Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Privatize VPN Removal


  • This topic is locked This topic is locked
16 replies to this topic

#1 Zeroground

Zeroground

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 17 December 2012 - 01:51 AM

I've recently downloaded Privatize VPN and, being very suspicious in nature, checked it out before trying to run it.
It seems that this paid off greatly.

Help would be greatly appreciated. Thanks ahead of time.

Here is the DDS file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Yapen at 22:44:23 on 2012-12-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.4824 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Users\Yapen\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\DDNi\AMD Core Line\CenterStage.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\Premium\ZoomEx\ZoomEx.exe
C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f
uSearch Bar = Preserve
mStart Page = hxxp://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mWinlogon: Userinit = userinit.exe
BHO: bflix Class: {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\BFlix\bflix.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121213204712.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
uRun: [googletalk] C:\Users\Yapen\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MarbleStation] C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [Exykna] C:\Users\Yapen\AppData\Roaming\Iltueq\bueb.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
StartupFolder: C:\Users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\686347.exe
StartupFolder: C:\Users\Yapen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vbc.exe
StartupFolder: C:\Users\Yapen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 64.59.144.19 64.59.150.135
TCP: Interfaces\{2DE1D4C5-02FD-4283-893E-40C82AE3F046} : DHCPNameServer = 64.59.144.19 64.59.150.135
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~2\zoomex\sprote~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121213204659.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Privitize VPN
FF - prefs.js: browser.startup.homepage - hxxp://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Yapen\AppData\Local\Roblox\Versions\version-3ebe0cca16b6421c\NPRobloxProxy.dll
FF - plugin: C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
FF - ExtSQL: 2012-12-16 22:36; 50cebd794be5d@50cebd794be97.com; C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\50cebd794be5d@50cebd794be97.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-8-14 8704]
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-15 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-15 40064]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-2-10 771096]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-2-10 339776]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\System32\drivers\sfdrv01a.sys [2009-2-3 77432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2011-8-25 109056]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2465712]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-2-10 241016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-2-10 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-3-13 177680]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-1-5 46592]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-25 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-13 96896]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-2-10 69672]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-2-10 309400]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-2-10 515528]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-26 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-26 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-25 333928]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-8-25 1301504]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-1 196440]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-2-10 225216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-2-10 106112]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-24 1255736]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
.
=============== Created Last 30 ================
.
2012-12-17 06:21:20 -------- d-----w- C:\Program Files (x86)\PrivitizeVPN
2012-12-17 06:21:18 -------- d-----w- C:\ProgramData\%Installer_PublisherName%
2012-12-17 06:20:35 -------- d-----w- C:\Program Files (x86)\ZoomEx
2012-12-17 06:19:41 -------- d-----w- C:\ProgramData\Zoomex
2012-12-15 00:09:14 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5681BFCB-CF54-403F-A543-1C2FACAE81D9}\offreg.dll
2012-12-14 23:46:33 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5681BFCB-CF54-403F-A543-1C2FACAE81D9}\mpengine.dll
2012-12-12 04:00:09 16363960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-12-12 00:46:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 00:46:44 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 00:46:29 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-12 00:46:25 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-12 00:46:24 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-12 00:46:24 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-12 00:46:24 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 00:38:00 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-11-30 01:34:48 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-29 06:05:01 -------- d-----w- C:\Users\Yapen\AppData\Roaming\UDP Software
2012-11-29 05:59:14 -------- d-----w- C:\Users\Yapen\AppData\Roaming\DwarfTherapist-0.6.12
2012-11-29 05:59:00 -------- d-----w- C:\Users\Yapen\AppData\Roaming\DwarfFortress
2012-11-21 02:42:27 -------- d-----w- C:\Users\Yapen\AppData\Local\SCE
2012-11-21 02:42:27 -------- d-----w- C:\Crash
2012-11-21 02:42:24 -------- d-----w- C:\Users\Yapen\AppData\Local\Sony Online Entertainment
.
==================== Find3M ====================
.
2012-12-12 04:00:56 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 04:00:56 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-24 07:43:28 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-11-24 07:43:28 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-11-17 21:43:26 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-11-15 02:41:32 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 14:40:24 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-11-09 14:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-11-09 14:37:30 177680 ----a-w- C:\Windows\System32\mfevtps.exe
2012-11-09 14:36:40 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-11-09 14:36:30 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-11-09 14:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-11-09 14:34:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-11-09 14:34:18 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-11-09 14:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-28 23:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe
2012-09-28 23:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-09-28 23:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-09-28 23:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-09-28 23:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-09-28 23:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-09-28 23:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll
2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll
2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll
2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe
2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll
2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll
2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
.
============= FINISH: 22:45:18.79 ===============

Attached Files


Edited by Zeroground, 17 December 2012 - 01:51 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 17 December 2012 - 02:17 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Zeroground

Zeroground
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 17 December 2012 - 09:43 PM

Checkup:

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 6 Update 29
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

Adware Cleaner:

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 18:29:41
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Yapen - YAPEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Yapen\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Users\Yapen\AppData\Local\Conduit
Folder Deleted : C:\Users\Yapen\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Yapen\AppData\Local\Temp\CT3072253
Folder Deleted : C:\Users\Yapen\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Yapen\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Yapen\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\ConduitCommon
Folder Deleted : C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\CT3072253
Folder Deleted : C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\toolbar@ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA8A705B-E995-480C-8C98-DB1232E48450}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F71167CF-FFDD-4468-BE3E-471C201BE129}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\prefs.js

C:\Users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Mon Aug 13 2012 09:37:18 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129572937280362976", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "18-12-2012");
Deleted : user_pref("CT3072253.DSChangedManually", true);
Deleted : user_pref("CT3072253.DSInstall", true);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sun Dec 16 2012 22:19:00 GMT-0800 (Pacific Standa[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "22-10-2011");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", false);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://allurmage.myfreeboard.net/");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT3072253.InstalledDate", "Sat Oct 22 2011 10:41:15 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.IsProtectorsInit", true);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Sun Dec 16 2012 22:19:00 GMT-0800 (Pacific Standar[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.10.0.1", "Tue Apr 17 2012 22:18:37 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.7", "Tue Apr 24 2012 21:36:18 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Tue May 29 2012 21:30:27 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 22:16:43 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Mon Aug 27 2012 22:16:35 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Mon Dec 10 2012 21:38:20 GMT-0800 (Pacific Standard Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.16.0.3", "Mon Dec 17 2012 17:17:03 GMT-0800 (Pacific Standard Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.7.0.6", "Tue Nov 08 2011 22:19:38 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT3072253.LastLogin_3.8.0.8", "Tue Dec 06 2011 22:21:52 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT3072253.LastLogin_3.8.1.0", "Wed Jan 11 2012 18:44:28 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT3072253.LastLogin_3.9.0.3", "Thu Mar 08 2012 21:35:21 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.7.0.6");
Deleted : user_pref("CT3072253.RadioShrinked", "shrinked");
Deleted : user_pref("CT3072253.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT3072253.SavedHomepage", "hxxp://allurmage.myfreeboard.net/");
Deleted : user_pref("CT3072253.SearchBoxWidth", 180);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sun Dec 16 2012 22:19:00 GMT-0800 (Pacific Stand[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT3072253.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Sun Dec 16 2012 22:19:00 GMT-0800 (Pacific Standard [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Mon Dec 17 2012 17:17:03 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1354706882");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sat Dec 08 2012 11:20:48 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN61876911117921611");
Deleted : user_pref("CT3072253.ValidationData_Search", 2);
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "536174204F637420323220323031312031303A34313A31372[...]
Deleted : user_pref("CT3072253.backendstorage.url_history", "687474703A2F2F7777772E6D696E65637261667477696B692[...]
Deleted : user_pref("CT3072253.backendstorage.url_history_time", "31333139333035383830373335");
Deleted : user_pref("CT3072253.backendstorage.youtubelang", "5553");
Deleted : user_pref("CT3072253.components.129572937280362976", false);
Deleted : user_pref("CT3072253.components.129573915102477663", false);
Deleted : user_pref("CT3072253.components.129593762370823811", false);
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sat Dec 08 2012 17:20:08 GMT-0800 (Pacific [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
Deleted : user_pref("CT3072253.isFirstRadioInstallation", false);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sun Dec 16 2012 22:19:00 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Dec 03 2012 20:59:56 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3072253&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/CA", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3072253&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9aa[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Yapen\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v3.1.0/gadget.html", [...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "df266d92-57fc-498e-9ce0-7490e52377b4");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Dec 14 2012 17:51:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Dec 16 2012 22:19:09 GMT-080[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Dec 16 2012 22:19:01 GMT-0800 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "d236c82c-8720-4314-b5fb-fbaac4216f55");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://allurmage.myfreeboard.net/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://allurmage.myfreeboard.net/");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Yapen\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [25194 octets] - [17/12/2012 18:29:41]

########## EOF - C:\AdwCleaner[S1].txt - [25255 octets] ##########

RougeKiller:

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Yapen [Admin rights]
Mode : Remove -- Date : 12/17/2012 18:40:01

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Exykna (C:\Users\Yapen\AppData\Roaming\Iltueq\bueb.exe) -> DELETED
[TASK][SUSP PATH] ZoomExUpdaterTask{83576B7E-BB9F-4AA5-BE0F-FD9BDCA95E46}.job : C:\ProgramData\Premium\ZoomEx\ZoomEx.exe /schedule /profile "C:\ProgramData\Premium\ZoomEx\profile.ini" -> DELETED
[TASK][SUSP PATH] {E2999B68-09C1-4698-8353-8528312A7B4E} : C:\Users\Yapen\AppData\Roaming\Iltueq\bueb.exe -> DELETED
[TASK][SUSP PATH] RunDAOD : C:\Windows\DAODx.exe -> DELETED
[STARTUP][ROGUE ST] 686347.exe @Yapen : C:\Users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\686347.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10 02FAEX-00Y9A0 SATA Disk Device +++++
--- User ---
[MBR] d811edbafb4a2acbe3a66d4e4506d3f1
[BSP] 0cbf8c93454c129880efb7bb73b7a21c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12172012_02d1840.txt >>
RKreport[1]_S_12172012_02d1837.txt ; RKreport[2]_D_12172012_02d1840.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 18 December 2012 - 12:41 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Zeroground

Zeroground
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 18 December 2012 - 08:13 PM

It doesn't appeared to have any problems running, though I have this suspicion that the Privatize VPN may still be on my computer.

This is due to the fact that, upon reboot, "OOO Industries" still wants me to authorize its actions on my computer. I'm not sure if it's a harmless threat now but I would not like to take any risks at all with this.

Thanks,

Zero

ComboFix Log:

ComboFix 12-12-17.02 - Yapen 12/18/2012 16:45:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5645 [GMT -8:00]
Running from: c:\users\Yapen\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\BFlix\BFLIx.dll
c:\users\Yapen\AppData\Local\Temp\detectlib3068.dll
c:\users\Yapen\AppData\Roaming\686347.exe
c:\users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vbc.exe
c:\users\Yapen\AppData\Roaming\taskmgr.exe
c:\users\Yapen\AppData\Roaming\windefender
c:\windows\avg_avwt_stf_us_90_851a3009_ddni.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-19 to 2012-12-19 )))))))))))))))))))))))))))))))
.
.
2012-12-19 00:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{978A6959-4D86-4D70-8039-92A4D8D65E62}\mpengine.dll
2012-12-17 06:21 . 2012-12-17 06:21 -------- d-----w- c:\program files (x86)\PrivitizeVPN
2012-12-17 06:21 . 2012-12-17 06:21 -------- d-----w- c:\programdata\%Installer_PublisherName%
2012-12-17 06:20 . 2012-12-17 06:20 -------- d-----w- c:\program files (x86)\ZoomEx
2012-12-17 06:19 . 2012-12-17 06:19 -------- d-----w- c:\programdata\Zoomex
2012-12-17 04:30 . 2012-12-18 01:28 -------- d-----w- c:\users\Yapen\AppData\Roaming\vlc
2012-12-12 04:00 . 2012-12-12 04:00 16363960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-12-12 00:46 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 00:46 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 00:46 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 00:46 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 00:46 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 00:46 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 00:46 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-12 00:38 . 2012-12-12 00:38 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-30 01:34 . 2012-09-25 07:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-29 06:05 . 2012-11-29 06:05 -------- d-----w- c:\users\Yapen\AppData\Roaming\UDP Software
2012-11-29 05:59 . 2012-11-29 06:05 -------- d-----w- c:\users\Yapen\AppData\Roaming\DwarfTherapist-0.6.12
2012-11-29 05:59 . 2012-12-01 04:39 -------- d-----w- c:\users\Yapen\AppData\Roaming\DwarfFortress
2012-11-21 02:49 . 2012-11-21 02:49 -------- d-----w- c:\users\Public\Sony Online Entertainment
2012-11-21 02:42 . 2012-11-21 02:42 -------- d-----w- c:\users\Yapen\AppData\Local\SCE
2012-11-21 02:42 . 2012-11-21 02:42 -------- d-----w- C:\Crash
2012-11-21 02:42 . 2012-11-21 02:42 -------- d-----w- c:\users\Yapen\AppData\Local\Sony Online Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 06:39 . 2011-08-25 00:41 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 04:00 . 2012-04-08 16:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 04:00 . 2011-08-27 06:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-24 07:43 . 2011-10-08 19:46 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-24 07:43 . 2011-10-08 19:40 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-17 21:43 . 2011-10-08 19:40 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-15 02:41 . 2011-10-08 19:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-09 14:40 . 2012-02-11 03:10 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 14:37 . 2012-02-11 03:10 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 14:37 . 2011-03-13 15:45 177680 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 14:36 . 2012-02-11 03:10 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 14:36 . 2012-02-11 03:10 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 14:35 . 2012-02-11 03:10 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 14:34 . 2012-02-11 03:10 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 14:34 . 2012-02-11 03:10 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 14:33 . 2012-02-11 03:10 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-16 08:38 . 2012-11-28 03:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 03:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 03:28 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 01:46 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 01:46 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 01:46 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 01:46 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 00:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 01:46 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 01:46 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 01:46 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 01:46 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 01:46 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 01:46 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 01:46 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 01:46 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 01:46 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 01:46 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 01:46 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-28 23:37 . 2012-09-28 23:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 23:36 . 2012-09-28 23:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 23:36 . 2012-09-28 23:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 23:36 . 2012-09-28 23:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 23:36 . 2012-09-28 23:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 23:36 . 2012-09-28 23:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 23:32 . 2012-09-28 23:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2011-07-28 21:09 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2011-07-28 21:40 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2011-04-20 09:07 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-07-28 01:41 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-07-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2011-04-20 08:49 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2011-07-28 21:03 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-07-28 01:15 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2011-04-20 08:21 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-07-28 01:13 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2011-07-28 20:53 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-25 22:47 . 2012-11-15 01:46 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 01:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 16:23 . 2012-05-08 01:07 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-24 16:23 . 2011-08-27 04:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Comrade.exe"="c:\program files (x86)\GameSpy\Comrade\Comrade.exe" [2007-05-27 36864]
"googletalk"="c:\users\Yapen\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"MarbleStation"="c:\netmarbleglobal\MarbleStation\GlbMSLauncher.exe" [2011-12-07 1004152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-16 9936512]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-17 5309056]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-29 642728]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-11 2254768]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2012-09-10 196784]
.
c:\users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2012-5-2 3553176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\ZoomEx\sprotector.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1255736]
R3 X6va005;X6va005;c:\users\Yapen\AppData\Local\Temp\0059A09.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R3 xspirit;xspirit;c:\windows\xspirit.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 77432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2465712]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-01-05 46592]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-20 3048136]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 04:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f
mStart Page = hxxp://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2012-12-16 22:36; 50cebd794be5d@50cebd794be97.com; c:\users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\50cebd794be5d@50cebd794be97.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - c:\program files (x86)\BFlix\BFlix.dll
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1 - c:\games\World_of_Warplanes\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Yapen\AppData\Local\Temp\0059A09.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}"=hex:51,66,7a,6c,4c,1d,38,12,17,42,8c,
08,d0,22,04,09,dc,f3,24,bf,30,cc,e5,3a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,38,12,49,4c,04,
a2,cd,51,b8,a4,d6,29,f9,08,a8,03,90,5c
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:56,b3,69,62,98,54,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,25,f4,3e,2c,0e,e1,4c,97,9e,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,25,f4,3e,2c,0e,e1,4c,97,9e,a8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\p*û*& ]
@="WordPad Document"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\p*û*& \Insertable]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\p*û*& \MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\p*û*& \Verb\0]
@="&Edit,0,2"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\p*û*& \Verb\1]
@="&Open,0,2"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\DDNi\AMD Core Line\CenterStage.exe
.
**************************************************************************
.
Completion time: 2012-12-18 17:05:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-19 01:05
.
Pre-Run: 684,513,050,624 bytes free
Post-Run: 696,875,859,968 bytes free
.
- - End Of File - - 71A0BCFF0A89EBF2D0526E91954D52E1

Edited by Zeroground, 18 December 2012 - 08:18 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 18 December 2012 - 08:33 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Zeroground

Zeroground
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 18 December 2012 - 09:14 PM

OTL.txt:

OTL logfile created on: 12/18/2012 5:47:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yapen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 72.86% Memory free
15.99 Gb Paging File | 12.75 Gb Available in Paging File | 79.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 648.77 Gb Free Space | 69.65% Space Free | Partition Type: NTFS

Computer Name: YAPEN-PC | User Name: Yapen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Yapen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\DDNi\AMD Core Line\CenterStage.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
PRC - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\sdl.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d8e39b3f96f52e48499e35d9977e62dc\System.Data.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\526e535175775d4c3880f59d6a1463b7\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\67f6dc95800c3590a2989b287abcf97b\System.AddIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\c1ad69b7f48a6dcd540fe5d07d4a4aa3\System.AddIn.Contract.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fecb0ca59057e9d190318551d40feb22\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - c:\Program Files (x86)\ZoomEx\sprotector.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Program Files\ASUS\TurboV EVO\flashobj.dll ()
MOD - C:\Program Files\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsusService.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAWFwk) -- c:\Program Files\McAfee\MSC\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (xsherlock) -- C:\Windows\SysWOW64\xsherlock.xem (Wellbia.com Co., Ltd.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (sfsync04) -- C:\Windows\SysNative\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (sfdrv01a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV:64bit: - (sfvfs02) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV:64bit: - (sfhlp02) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2E596551-A235-405E-A245-83C7B7961959}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f
IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 54 33 E9 C5 62 CC 01 [binary data]
IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f&q={searchTerms}
IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..\SearchScopes\{4261DF97-CFE7-4d96-870A-7C7E8C37E32B}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..\SearchScopes\{54647980-19C9-4e5f-A49B-3705A1CF7C85}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..\SearchScopes\{BF888C3A-FCAF-455B-A284-9B93B62FBB3E}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..\SearchScopes\{E39CEB37-FDB4-495c-A8FC-31E0A954B5FF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.66.2
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.4
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Yapen\AppData\Local\Roblox\Versions\version-3ebe0cca16b6421c\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/09/01 09:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/12/18 17:15:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 22:03:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 22:03:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/26 20:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yapen\AppData\Roaming\mozilla\Extensions
[2012/12/17 18:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yapen\AppData\Roaming\mozilla\Firefox\Profiles\ubsk9yhm.default\extensions
[2012/12/12 18:36:53 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Yapen\AppData\Roaming\mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/12/16 22:19:48 | 000,000,000 | ---D | M] (Zoomex) -- C:\Users\Yapen\AppData\Roaming\mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\50cebd794be5d@50cebd794be97.com
[2011/10/08 11:28:03 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Yapen\AppData\Roaming\mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\battlefieldplay4free@ea.com
[2012/01/13 19:02:27 | 000,000,000 | ---D | M] (Bflix extension) -- C:\Users\Yapen\AppData\Roaming\mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\info@thebflix.com
[2012/03/28 14:25:15 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Yapen\AppData\Roaming\mozilla\firefox\profiles\ubsk9yhm.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012/12/16 22:18:52 | 000,002,090 | ---- | M] () -- C:\Users\Yapen\AppData\Roaming\mozilla\firefox\profiles\ubsk9yhm.default\searchplugins\Searchab.xml
[2012/12/05 22:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 22:03:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/01 09:35:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/12/05 22:03:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/09 16:13:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/18 17:13:08 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/10/12 14:15:23 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/12/18 17:01:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121218171531.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (bflix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\BFlix\BFlix.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121218171531.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000..\Run: [googletalk] C:\Users\Yapen\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000..\Run: [MarbleStation] C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe (CJ E&M)
O4 - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DE1D4C5-02FD-4283-893E-40C82AE3F046}: DhcpNameServer = 64.59.144.19 64.59.150.135
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\PROGRA~2\ZoomEx\sprotector.dll) - c:\Program Files (x86)\ZoomEx\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/18 17:42:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Yapen\Desktop\OTL.exe
[2012/12/18 17:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/12/18 17:01:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/12/18 16:59:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/18 16:43:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/18 16:43:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/18 16:43:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/18 16:43:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/18 16:43:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/17 22:08:50 | 005,012,571 | R--- | C] (Swearware) -- C:\Users\Yapen\Desktop\ComboFix.exe
[2012/12/17 18:36:06 | 000,000,000 | ---D | C] -- C:\Users\Yapen\Desktop\RK_Quarantine
[2012/12/16 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN
[2012/12/16 22:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivitizeVPN
[2012/12/16 22:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\%Installer_PublisherName%
[2012/12/16 22:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoomEx
[2012/12/16 22:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoomex
[2012/12/16 22:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoomex
[2012/12/16 20:30:40 | 000,000,000 | ---D | C] -- C:\Users\Yapen\AppData\Roaming\vlc
[2012/12/16 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/12/11 22:38:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/11 22:38:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/11 22:38:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/11 22:38:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/11 22:38:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/11 22:38:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/11 22:38:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/11 22:38:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/11 22:38:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/11 22:38:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/11 22:38:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/11 22:38:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/11 22:38:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/11 22:38:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/11 22:38:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/11 20:00:09 | 016,363,960 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/12/11 16:46:25 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/11 16:46:24 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/11 16:46:24 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/11 16:46:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/11 16:45:53 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/11 16:45:52 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/11 16:45:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/11 16:45:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/11 16:45:51 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/11 16:45:51 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/11 16:45:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/11 16:45:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/11 16:45:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/11 16:45:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/11 16:45:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/11 16:45:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 16:45:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 16:45:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 16:45:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/11 16:45:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 16:45:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 16:45:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 16:45:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 16:45:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 16:45:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 16:45:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 16:45:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 16:45:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 16:45:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 16:45:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 16:45:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 16:45:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 16:45:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 16:45:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 16:45:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 16:45:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 16:45:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 16:45:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 16:45:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 16:45:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 16:45:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 16:45:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 16:45:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 16:45:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 16:45:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 16:45:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 16:45:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 16:45:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 16:45:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 16:45:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 16:45:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 16:45:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 16:45:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 16:45:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 16:45:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 16:45:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 16:45:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 16:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 16:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 16:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 16:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 16:45:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/11 16:45:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/11 16:45:20 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/11 16:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/12/11 16:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/12/11 16:37:57 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/12/07 22:35:34 | 000,000,000 | ---D | C] -- C:\Users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Salem
[2012/12/05 22:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/29 17:34:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/29 17:34:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/29 17:34:48 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/28 22:05:01 | 000,000,000 | ---D | C] -- C:\Users\Yapen\AppData\Roaming\UDP Software
[2012/11/28 21:59:14 | 000,000,000 | ---D | C] -- C:\Users\Yapen\AppData\Roaming\DwarfTherapist-0.6.12
[2012/11/28 21:59:00 | 000,000,000 | ---D | C] -- C:\Users\Yapen\AppData\Roaming\DwarfFortress
[2012/11/28 17:35:30 | 000,000,000 | ---D | C] -- C:\Users\Yapen\Documents\OneNote Notebooks
[2012/11/20 18:42:27 | 000,000,000 | ---D | C] -- C:\Users\Yapen\AppData\Local\SCE
[2012/11/20 18:42:27 | 000,000,000 | ---D | C] -- C:\Crash
[2012/11/20 18:42:24 | 000,000,000 | ---D | C] -- C:\Users\Yapen\AppData\Local\Sony Online Entertainment
[2012/06/21 08:01:04 | 845,946,207 | ---- | C] (gPotato) -- C:\Users\Yapen\AppData\Roaming\AikaOnlineSetup_20120525.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/18 17:42:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yapen\Desktop\OTL.exe
[2012/12/18 17:21:34 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012/12/18 17:18:03 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/18 17:18:03 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/18 17:10:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/18 17:10:15 | 2146,037,759 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/18 17:01:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/18 17:00:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/17 22:09:20 | 005,012,571 | R--- | M] (Swearware) -- C:\Users\Yapen\Desktop\ComboFix.exe
[2012/12/17 19:33:20 | 000,793,214 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/17 19:33:20 | 000,669,422 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/17 19:33:20 | 000,125,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/17 17:29:40 | 000,755,712 | ---- | M] () -- C:\Users\Yapen\Desktop\RogueKiller.exe
[2012/12/17 17:23:18 | 000,547,175 | ---- | M] () -- C:\Users\Yapen\Desktop\adwcleaner.exe
[2012/12/17 17:18:28 | 000,856,731 | ---- | M] () -- C:\Users\Yapen\Desktop\SecurityCheck.exe
[2012/12/16 20:30:11 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/12/12 18:28:22 | 000,311,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/11 20:00:56 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/11 20:00:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/11 20:00:09 | 016,363,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/12/11 16:38:03 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/12/07 22:35:34 | 000,002,404 | ---- | M] () -- C:\Users\Yapen\Desktop\Salem.lnk
[2012/11/28 17:35:30 | 000,001,310 | ---- | M] () -- C:\Users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/11/23 23:43:28 | 000,281,120 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/11/23 23:43:28 | 000,281,120 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/18 16:43:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/18 16:43:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/18 16:43:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/18 16:43:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/18 16:43:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/17 17:29:13 | 000,755,712 | ---- | C] () -- C:\Users\Yapen\Desktop\RogueKiller.exe
[2012/12/17 17:23:08 | 000,547,175 | ---- | C] () -- C:\Users\Yapen\Desktop\adwcleaner.exe
[2012/12/17 17:17:58 | 000,856,731 | ---- | C] () -- C:\Users\Yapen\Desktop\SecurityCheck.exe
[2012/12/16 20:30:11 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/12/07 22:35:34 | 000,002,404 | ---- | C] () -- C:\Users\Yapen\Desktop\Salem.lnk
[2012/11/28 17:35:30 | 000,001,310 | ---- | C] () -- C:\Users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/08/31 10:05:05 | 000,018,464 | ---- | C] () -- C:\Users\Yapen\AppData\Roaming\UserTile.png
[2012/07/04 22:16:05 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/05/02 18:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 18:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 18:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/12 21:19:25 | 000,000,108 | ---- | C] () -- C:\Windows\MrSetup.ini
[2011/11/05 18:30:51 | 000,038,215 | ---- | C] () -- C:\Windows\scunin.dat
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/22 09:40:10 | 000,000,093 | ---- | C] () -- C:\Users\Yapen\AppData\Local\fusioncache.dat
[2011/10/21 21:19:39 | 000,809,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/08 11:40:29 | 000,281,120 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/08 11:40:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/12 14:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/27 10:42:42 | 000,000,120 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/26 20:09:03 | 000,017,408 | ---- | C] () -- C:\Users\Yapen\AppData\Local\WebpageIcons.db
[2011/08/25 07:32:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/25 07:20:28 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/08/25 07:20:28 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/25 07:20:25 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/25 07:20:25 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/08/25 07:16:55 | 000,041,315 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/08/25 07:16:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/08/25 07:15:58 | 000,029,196 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 18 December 2012 - 10:09 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
    O2 - BHO: (bflix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\BFlix\BFlix.dll File not found
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f
    IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f
    IE - HKU\S-1-5-21-1989966993-3416411342-2733953733-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=79e8b9ed-4811-11e2-a4e8-f46d041e664f&q={searchTerms}
    FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
    FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
    FF - prefs.js..browser.search.defaultenginename,S: S", ""
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.order.1: "Privitize VPN"
    FF - prefs.js..browser.search.order.1,S: S", ""
    FF - prefs.js..browser.search.selectedEngine,S: S", ""
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
    FF - prefs.js..keyword.URL: ""
    O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
    [2012/12/16 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN
    [2012/12/16 22:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivitizeVPN
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Zeroground

Zeroground
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 19 December 2012 - 01:19 AM

Hello,

There was no report after rebooting. Is it saved to a specific file? Or is it the desktop.ini on my desktop?

Thanks,

Zero

EDIT: It does seem that Privatize VPN is gone for good (Though it still shows up under my search bar). Do you still require the report?

Edited by Zeroground, 19 December 2012 - 06:24 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 20 December 2012 - 01:56 PM

Greetings Zeroground

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Zeroground

Zeroground
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 21 December 2012 - 07:31 PM

Doesn't look like there were any issues while running...
The computer runs as it was but I'm sleeping a lot better knowing it isn't on my computer anymore.
If there are any more problems, please respond.

Thanks,
Zero.

ComboFix Log:

ComboFix 12-12-17.02 - Yapen 12/21/2012 16:14:32.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5680 [GMT -8:00]
Running from: c:\users\Yapen\Desktop\ComboFix.exe
Command switches used :: c:\users\Yapen\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-11-22 to 2012-12-22 )))))))))))))))))))))))))))))))
.
.
2012-12-22 00:23 . 2012-12-22 00:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 00:13 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FC8C55D-4B2B-474E-A3AA-522E114F195E}\mpengine.dll
2012-12-21 07:06 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 07:06 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 07:06 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 07:06 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-19 06:10 . 2012-12-19 06:10 -------- d-----w- C:\_OTL
2012-12-19 04:09 . 2012-12-19 04:09 -------- d-----w- c:\users\Yapen\VLab
2012-12-19 02:18 . 2012-12-19 02:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-17 06:21 . 2012-12-17 06:21 -------- d-----w- c:\programdata\%Installer_PublisherName%
2012-12-17 06:20 . 2012-12-17 06:20 -------- d-----w- c:\program files (x86)\ZoomEx
2012-12-17 06:19 . 2012-12-17 06:19 -------- d-----w- c:\programdata\Zoomex
2012-12-17 04:30 . 2012-12-18 01:28 -------- d-----w- c:\users\Yapen\AppData\Roaming\vlc
2012-12-12 04:00 . 2012-12-12 04:00 16363960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-12-12 00:46 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 00:46 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 00:46 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 00:38 . 2012-12-12 00:38 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-30 01:34 . 2012-09-25 07:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-29 06:05 . 2012-11-29 06:05 -------- d-----w- c:\users\Yapen\AppData\Roaming\UDP Software
2012-11-29 05:59 . 2012-11-29 06:05 -------- d-----w- c:\users\Yapen\AppData\Roaming\DwarfTherapist-0.6.12
2012-11-29 05:59 . 2012-12-01 04:39 -------- d-----w- c:\users\Yapen\AppData\Roaming\DwarfFortress
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 06:39 . 2011-08-25 00:41 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 04:00 . 2012-04-08 16:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 04:00 . 2011-08-27 06:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-24 07:43 . 2011-10-08 19:46 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-24 07:43 . 2011-10-08 19:40 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-17 21:43 . 2011-10-08 19:40 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-15 02:41 . 2011-10-08 19:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-09 14:40 . 2012-02-11 03:10 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 14:37 . 2012-02-11 03:10 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 14:37 . 2011-