50727.6195
Vertex Dispenser
VLC media player 2.1.3
VVVVVV
Warlock - Master of the Arcane
WARP
Windows Live ID Sign-in Assistant
WinRAR 4.20 (32-bit)
Wizorb
World of Goo
.
==== Event Viewer Messages From Past Week ========
.
2/22/2014 9:55:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mv91xx
2/22/2014 10:15:00 AM, Error: Service Control Manager [7000] - The bProtector service failed to start due to the following error: The system cannot find the file specified.
2/20/2014 12:03:22 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2/19/2014 11:39:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
.
==== End Of File ===========================
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm
Advertisement
Register to Remove

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby Gary R » February 26th, 2014, 6:11 pm

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby Gary R » February 26th, 2014, 6:26 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Cristina

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Since you say you have already run scans with ADWCleaner and SystemLook, can you please post me the following logs which they should have created when you ran the scans ....

AdwCleaner[R1].txt
SystemLook.txt


The AdwCleaner log should be found at the root of your C:\ drive.
The SystemLook log will be in the same directory/folder that SystemLook is in.

Next ....

  • Download FRST64 to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner[R1].txt
  • SystemLook.txt
  • FRST.txt
  • Addition.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby CrisG » February 26th, 2014, 6:34 pm

# AdwCleaner v3.019 - Report created 22/02/2014 at 10:52:23
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : CRISTINA - CRISTINA-PC
# Running from : A:\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : bProtector

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Windows\System32\Tasks\AmiUpdXp
File Found : C:\Windows\System32\Tasks\bProtector
File Found : C:\Windows\Tasks\AmiUpdXp.job
Folder Found : C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\file scout
Folder Found C:\Program Files (x86)\myfree codec
Folder Found C:\ProgramData\bProtectorForWindows
Folder Found C:\ProgramData\IBUpdaterService
Folder Found C:\Users\CRISTINA\AppData\Local\Conduit
Folder Found C:\Users\CRISTINA\AppData\Local\PackageAware
Folder Found C:\Users\CRISTINA\AppData\Local\SwvUpdater
Folder Found C:\Users\CRISTINA\AppData\LocalLow\Conduit
Folder Found C:\Users\CRISTINA\AppData\LocalLow\PriceGong
Folder Found C:\Users\CRISTINA\AppData\Roaming\BabSolution
Folder Found C:\Users\CRISTINA\AppData\Roaming\file scout
Folder Found C:\Users\CRISTINA\AppData\Roaming\Searchprotect
Folder Found C:\Windows\SysWOW64\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\5253ddd1e734ef12
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\caphyon
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\mysearchdial.com
Key Found : HKCU\Software\visualbee
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\caphyon
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\mysearchdial.com
Key Found : [x64] HKCU\Software\visualbee
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\5253ddd1e734ef12
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\Software\Updater By Sweetpacks
Key Found : HKLM\Software\visualbee
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dn ... 162148&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dn ... 162148&ir=

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15514 octets] - [22/02/2014 10:34:45]
AdwCleaner[R1].txt - [15193 octets] - [22/02/2014 10:52:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [15254 octets] ##########
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby CrisG » February 26th, 2014, 6:35 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 10:41 on 22/02/2014 by CRISTINA
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\MZRYSB0U\www.whitesmoke[1].xml --a---- 13 bytes [21:23 10/07/2013] [21:23 10/07/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Users\CRISTINA\Documents\My Games\Sid Meier's Civilization 5\cache\Localization-Babylon.db --a---- 559104 bytes [07:32 17/07/2013] [07:32 17/07/2013] D47E2DC99106E5A817030940999F3D80

Searching for "*conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1323336 bytes [07:32 07/01/2014] [07:32 07/01/2014] 3F20CCDAC6969CBB898D88BB4F5CC22E
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe --a---- 73080 bytes [09:15 10/11/2011] [09:15 10/11/2011] 9A5E999C90861CE9B7906DBF429D4238
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\78W25NTB\search.conduit[1].xml --a---- 87 bytes [21:23 10/07/2013] [21:23 10/07/2013] C2ABCD930C69B2C8C9B8D24AA073BAF5
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\78W25NTB\storage.conduit[1].xml --a---- 13 bytes [23:01 15/05/2013] [23:01 15/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\PQW9Y62A\facebook.conduitapps[1].xml --a---- 13 bytes [23:01 15/05/2013] [23:01 15/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\XT85R5BZ\app.mam.conduit[1].xml --a---- 13 bytes [23:01 15/05/2013] [23:01 15/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\CRISTINA\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1774897_1765438_US.xml --a---- 193 bytes [23:02 15/05/2013] [21:23 10/07/2013] 405DD1D7D36C626FAFD9AC9650D3CD76

Searching for "*BabSolution*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*conduit*"
C:\Program Files (x86)\Conduit d------ [23:51 18/04/2013]
C:\Users\CRISTINA\AppData\Local\Conduit d------ [23:51 18/04/2013]
C:\Users\CRISTINA\AppData\LocalLow\Conduit d------ [23:51 18/04/2013]

Searching for "*BabSolution*"
C:\Users\CRISTINA\AppData\Roaming\BabSolution d------ [00:40 27/05/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr]
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_USERS\.DEFAULT\Software\DataMngr]
[HKEY_USERS\.DEFAULT\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-18\Software\DataMngr]
[HKEY_USERS\S-1-5-18\Software\DataMngr_Toolbar]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{98889811-442D-49dd-99D7-DC866BE87DBC}"="Babylon Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@="Babylon toolbar helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\VBMZ]
"P1"="babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@="Babylon toolbar helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@="Babylon toolbar helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\HomePage]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"="http://search.conduit.com?SearchSource=10&CUI=UN15651001132700175&UM=2&ctid=CT3289847"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Conduit]

Searching for "BabSolution"
[HKEY_CURRENT_USER\Software\BabSolution]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde]
"path"="C:\Users\CRISTINA\AppData\Roaming\BabSolution\CR\Delta.crx"
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\BabSolution]

-= EOF =-
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby CrisG » February 26th, 2014, 6:36 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014 02
Ran by CRISTINA (administrator) on CRISTINA-PC on 26-02-2014 17:32:22
Running from C:\Users\CRISTINA\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\...\MountPoints2: {67e88340-7fe9-11e1-81ef-806e6f6e6963} - D:\autorun.exe
AppInit_DLLs: C:\Windows\system32\guard64.dll => C:\Windows\system32\guard64.dll [390392 2012-11-07] (COMODO)
AppInit_DLLs-x32: c:\progra~3\bprote~1\261519~1.190\{eab34~1\protec~1.dll => "c:\progra~3\bprote~1\261519~1.190\{eab34~1\protec~1.dll" File Not Found
Startup: C:\Users\CRISTINA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x89B09A10B12FCF01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dn ... 162148&ir=
SearchScopes: HKLM-x32 - DefaultScope {DF343BF4-A8D3-427C-B9CC-5A133435EF4C} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={0BBE418D-8636-11E2-B65A-C8600032FF3B}
SearchScopes: HKCU - DefaultScope {78F487CD-E45C-4604-83D0-A608FEAD7D5C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {78F487CD-E45C-4604-83D0-A608FEAD7D5C} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-07]
FF Extension: Autofill Forms - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\Extensions\autofillForms@blueimp.net.xpi [2013-12-22]
FF Extension: Export Cookies - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\Extensions\exportcookies@aag.xpi [2013-12-19]
FF Extension: Mercury Connect - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\Extensions\jid1-pFvSABavHgXrRQ@jetpack.xpi [2014-01-27]
FF Extension: Quick Translator - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-12-22]
FF Extension: YouTube High Definition - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-02-15]
FF Extension: Password Exporter - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013-12-19]
FF Extension: Download YouTube Videos as MP4 - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-12-22]
FF Extension: Shine Bright Skin Aero - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\Extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi [2013-12-22]
FF Extension: Adblock Plus - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-18]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-07]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-26]
FF HKCU\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (WOT) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-14]
CHR Extension: (YouTube) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Adblock Plus) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-14]
CHR Extension: (Google Search) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (*Click2Clear History*) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dckmogldcieahpaljopelnchhidcfhac [2013-12-14]
CHR Extension: (Delta Toolbar) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-12-13]
CHR Extension: (RealDownloader) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-13]
CHR Extension: (Skype Click to Call) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-13]
CHR Extension: (Google Wallet) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-13]
CHR Extension: (AT_Yulia) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\onomgjhiigbnmhkghhpgdojopdlhddbe [2013-12-14]
CHR Extension: (Gmail) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx [2013-12-13]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\CRISTINA\AppData\Roaming\BabSolution\CR\Delta.crx [2013-05-26]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx [2013-04-16]

==================== Services (Whitelisted) =================

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-26] ()
S4 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1267000 2011-11-23] (COMODO)
S4 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-07] (COMODO)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4784312 2013-04-23] (INCA Internet Co., Ltd.)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-10-18] (Seagate Technology LLC)
S2 bProtector; C:\ProgramData\bProtectorForWindows\2.6.1519.190\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe [X]

==================== Drivers (Whitelisted) ====================

R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [22736 2012-11-07] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-07] (COMODO)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S0 mv91xx; system32\DRIVERS\mv91xx.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 17:32 - 2014-02-26 17:32 - 00018452 _____ () C:\Users\CRISTINA\Desktop\FRST.txt
2014-02-26 17:31 - 2014-02-26 17:32 - 00000000 ____D () C:\FRST
2014-02-26 17:31 - 2014-02-26 17:31 - 02155008 _____ (Farbar) C:\Users\CRISTINA\Desktop\FRST64.exe
2014-02-26 17:30 - 2014-02-26 17:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CRISTINA-PC-Microsoft-Windows-7-Professional-(64-bit).dat
2014-02-26 17:30 - 2014-02-26 17:30 - 00000000 ____D () C:\RegBackup
2014-02-26 17:29 - 2014-02-26 17:29 - 03936992 _____ () C:\Users\CRISTINA\Desktop\tweaking.com_registry_backup_setup.exe
2014-02-26 17:29 - 2014-02-26 17:29 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-02-26 17:29 - 2014-02-26 17:29 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-26 07:40 - 2014-02-26 07:40 - 00000000 ____D () C:\Windows\ERDNT
2014-02-22 12:26 - 2014-02-22 12:26 - 00010624 _____ () C:\Users\CRISTINA\Desktop\systemlook1.txt
2014-02-22 12:25 - 2014-02-22 12:25 - 00090371 _____ () C:\Users\CRISTINA\Desktop\otlextra.txt
2014-02-22 12:25 - 2014-02-22 12:25 - 00053930 _____ () C:\Users\CRISTINA\Desktop\otl1.txt
2014-02-22 12:24 - 2014-02-22 12:24 - 00015317 _____ () C:\Users\CRISTINA\Desktop\adw.txt
2014-02-22 12:15 - 2014-02-22 12:19 - 00020932 _____ () C:\Users\CRISTINA\Desktop\dds.txt
2014-02-22 12:15 - 2014-02-22 12:19 - 00011111 _____ () C:\Users\CRISTINA\Desktop\attach.txt
2014-02-22 12:13 - 2014-02-22 12:13 - 00688992 ____R (Swearware) C:\Users\CRISTINA\Downloads\dds.scr
2014-02-22 11:36 - 2014-02-22 11:12 - 00110582 _____ () C:\Users\CRISTINA\Desktop\OTL.Txt
2014-02-22 11:36 - 2014-02-22 10:46 - 00021248 _____ () C:\Users\CRISTINA\Desktop\SystemLook.txt
2014-02-22 11:36 - 2014-02-22 10:39 - 00075264 _____ () C:\Users\CRISTINA\Desktop\SystemLook.exe
2014-02-22 11:36 - 2014-02-22 10:35 - 00602112 _____ (OldTimer Tools) C:\Users\CRISTINA\Desktop\OTL.exe
2014-02-22 11:36 - 2014-02-22 10:34 - 01241834 _____ () C:\Users\CRISTINA\Desktop\AdwCleaner.exe
2014-02-22 11:36 - 2014-02-22 10:30 - 00791393 _____ (Lars Hederer ) C:\Users\CRISTINA\Desktop\erunt-setup.exe
2014-02-22 10:34 - 2014-02-22 10:52 - 00000000 ____D () C:\AdwCleaner
2014-02-22 10:31 - 2014-02-22 10:31 - 00000909 _____ () C:\Users\CRISTINA\Desktop\ERUNT.lnk
2014-02-22 10:31 - 2014-02-22 10:31 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-22 06:57 - 2014-02-22 06:57 - 00003094 _____ () C:\Windows\System32\Tasks\{2A199821-55BC-438E-B986-967C749FBA08}
2014-02-22 06:56 - 2014-02-22 09:57 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\Skype
2014-02-22 06:55 - 2014-02-22 06:55 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-22 06:55 - 2014-02-22 06:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-22 06:05 - 2014-02-22 06:05 - 00000000 ____D () C:\Users\CRISTINA\Documents\lizenrae
2014-02-22 05:17 - 2014-02-22 05:17 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-22 05:14 - 2014-02-22 05:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-22 04:47 - 2014-02-22 04:47 - 00277346 _____ () C:\Users\CRISTINA\Desktop\bookmarks.html
2014-02-22 04:47 - 2014-02-22 04:47 - 00188710 _____ () C:\Users\CRISTINA\Desktop\bookmarks-2014-02-22.json
2014-02-22 03:17 - 2014-02-22 03:37 - 00000000 ____D () C:\Users\CRISTINA\Desktop\lizenrae
2014-02-20 14:06 - 2014-02-21 23:06 - 00000542 _____ () C:\Users\CRISTINA\Desktop\poke.txt
2014-02-18 21:16 - 2014-02-22 04:15 - 00000000 ____D () C:\Python27
2014-02-18 21:16 - 2014-02-22 04:15 - 00000000 ____D () C:\ProgramData\Damned
2014-02-14 23:03 - 2014-02-22 05:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-09 03:52 - 2014-02-10 17:23 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\Mp3tag
2014-02-09 03:52 - 2014-02-09 03:52 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-02-07 18:23 - 2014-02-07 18:23 - 00184150 _____ () C:\Users\CRISTINA\Desktop\bookmarks-2014-02-07.json
2014-02-07 17:56 - 2014-02-22 09:20 - 00000000 ____D () C:\Users\CRISTINA\Documents\JRT Studio
2014-02-07 17:56 - 2014-02-10 17:34 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\JRT Studio
2014-02-07 17:56 - 2014-02-07 17:56 - 00000000 ____D () C:\Program Files (x86)\JRT Studio
2014-02-07 16:54 - 2014-02-07 16:54 - 00189148 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-02-07 14:54 - 2014-02-18 21:22 - 00010778 _____ () C:\Users\CRISTINA\Desktop\games.xlsx
2014-02-07 14:53 - 2014-02-07 14:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-07 14:52 - 2014-02-07 14:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 14:52 - 2014-02-07 14:53 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 14:52 - 2014-02-07 14:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-07 14:52 - 2014-02-07 14:52 - 00000000 ____D () C:\Program Files\iPod
2014-02-06 01:29 - 2014-02-07 17:28 - 00000727 _____ () C:\Users\CRISTINA\Desktop\songs.txt
2014-01-29 05:59 - 2013-12-27 13:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-29 05:59 - 2013-12-27 13:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-28 22:13 - 2014-01-28 22:13 - 00000837 _____ () C:\Users\CRISTINA\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-28 22:12 - 2014-01-29 05:57 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\uTorrent
2014-01-27 22:11 - 2014-01-27 22:11 - 00008958 _____ () C:\Users\CRISTINA\Documents\Book1.xlsx

==================== One Month Modified Files and Folders =======

2014-02-26 17:32 - 2014-02-26 17:32 - 00018452 _____ () C:\Users\CRISTINA\Desktop\FRST.txt
2014-02-26 17:32 - 2014-02-26 17:31 - 00000000 ____D () C:\FRST
2014-02-26 17:31 - 2014-02-26 17:31 - 02155008 _____ (Farbar) C:\Users\CRISTINA\Desktop\FRST64.exe
2014-02-26 17:30 - 2014-02-26 17:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CRISTINA-PC-Microsoft-Windows-7-Professional-(64-bit).dat
2014-02-26 17:30 - 2014-02-26 17:30 - 00000000 ____D () C:\RegBackup
2014-02-26 17:29 - 2014-02-26 17:29 - 03936992 _____ () C:\Users\CRISTINA\Desktop\tweaking.com_registry_backup_setup.exe
2014-02-26 17:29 - 2014-02-26 17:29 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-02-26 17:29 - 2014-02-26 17:29 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-26 16:52 - 2013-12-13 18:34 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-26 15:59 - 2012-04-07 04:44 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-02-26 14:56 - 2012-09-01 13:45 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3706433607-4152841657-1845436021-1000UA.job
2014-02-26 14:56 - 2012-09-01 13:45 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3706433607-4152841657-1845436021-1000Core.job
2014-02-26 12:53 - 2013-04-18 18:51 - 00000368 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-02-26 07:47 - 2009-07-13 23:45 - 00035504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 07:47 - 2009-07-13 23:45 - 00035504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 07:43 - 2009-07-14 00:13 - 00819494 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 07:42 - 2012-04-06 05:11 - 01616121 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 07:40 - 2014-02-26 07:40 - 00000000 ____D () C:\Windows\ERDNT
2014-02-26 07:40 - 2013-12-13 18:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 07:40 - 2013-05-26 13:54 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3706433607-4152841657-1845436021-1000
2014-02-26 07:40 - 2013-05-26 13:54 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3706433607-4152841657-1845436021-1000
2014-02-26 07:39 - 2013-12-11 04:00 - 00015642 _____ () C:\Windows\setupact.log
2014-02-26 07:39 - 2012-05-09 07:35 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-02-26 07:39 - 2012-05-09 07:35 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-02-26 07:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-22 12:26 - 2014-02-22 12:26 - 00010624 _____ () C:\Users\CRISTINA\Desktop\systemlook1.txt
2014-02-22 12:25 - 2014-02-22 12:25 - 00090371 _____ () C:\Users\CRISTINA\Desktop\otlextra.txt
2014-02-22 12:25 - 2014-02-22 12:25 - 00053930 _____ () C:\Users\CRISTINA\Desktop\otl1.txt
2014-02-22 12:24 - 2014-02-22 12:24 - 00015317 _____ () C:\Users\CRISTINA\Desktop\adw.txt
2014-02-22 12:19 - 2014-02-22 12:15 - 00020932 _____ () C:\Users\CRISTINA\Desktop\dds.txt
2014-02-22 12:19 - 2014-02-22 12:15 - 00011111 _____ () C:\Users\CRISTINA\Desktop\attach.txt
2014-02-22 12:13 - 2014-02-22 12:13 - 00688992 ____R (Swearware) C:\Users\CRISTINA\Downloads\dds.scr
2014-02-22 11:54 - 2012-04-08 18:33 - 00000000 ____D () C:\Users\CRISTINA\Documents\Outlook Files
2014-02-22 11:53 - 2013-10-09 10:50 - 00000000 ____D () C:\Users\CRISTINA\AppData\Local\C6AF6D58-E3F6-4491-8790-B6AF348C4E7E.aplzod
2014-02-22 11:12 - 2014-02-22 11:36 - 00110582 _____ () C:\Users\CRISTINA\Desktop\OTL.Txt
2014-02-22 10:52 - 2014-02-22 10:34 - 00000000 ____D () C:\AdwCleaner
2014-02-22 10:46 - 2014-02-22 11:36 - 00021248 _____ () C:\Users\CRISTINA\Desktop\SystemLook.txt
2014-02-22 10:39 - 2014-02-22 11:36 - 00075264 _____ () C:\Users\CRISTINA\Desktop\SystemLook.exe
2014-02-22 10:35 - 2014-02-22 11:36 - 00602112 _____ (OldTimer Tools) C:\Users\CRISTINA\Desktop\OTL.exe
2014-02-22 10:34 - 2014-02-22 11:36 - 01241834 _____ () C:\Users\CRISTINA\Desktop\AdwCleaner.exe
2014-02-22 10:31 - 2014-02-22 10:31 - 00000909 _____ () C:\Users\CRISTINA\Desktop\ERUNT.lnk
2014-02-22 10:31 - 2014-02-22 10:31 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-22 10:31 - 2012-04-06 05:11 - 00000000 ___RD () C:\Users\CRISTINA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-22 10:30 - 2014-02-22 11:36 - 00791393 _____ (Lars Hederer ) C:\Users\CRISTINA\Desktop\erunt-setup.exe
2014-02-22 10:09 - 2012-04-07 05:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-22 09:57 - 2014-02-22 06:56 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\Skype
2014-02-22 09:56 - 2013-05-26 13:45 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3706433607-4152841657-1845436021-1000
2014-02-22 09:56 - 2013-05-26 13:45 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3706433607-4152841657-1845436021-1000
2014-02-22 09:44 - 2013-08-19 09:42 - 00000000 ____D () C:\Windows\pss
2014-02-22 09:20 - 2014-02-07 17:56 - 00000000 ____D () C:\Users\CRISTINA\Documents\JRT Studio
2014-02-22 06:57 - 2014-02-22 06:57 - 00003094 _____ () C:\Windows\System32\Tasks\{2A199821-55BC-438E-B986-967C749FBA08}
2014-02-22 06:57 - 2012-04-07 04:06 - 00000000 ____D () C:\ProgramData\Skype
2014-02-22 06:55 - 2014-02-22 06:55 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-22 06:55 - 2014-02-22 06:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-22 06:05 - 2014-02-22 06:05 - 00000000 ____D () C:\Users\CRISTINA\Documents\lizenrae
2014-02-22 05:59 - 2013-12-16 23:37 - 00004080 _____ () C:\Windows\System32\Tasks\CRISTINA2
2014-02-22 05:46 - 2014-02-14 23:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-22 05:46 - 2010-11-20 22:47 - 00263510 _____ () C:\Windows\PFRO.log
2014-02-22 05:19 - 2013-12-19 06:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-22 05:19 - 2013-12-15 03:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-22 05:17 - 2014-02-22 05:17 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-22 05:17 - 2013-12-15 02:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-22 05:17 - 2013-11-21 17:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-22 05:14 - 2014-02-22 05:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-22 05:13 - 2014-01-26 13:06 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\vlc
2014-02-22 04:47 - 2014-02-22 04:47 - 00277346 _____ () C:\Users\CRISTINA\Desktop\bookmarks.html
2014-02-22 04:47 - 2014-02-22 04:47 - 00188710 _____ () C:\Users\CRISTINA\Desktop\bookmarks-2014-02-22.json
2014-02-22 04:16 - 2012-04-06 05:11 - 00000000 ____D () C:\Users\CRISTINA
2014-02-22 04:15 - 2014-02-18 21:16 - 00000000 ____D () C:\Python27
2014-02-22 04:15 - 2014-02-18 21:16 - 00000000 ____D () C:\ProgramData\Damned
2014-02-22 04:15 - 2013-01-25 07:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-22 04:15 - 2012-05-09 07:35 - 00000000 ____D () C:\Windows\AutoKMS
2014-02-22 04:15 - 2012-04-07 06:14 - 00000000 ____D () C:\ProgramData\Real
2014-02-22 04:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-22 04:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-02-22 03:37 - 2014-02-22 03:17 - 00000000 ____D () C:\Users\CRISTINA\Desktop\lizenrae
2014-02-21 23:06 - 2014-02-20 14:06 - 00000542 _____ () C:\Users\CRISTINA\Desktop\poke.txt
2014-02-18 21:22 - 2014-02-07 14:54 - 00010778 _____ () C:\Users\CRISTINA\Desktop\games.xlsx
2014-02-12 00:47 - 2013-12-13 18:34 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 00:47 - 2013-12-13 18:34 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 23:46 - 2012-04-06 05:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-10 17:34 - 2014-02-07 17:56 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\JRT Studio
2014-02-10 17:23 - 2014-02-09 03:52 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\Mp3tag
2014-02-10 15:45 - 2013-01-26 12:39 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\Audacity
2014-02-09 20:12 - 2012-05-12 17:02 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\Mumble
2014-02-09 03:52 - 2014-02-09 03:52 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-02-07 18:23 - 2014-02-07 18:23 - 00184150 _____ () C:\Users\CRISTINA\Desktop\bookmarks-2014-02-07.json
2014-02-07 17:56 - 2014-02-07 17:56 - 00000000 ____D () C:\Program Files (x86)\JRT Studio
2014-02-07 17:41 - 2012-09-21 15:45 - 00000000 ____D () C:\Users\CRISTINA\MSYNC
2014-02-07 17:28 - 2014-02-06 01:29 - 00000727 _____ () C:\Users\CRISTINA\Desktop\songs.txt
2014-02-07 16:54 - 2014-02-07 16:54 - 00189148 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-02-07 14:53 - 2014-02-07 14:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-07 14:53 - 2014-02-07 14:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 14:53 - 2014-02-07 14:52 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 14:53 - 2014-02-07 14:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-07 14:52 - 2014-02-07 14:52 - 00000000 ____D () C:\Program Files\iPod
2014-02-06 17:49 - 2013-08-02 07:26 - 00001002 _____ () C:\Users\CRISTINA\Desktop\DisasterLoomsContents.txt
2014-02-03 15:20 - 2013-12-12 18:39 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-03 15:15 - 2013-01-25 07:17 - 00000000 ____D () C:\Users\CRISTINA\AppData\Local\Google
2014-02-03 15:15 - 2012-04-07 02:51 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-03 15:15 - 2012-04-07 02:51 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-29 05:59 - 2012-04-06 05:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-29 05:57 - 2014-01-28 22:12 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\uTorrent
2014-01-28 22:14 - 2012-04-07 04:37 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\BitTorrent
2014-01-28 22:13 - 2014-01-28 22:13 - 00000837 _____ () C:\Users\CRISTINA\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-28 09:18 - 2012-04-07 04:43 - 00000000 ____D () C:\ProgramData\Comodo
2014-01-28 09:18 - 2012-04-07 04:27 - 00000000 ____D () C:\ProgramData\Apple
2014-01-28 09:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-01-27 22:11 - 2014-01-27 22:11 - 00008958 _____ () C:\Users\CRISTINA\Documents\Book1.xlsx

Some content of TEMP:
====================
C:\Users\CRISTINA\AppData\Local\Temp\6512uninstall.exe
C:\Users\CRISTINA\AppData\Local\Temp\DJAPI.dll
C:\Users\CRISTINA\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\CRISTINA\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\CRISTINA\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\CRISTINA\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\CRISTINA\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\CRISTINA\AppData\Local\Temp\nvStInst.exe
C:\Users\CRISTINA\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\CRISTINA\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\CRISTINA\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CRISTINA\AppData\Local\Temp\Sqlite3.dll
C:\Users\CRISTINA\AppData\Local\Temp\utt8F01.tmp.exe
C:\Users\CRISTINA\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-22 13:13

==================== End Of Log ============================
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby CrisG » February 26th, 2014, 6:36 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2014 02
Ran by CRISTINA at 2014-02-26 17:33:00
Running from C:\Users\CRISTINA\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: COMODO Antivirus (Disabled - Up to date) {458BB331-2324-0753-3D5F-1472EB102AC0}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Disabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Virus Named TOM (HKLM-x32\...\Steam App 207650) (Version: - )
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version: - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adventures of Shuggy (HKLM-x32\...\Steam App 211440) (Version: - )
Age of Empires Online (HKLM-x32\...\Steam App 105430) (Version: - Microsoft)
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version: - Broken Rules)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Theatre 5 (HKLM-x32\...\InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}) (Version: 5.0.1.113 - ArcSoft)
ArcSoft TotalMedia Theatre 5 (x32 Version: 5.0.1.80 - ArcSoft) Hidden
ARMA 2 Dedicated Server (HKLM-x32\...\Steam App 33905) (Version: - Bohemia Interactive)
Ascension: Deckbuilding Game (HKLM-x32\...\Steam App 261860) (Version: - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
Atom Zombie Smasher (HKLM-x32\...\Steam App 55040) (Version: - )
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
BIT.TRIP BEAT (HKLM-x32\...\Steam App 63700) (Version: - Gaijin Games)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version: - Gaijin Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)
Botanicula (HKLM-x32\...\Steam App 207690) (Version: - )
bProtector for Windows (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - )
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version: - )
Cogs (HKLM-x32\...\Steam App 26500) (Version: - Lazy 8 Studios)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 15.0 - COMODO)
COMODO GeekBuddy (HKLM-x32\...\COMODO GeekBuddy) (Version: 3.3.217083.59 - COMODO)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.10.31649.2253 - COMODO Security Solutions Inc.)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - Valve)
Crayon Physics Deluxe (HKLM-x32\...\Steam App 26900) (Version: - Kloonigames)
DayZ Commander (HKLM-x32\...\{E91E51A3-57D2-411B-899F-5AB27E900FEF}) (Version: 0.9.108 - Dotjosh Studios)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Don't Starve (HKLM-x32\...\Don't Starve_is1) (Version: - Klei Entertainment)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - )
Dungeons of Dredmor (HKLM-x32\...\Steam App 98800) (Version: - )
DVDFab 8.2.1.0 (07/09/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version: - Michael Todd Games)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Escape Goat (HKLM-x32\...\{00302B66-5799-4957-933F-8240C50D3C5C}) (Version: 1.0.5 - MagicalTimeBean)
EVGA OC Scanner X 2.0.1 (HKLM-x32\...\{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1) (Version: - EVGA)
EVGA Precision 2.0.4 (HKLM-x32\...\Precision) (Version: 2.0.4 - EVGA Corporation)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version: - Positech Games)
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version: - Valve)
Hammerfight (HKLM-x32\...\Steam App 41100) (Version: - KranX Productions)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HOARD (HKLM-x32\...\Steam App 63000) (Version: - Big Sandwich Games)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{B53F9744-F0FB-44A6-9739-335CDAB4488A}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel(R) Network Connections 15.6.25.0 (Version: 15.6.25.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iSyncr (HKLM-x32\...\{FF4CBD74-F9CE-4F9B-A212-0E11812995B6}) (Version: 4.2.2 - JRT Studio)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Jamestown (HKLM-x32\...\Steam App 94200) (Version: - )
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
Jolly Rover (HKLM-x32\...\Steam App 58200) (Version: - )
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LIMBO (HKLM-x32\...\Steam App 48000) (Version: - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Machinarium (HKLM-x32\...\Steam App 40700) (Version: - Amanita Design)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NightSky (HKLM-x32\...\Steam App 99700) (Version: - )
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
NyxQuest (HKLM-x32\...\Steam App 57000) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Osmos (HKLM-x32\...\Steam App 29180) (Version: - Hemisphere Games)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Papo & Yo (HKLM-x32\...\Steam App 227080) (Version: - Minority Media Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PixelJunk Eden (HKLM-x32\...\Steam App 105800) (Version: - Q-Games, Ltd.)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap)
Play withSIX (HKLM-x32\...\{E77FE33E-DD32-4916-8728-F7757EEECB5F}) (Version: 1.00.0162 - SIX Networks)
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version: - Telltale Games)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Psychonauts (HKLM-x32\...\Steam App 3830) (Version: - Double Fine Productions, Inc.)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Q.U.B.E. (HKLM-x32\...\Steam App 203730) (Version: - )
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revenge of the Titans (HKLM-x32\...\Steam App 93200) (Version: - )
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Sam & Max 101: Culture Shock (HKLM-x32\...\Steam App 8200) (Version: - Telltale Games)
Sam & Max 102: Situation: Comedy (HKLM-x32\...\Steam App 8210) (Version: - Telltale Games)
Sam & Max 103: The Mole, the Mob and the Meatball (HKLM-x32\...\Steam App 8220) (Version: - Telltale Games)
Sam & Max 104: Abe Lincoln Must Die! (HKLM-x32\...\Steam App 8230) (Version: - Telltale Games)
Sam & Max 105: Reality 2.0 (HKLM-x32\...\Steam App 8240) (Version: - Telltale Games)
Sam & Max 106: Bright Side of the Moon (HKLM-x32\...\Steam App 8250) (Version: - Telltale Games)
Sam & Max 201: Ice Station Santa (HKLM-x32\...\Steam App 8260) (Version: - Telltale Games)
Samorost 2 (HKLM-x32\...\Steam App 40720) (Version: - Amanita Design)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.42.0 - Seagate)
Sequence (HKLM-x32\...\Steam App 200910) (Version: - )
Shank (HKLM-x32\...\Steam App 6120) (Version: - Electronic Arts)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Shroud of the Avatar (HKLM-x32\...\{E8334E02-EE1F-4DAF-960D-7AF5D8E829DF}) (Version: 0.1.0 - Portalarium)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.9 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.9.106 - Skype Technologies S.A.)
Small World 2 (HKLM-x32\...\Steam App 235620) (Version: - Days of Wonder)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.7 - ) <==== ATTENTION
Source SDK (HKLM-x32\...\Steam App 211) (Version: - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version: - )
Source SDK Base 2013 Singleplayer (HKLM-x32\...\Steam App 243730) (Version: - )
SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steel Storm: Burning Retribution (HKLM-x32\...\Steam App 96200) (Version: - )
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - )
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Swords and Soldiers HD (HKLM-x32\...\Steam App 63500) (Version: - Ronimo Games)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - Irrational Games)
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal (HKLM-x32\...\Steam App 31170) (Version: - Telltale Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Binding Of Isaac (HKLM-x32\...\Steam App 113200) (Version: - )
The Clockwork Man (HKLM-x32\...\Steam App 111000) (Version: - )
The Clockwork Man: The Hidden World (HKLM-x32\...\Steam App 111010) (Version: - )
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
Ticket to Ride (HKLM-x32\...\Steam App 108200) (Version: - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - )
TRAUMA (HKLM-x32\...\Steam App 98100) (Version: - )
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version: - Redlynx Ltd)
Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - )
Tropic Euro (HKCU\...\Tropic Euro) (Version: - Inner Version Ltd)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.9 - Tweaking.com)
Unstoppable Gorg (HKLM-x32\...\Steam App 18120) (Version: - )
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vertex Dispenser (HKLM-x32\...\Steam App 102400) (Version: - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version: - )
Warlock - Master of the Arcane (HKLM-x32\...\Steam App 203630) (Version: - )
WARP (HKLM-x32\...\Steam App 102850) (Version: - Trapdoor Inc.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wizorb (HKLM-x32\...\Steam App 207420) (Version: - )
World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D Boy)

==================== Restore Points =========================

22-02-2014 10:41:52 Installed Skype™ 6.9
22-02-2014 11:09:56 Removed Skype™ 6.9
22-02-2014 11:55:48 Installed Skype™ 6.9
26-02-2014 13:01:15 Windows Backup

==================== Hosts content: ==========================

2009-07-13 21:34 - 2010-12-05 01:53 - 00001798 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {04C67FE4-8027-48A8-BDCF-81665CE51698} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {11273401-1027-4CC7-88E7-5389C374E2C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13] (Google Inc.)
Task: {11B2C91F-A66A-4BD6-9CBA-003C0062D5A8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3706433607-4152841657-1845436021-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {231E2558-1A49-4BD9-80B6-4CA1097BAFE7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {2BFEB2D9-D93B-445A-A7B9-BE4DF8D2B4A9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3706433607-4152841657-1845436021-1000Core => C:\Users\CRISTINA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {2CB160D4-A230-4975-814A-9BFBF1D3D6D1} - System32\Tasks\AmiUpdXp => C:\Users\CRISTINA\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: {2CB7AA8D-D293-4B61-B60E-6A5BEBA68F20} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3706433607-4152841657-1845436021-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {3CDAFC7C-8672-4CF3-94BE-415AF080EA73} - System32\Tasks\CRISTINA3 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
Task: {45EAB4BD-63DC-4A25-B0AA-290CC1939A71} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3706433607-4152841657-1845436021-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {4637B582-049E-449D-B3AF-D3D6BB006BB6} - System32\Tasks\Game_Booster_Startup => C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
Task: {4B220AB7-6920-4341-9D13-5A92A9A24FAF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3706433607-4152841657-1845436021-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {4DF3928E-0584-498C-86D6-EE5A7362D771} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3706433607-4152841657-1845436021-1000UA => C:\Users\CRISTINA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {4F274529-E1FC-4A6A-BD47-27C9513CE84B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5A8B0224-47AE-44D5-A23D-580EBB75872F} - System32\Tasks\bProtector => Sc.exe start bProtector
Task: {62B4B36C-A771-4657-B952-4E751322F2A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13] (Google Inc.)
Task: {68C67E1D-40D4-44C9-8DCC-6DDA7411D1A6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-05-09] ()
Task: {6ECE643E-6E2B-4FD0-B9EC-3837E1DBF543} - System32\Tasks\CRISTINA2 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
Task: {7087E77A-A23E-4E5E-BB46-CDB288F940D8} - System32\Tasks\{72F81363-4710-40FF-8766-775F882710C9} => Firefox.exe
Task: {789EFFCB-21A3-4700-A51A-2FB22A164E48} - System32\Tasks\HP Photosmart 6510 series.exe_{E15CB6D1-0B0A-4940-878C-212882E89168} => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HP Photosmart 6510 series.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {8360E974-23FA-4138-9E17-15DF4D629141} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {8E8A0DA4-0629-442C-8CE4-3E036E545EE7} - System32\Tasks\CRISTINA1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
Task: {93DDA5F2-F913-4FF4-A6C1-EF905D61EBB1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {95127EEC-4FD1-4F33-8CBB-0C6EF2E687DF} - System32\Tasks\ScanToPCActivationApp.exe_{D2E25CBE-D74E-43D7-BE21-AD84D7F9ADF1} => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {9DC6A11F-818A-4F35-9A6B-F87C34D76D5F} - System32\Tasks\CRISTINA => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
Task: {A3C7E2C6-D059-4600-A1F2-4885A84DCEA7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {AB071D65-1457-4404-892E-A45A087C1519} - System32\Tasks\CRISTINA3 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
Task: {AD5B28F6-7A35-410A-9494-9506F36B4FCC} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {C0E7CB08-CBEF-409F-913B-3DCC8BEFC4A7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3706433607-4152841657-1845436021-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {DB4876A0-73D5-4291-95F4-6A66227880AA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {DB73291C-302C-47DE-A5F2-6D6FA436FA50} - System32\Tasks\CRISTINA1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
Task: {DDEC319E-7A51-4E30-AFF6-77386D11E9B3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3706433607-4152841657-1845436021-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E26FF93D-0CEF-4838-AD12-22C4B3AF507E} - System32\Tasks\CRISTINA DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-10-18] (Seagate Technology LLC)
Task: {E330A49E-4C81-4DCD-8EB3-8824648BC7C5} - System32\Tasks\AdobeAAMUpdater-1.0-CRISTINA-PC-CRISTINA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {E9A69E69-2B10-49EA-BBB3-2463A125D229} - System32\Tasks\CRISTINA Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
Task: {EEE982CB-471C-4850-B509-F8AE14C68548} - System32\Tasks\{2A199821-55BC-438E-B986-967C749FBA08} => Firefox.exe http://ui.skype.com/ui/0/6.11.0.102/en/ ... Error=1603
Task: {F2AAAD95-98CE-4561-BC03-6629A856815B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F5FCB272-2394-46CC-9420-4DA838320A93} - System32\Tasks\CRISTINA2 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
Task: {F9F124D7-71F3-448B-B935-2DCEA6F647B1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3706433607-4152841657-1845436021-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\CRISTINA\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3706433607-4152841657-1845436021-1000Core.job => C:\Users\CRISTINA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3706433607-4152841657-1845436021-1000UA.job => C:\Users\CRISTINA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-22 05:14 - 2014-02-12 19:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\CRISTINA\AppData\Roaming\Microsoft Access 97-2003.EML:OECustomProperty
AlternateDataStreams: C:\Users\CRISTINA\AppData\Local\Temp:SY0xj4YJ7cRVCzQZfVGIdFLt93
AlternateDataStreams: C:\Users\CRISTINA\AppData\Local\Temp:VESB8DjtstUM97dt89NnrWA
AlternateDataStreams: C:\Users\CRISTINA\AppData\Local\Temporary Internet Files:CsSHWpKCAk45ZKVYi2zrHl
AlternateDataStreams: C:\Users\CRISTINA\AppData\Local\Temporary Internet Files:JbQQa6yrNPHa4ISVw8q3Z7NNj

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CLPSLS => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: CLPSLS => 3
MSCONFIG\Services: cmdAgent => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® PROSet Monitoring Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 3
MSCONFIG\Services: Seagate Dashboard Services => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iSyncr.lnk => C:\Windows\pss\iSyncr.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^CRISTINA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameStop Now.lnk => C:\Windows\pss\GameStop Now.lnk.Startup
MSCONFIG\startupfolder: C:^Users^CRISTINA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: COMODO => C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
MSCONFIG\startupreg: CPA => C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\CRISTINA\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: HP Photosmart 6510 series (NET) => "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AA4150V05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Steam => "B:\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== Faulty Device Manager Devices =============

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2014 07:41:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 10:24:55 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ea0

Start Time: 01cf2fe1c75443a5

Termination Time: 15

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 763f65b0-9bd5-11e3-80f9-c8600032ff3b

Error: (02/22/2014 09:57:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 09:50:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 09:46:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 09:20:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 06:59:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 06:57:51 AM) (Source: MsiInstaller) (User: CRISTINA-PC)
Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeSetup_6.9.0.106.msi

Error: (02/22/2014 06:54:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 06:50:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/26/2014 07:39:12 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mv91xx

Error: (02/26/2014 07:39:12 AM) (Source: Service Control Manager) (User: )
Description: The bProtector service failed to start due to the following error:
%%2

Error: (02/22/2014 03:26:35 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (02/22/2014 11:22:33 AM) (Source: DCOM) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (02/22/2014 10:15:00 AM) (Source: Service Control Manager) (User: )
Description: The bProtector service failed to start due to the following error:
%%2

Error: (02/22/2014 10:14:00 AM) (Source: Service Control Manager) (User: )
Description: The bProtector service failed to start due to the following error:
%%2

Error: (02/22/2014 10:13:00 AM) (Source: Service Control Manager) (User: )
Description: The bProtector service failed to start due to the following error:
%%2

Error: (02/22/2014 10:12:00 AM) (Source: Service Control Manager) (User: )
Description: The bProtector service failed to start due to the following error:
%%2

Error: (02/22/2014 10:11:00 AM) (Source: Service Control Manager) (User: )
Description: The bProtector service failed to start due to the following error:
%%2

Error: (02/22/2014 10:10:00 AM) (Source: Service Control Manager) (User: )
Description: The bProtector service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/26/2014 07:41:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 10:24:55 AM) (Source: Application Hang)(User: )
Description: iexplore.exe11.0.9600.16428ea001cf2fe1c75443a515C:\Program Files\Internet Explorer\iexplore.exe763f65b0-9bd5-11e3-80f9-c8600032ff3b

Error: (02/22/2014 09:57:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 09:50:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 09:46:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 09:20:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 06:59:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 06:57:51 AM) (Source: MsiInstaller)(User: CRISTINA-PC)
Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeSetup_6.9.0.106.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/22/2014 06:54:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 06:50:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-02-18 11:41:26.896
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-18 11:41:26.885
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-18 11:41:24.861
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-18 11:41:24.850
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-18 11:41:22.802
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-18 11:41:22.790
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-18 11:41:20.720
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-18 11:41:20.706
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-18 11:41:18.671
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-18 11:41:18.656
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 12255.13 MB
Available physical RAM: 9891.68 MB
Total Pagefile: 13277.31 MB
Available Pagefile: 11033.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive a: (Regular) (Fixed) (Total:931.51 GB) (Free:235.18 GB) NTFS
Drive b: (Intensive) (Fixed) (Total:931.51 GB) (Free:594.32 GB) NTFS
Drive c: () (Fixed) (Total:119.14 GB) (Free:25.98 GB) NTFS
Drive e: (1TB) (Fixed) (Total:931.51 GB) (Free:180.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1D9F678A)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: A8D7432F)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: D9D06507)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 93DA6BFE)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby Gary R » February 26th, 2014, 8:39 pm

OK, it's going to take me a while to go through your logs, and since it's gone midnight where I am, that means it's going to be sometime tomorrow morning before I can post you a fix.

Talk to you then. :)
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby Gary R » February 27th, 2014, 2:25 am

In looking through your logs this morning, another issue has come to light ....


  • Download MGA Diagnostic Tool to your Desktop.
  • Double click MGADiag.exe to launch the programme.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.
    • Click Start > Run type Notepad click OK.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.
  • Close MGA Diagnostic Tool.
  • Copy/Paste the log in your next reply please.

Next

Download CKScanner to your Desktop.
  • Doubleclick CKScanner.exe to launch it.
  • Click Search For Files.
  • After a couple minutes a list will appear in the panel to the right.
  • Click Save List To File.
  • A message box will verify the file saved.
  • Close CKScanner.
  • Copy/paste the contents of ckfiles.txt in your next reply please (it will be on your Desktop).
  • Please run the program once only.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby CrisG » February 27th, 2014, 6:24 am

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-DKJXR-QBTHR-YRMR8
Windows Product Key Hash: upi9NjvNMtzdDHHZglYKNHN5Qkw=
Windows Product ID: 00371-OEM-9308573-73591
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {98357EB8-702D-4329-B3AC-5A07287A277A}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{98357EB8-702D-4329-B3AC-5A07287A277A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-YRMR8</PKey><PID>00371-OEM-9308573-73591</PID><PIDType>8</PIDType><SID>S-1-5-21-3706433607-4152841657-1845436021</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>3202</Version><SMBIOSVersion major="2" minor="6"/><Date>20120217000000.000000+000</Date></BIOS><HWID>1FF93007018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
Activation ID: da22eadd-46dc-4056-a287-f5041c852470
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00186-085-773591-02-1033-7601.0000-0972012
Installation ID: 008541767786454956496252777296851742369565136903744593
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: YRMR8
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 2/27/2014 5:21:12 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:8:2014 13:14
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OAAAAAIAAwABAAEAAgADAAAAAQABAAEACrYGjDTmFT8OpxpdXNmK0hRAd/asi1SztanrYJr5LnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT SataRe SataTabl
SSDT SataRe SataTabl
SSDT SataRe SataTabl
BGRT ALASKA A M I
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby CrisG » February 27th, 2014, 6:24 am

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files (x86)\six networks\play withsix\tools\bin\ssh-keygen.exe
c:\windows\autokms\autokms.exe
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 adobeereg.com
hosts 127.0.0.1 www.adobeereg.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 hl2rcv.adobe.com
scanner sequence 3.ZZ.11.RHNAIZ
----- EOF -----
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected w/ .bProtector (Did not see rules post, redo)

Unread postby Gary R » February 27th, 2014, 10:46 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 355 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware