Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

browser.exe *32 -"Google Chome" virus (no chrome installation)

Started by Robutt , Aug 20 2014 01:32 PM

  • This topic is locked This topic is locked

#1
Robutt
Posted 20 August 2014 - 01:32 PM

Robutt

    New Member

  • Member
  • Pip
  • 2 posts

OTL logfile created on: 8/20/2014 2:53:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Automation\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.06% Memory free
16.00 Gb Paging File | 13.35 Gb Available in Paging File | 83.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 676.12 Gb Free Space | 72.59% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 61.70 Mb Free Space | 61.71% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 392.79 Gb Free Space | 42.17% Space Free | Partition Type: NTFS
 
Computer Name: AUTOMATION-01 | User Name: Automation | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/20 14:49:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Automation\Downloads\OTL.exe
PRC - [2014/08/19 19:32:05 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\browser.exe
PRC - [2014/08/05 10:42:51 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/14 00:55:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/04/20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
PRC - [2014/04/20 16:15:18 | 000,192,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
PRC - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/06 11:50:24 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/02 17:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2011/07/28 17:06:20 | 000,297,440 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/19 19:32:05 | 014,669,128 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/08/19 19:32:05 | 008,537,928 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\pdf.dll
MOD - [2014/08/19 19:32:05 | 001,732,936 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/08/19 19:32:05 | 000,718,152 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\libglesv2.dll
MOD - [2014/08/19 19:32:05 | 000,353,096 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/19 19:32:05 | 000,126,280 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\libegl.dll
MOD - [2014/08/05 10:42:51 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013 -- (RemoteSolverDispatcher)
SRV:64bit: - [2013/01/30 20:47:00 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/09/28 06:25:48 | 000,076,904 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/08/05 10:42:51 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/18 14:13:20 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2014/05/14 00:55:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/04/23 18:01:04 | 000,572,096 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/04/20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe -- (AVP15.0.0)
SRV - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/30 20:42:59 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2013/01/30 20:42:58 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/09/20 10:56:06 | 000,136,896 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012/09/06 11:50:24 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/09/19 16:59:40 | 000,278,336 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2011/08/03 07:50:00 | 002,255,464 | R--- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/02 17:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2011/07/28 17:06:20 | 000,297,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/03/22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/20 14:30:07 | 000,792,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/08/20 14:30:07 | 000,140,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/04/10 17:25:34 | 000,243,808 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:64bit: - [2014/03/28 17:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014/03/26 17:05:28 | 000,179,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014/03/25 16:26:04 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2014/02/25 13:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014/02/20 12:59:04 | 000,457,824 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2013/08/08 17:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2012/12/19 01:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/10/10 23:08:38 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 23:08:36 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/08/12 03:38:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 10:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/11 01:11:00 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010/03/04 06:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3225824
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 7A 59 1D 4E 78 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {db61f672-0d05-4997-bec6-96eaab7c4106} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3225824
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:6.1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014/08/20 13:54:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014/08/20 13:54:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Automation\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}: C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ [2014/04/30 01:23:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014/08/20 13:54:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014/08/20 13:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014/08/20 14:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}: C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ [2014/04/30 01:23:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/08/12 02:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Automation\AppData\Roaming\Mozilla\Extensions
[2014/07/31 22:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Automation\AppData\Roaming\Mozilla\Firefox\Profiles\rw6q06ft.default-1362944145134\extensions
[2014/07/31 22:24:33 | 000,000,000 | ---D | M] ("Flash Video Downloader - YouTube Full HD Download") -- C:\Users\Automation\AppData\Roaming\Mozilla\Firefox\Profiles\rw6q06ft.default-1362944145134\extensions\[email protected]
[2014/08/05 10:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/05 10:42:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/08/20 13:54:02 | 000,000,000 | ---D | M] (Dangerous Websites Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 15.0.0\FFEXT\[email protected]KASPERSKY.COM
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Automation\AppData\Local\e0345d\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Automation\AppData\Local\e0345d\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Automation\AppData\Local\e0345d\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Wondershare Video Converter Ultimate = C:\Users\Automation\AppData\Local\e0345d\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp\7.0.0_0\
CHR - Extension: Google Search = C:\Users\Automation\AppData\Local\e0345d\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: BitTorrentControl_v10 = C:\Users\Automation\AppData\Local\e0345d\Google\Chrome\User Data\Default\Extensions\lfhhcpdkkfaconddfjbielfdiloadbpg\2.3.15.10_0\
CHR - Extension: Google Wallet = C:\Users\Automation\AppData\Local\e0345d\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Automation\AppData\Local\e0345d\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/06/16 09:59:37 | 000,001,881 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
O1 - Hosts: 127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Wondershare Video Converter Ultimate) - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [svchost86x.sys] "C:\Users\AUTOMA~1\AppData\Local\Temp\conhost.exe" File not found
O4 - HKCU..\Run: [UIOptional] C:\Users\Automation\AppData\Local\UIOptional\UIOptional.dll (Borland Software Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0765F5CE-32C2-4C82-BF66-A5D570598438}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4C52F94-F18C-457C-8E98-570C39FF672A}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/17 17:23:01 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{7e7548f9-f894-11e2-b113-50e549998a30}\Shell - "" = AutoRun
O33 - MountPoints2\{7e7548f9-f894-11e2-b113-50e549998a30}\Shell\AutoRun\command - "" = G:\iLinker.exe
O33 - MountPoints2\{95d2e089-e44f-11e1-8ea5-50e549998a30}\Shell - "" = AutoRun
O33 - MountPoints2\{95d2e089-e44f-11e1-8ea5-50e549998a30}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:7a916edd /wow /dir:"C:\Program Files\AVAST Software\Avast1")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/20 13:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
[2014/08/20 13:55:51 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\klfphc.dll
[2014/08/20 13:54:03 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2014/08/20 13:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014/08/20 13:52:33 | 000,792,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/08/20 13:52:33 | 000,140,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/08/20 13:52:30 | 000,243,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klhk.sys
[2014/08/19 19:23:03 | 000,000,000 | ---D | C] -- C:\Users\Automation\AppData\Local\UIOptional
[2014/08/05 10:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/04 23:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/08/04 21:55:16 | 000,000,000 | ---D | C] -- C:\Users\Automation\AppData\Local\browser_dir
[2014/08/04 21:49:23 | 000,000,000 | ---D | C] -- C:\Users\Automation\AppData\Roaming\3919261435
[2014/08/04 21:46:04 | 000,000,000 | ---D | C] -- C:\Users\Automation\AppData\Local\Google
[2014/08/04 21:41:47 | 000,000,000 | ---D | C] -- C:\Users\Automation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/08/04 21:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/08/04 21:32:40 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/07/31 23:14:31 | 000,000,000 | ---D | C] -- C:\Users\Automation\AppData\Local\e0345d
[2014/07/31 23:14:19 | 000,000,000 | ---D | C] -- C:\Users\Automation\AppData\Local\2416693740
[2014/07/30 06:49:16 | 000,000,000 | ---D | C] -- C:\Users\Automation\AppData\Roaming\e0345d
[2014/07/30 06:49:11 | 000,000,000 | ---D | C] -- C:\Users\Automation\AppData\Roaming\512734097
[2014/07/30 06:48:56 | 000,000,000 | ---D | C] -- C:\Users\Automation\AppData\Roaming\3212715433
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/20 14:30:07 | 000,792,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/08/20 14:30:07 | 000,140,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/08/20 14:20:39 | 000,023,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/20 14:20:36 | 000,023,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/20 14:17:51 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/20 14:17:51 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/20 14:17:51 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/20 14:11:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/20 14:11:18 | 2146,275,327 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/20 13:56:09 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
[2014/08/20 13:05:20 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2014/08/07 17:35:26 | 000,000,031 | ---- | M] () -- C:\Users\Automation\AppData\Roaming\2939542234
[2014/08/07 14:18:49 | 000,000,004 | ---- | M] () -- C:\Users\Automation\AppData\Roaming\2679984789
[2014/08/07 14:18:47 | 000,000,004 | ---- | M] () -- C:\Users\Automation\AppData\Roaming\1702612637
[2014/08/07 10:12:24 | 000,000,004 | ---- | M] () -- C:\Users\Automation\AppData\Roaming\2781556476
[2014/08/04 22:24:05 | 000,000,004 | ---- | M] () -- C:\Users\Automation\AppData\Roaming\273020042
[2014/08/04 21:55:12 | 049,308,698 | ---- | M] () -- C:\Users\Automation\AppData\Roaming\3080413431
[2014/08/04 21:41:47 | 000,001,264 | ---- | M] () -- C:\Users\Automation\Desktop\Revo Uninstaller.lnk
[2014/07/31 23:13:28 | 005,056,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/20 13:56:38 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
[2014/08/20 13:05:20 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2014/08/04 21:41:47 | 000,001,264 | ---- | C] () -- C:\Users\Automation\Desktop\Revo Uninstaller.lnk
[2014/07/31 18:29:20 | 049,308,698 | ---- | C] () -- C:\Users\Automation\AppData\Roaming\3080413431
[2014/07/30 06:49:45 | 000,000,031 | ---- | C] () -- C:\Users\Automation\AppData\Roaming\2939542234
[2014/07/30 06:49:19 | 000,000,004 | ---- | C] () -- C:\Users\Automation\AppData\Roaming\2679984789
[2014/07/30 06:49:11 | 000,000,004 | ---- | C] () -- C:\Users\Automation\AppData\Roaming\273020042
[2014/07/30 06:49:11 | 000,000,004 | ---- | C] () -- C:\Users\Automation\AppData\Roaming\1702612637
[2014/07/30 06:48:57 | 000,000,004 | ---- | C] () -- C:\Users\Automation\AppData\Roaming\2781556476
[2014/06/28 17:04:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/04/30 01:23:15 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll
[2014/04/30 01:23:15 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\WSCM32.dll
[2014/02/17 15:18:11 | 000,000,092 | ---- | C] () -- C:\Windows\brpcfx.ini
[2014/02/17 15:18:11 | 000,000,024 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2014/02/17 15:14:42 | 000,013,055 | ---- | C] () -- C:\Windows\BRRBCOM.INI
[2014/02/17 15:13:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2014/02/17 15:13:03 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014/02/17 15:13:02 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/08/11 22:51:46 | 000,003,584 | ---- | C] () -- C:\Users\Automation\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/10 18:11:14 | 000,291,760 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/10 18:11:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/03/18 06:51:31 | 000,007,620 | ---- | C] () -- C:\Users\Automation\AppData\Local\Resmon.ResmonCfg
[2013/01/30 20:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/09/28 11:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 23:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 23:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/04 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\3212715433
[2014/08/04 21:49:23 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\3919261435
[2014/07/30 06:49:11 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\512734097
[2014/02/01 21:50:59 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Atari
[2013/03/11 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Auslogics
[2013/08/16 00:49:59 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Autodesk
[2014/05/13 21:35:52 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Awesomium
[2014/03/16 15:44:23 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Battle.net
[2014/08/19 21:41:16 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\BitTorrent
[2014/02/17 19:49:14 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\ControlCenter4
[2013/04/24 17:15:16 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\DAEMON Tools Lite
[2014/05/04 18:08:58 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\DarkSoulsII
[2013/01/30 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\DassaultSystemes
[2014/07/30 06:49:16 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\e0345d
[2013/02/05 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\FamilyTreeMaker
[2013/08/02 04:57:57 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\IrfanView
[2012/08/12 03:57:01 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Kalypso Media
[2012/11/20 00:53:23 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\ManyCam
[2014/02/01 20:21:54 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Mount&Blade Warband
[2014/02/17 15:05:50 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Nuance
[2014/01/05 02:54:16 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\raidcall
[2014/04/30 06:23:59 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Sony Online Entertainment
[2013/09/12 23:30:04 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\The Creative Assembly
[2012/08/12 10:45:19 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Tropico 4
[2014/05/28 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Tropico 5
[2013/01/20 21:57:20 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Ubisoft
[2014/04/30 01:23:32 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\Wondershare Video Converter Ultimate
[2014/04/30 01:24:58 | 000,000,000 | ---D | M] -- C:\Users\Automation\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 

< End of report >

 

Kapersky found 5 infected files and removed them. Issue still persists. Uninstalled BitTorrent. File Processes are located in temp folders.

 

HALP!


  • 0

Advertisements

#2
Robutt
Posted 20 August 2014 - 01:36 PM

Robutt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

MOD - [2014/08/19 19:32:05 | 014,669,128 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/08/19 19:32:05 | 008,537,928 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\pdf.dll
MOD - [2014/08/19 19:32:05 | 001,732,936 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/08/19 19:32:05 | 000,718,152 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\libglesv2.dll
MOD - [2014/08/19 19:32:05 | 000,353,096 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/19 19:32:05 | 000,126,280 | ---- | M] () -- C:\Users\Automation\AppData\LocalLow\UtilityJawa\ToolHumble\36.0.1985.143\libegl.dll


^It's all that garbage. the UtilityJawa. I think it may be Idlecrawler.

I'm new to OTL, but I really like it so far. Very interested to learn how to use this.


  • 0

#3
23red
Posted 20 August 2014 - 08:01 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Robutt  :)

 

I'm 23red, and it'll be my pleasure to assist you with your malware issues.  I am currently reviewing your log.  In the meantime, I'd be grateful if you would note the following:

 

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens that makes you unsure, do not continue! Stop and ask!  It is not a problem.
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
 
•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

 

Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  As I am currently in training, I will be helping you under the supervision of our Expert Teachers.   As such, there will likely be a delay between posts.   I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy  ;)

 

•  Thank you for your understanding and I appreciate your patience.

 

Please allow some time to go through the logs you posted.  I'll post back as soon as possible. 

 

In the mean  time, when OTL is run for the first time, it creates two logs.  May you please locate and post for me the extras.txt?  It should be located same place as OTL C:\Users\Automation\Downloads.  While you're in there may you also please cut and paste the OTL program from there to the Desktop.  It works best from there ;)

 

Also, if you click on the Follow this topic button up at the top, you'll be notified of information posted here for you. 

 

Thank you!   :)


  • 0

#4
23red
Posted 23 August 2014 - 09:38 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Robutt :)
 
We'll move along, for now:
 
Please download MGADiag by Microsoft. 

 

Run the tool by double clicking on the MGADiagicon.jpg icon.

 

Press Continue when prompted

 

When it has finished, press Copy then Paste (Ctrl+V) this into your next post.

 

Then:

 

Download CKScanner by askey127

 

Save it to your Desktop.

 

Right click on the  CKScannericon.jpg   on your Desktop and choose Run as administrator to start the program.

 

Give permission if necessary, and click Search For Files.

 

After a very short time, when the cursor hourglass disappears, click Save List To File.

 

A message box will verify the file saved. Please run the program once only.

 

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

When you return, please post:

 

1.  MGADiag log
2.  CKFiles.txt log

 

Thank you :)


  • 0

#5
23red
Posted 26 August 2014 - 09:25 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi  Robutt  :)

  Are you still in need of assistance?


  • 0

#6
Dakeyras
Posted 28 August 2014 - 04:31 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,770 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP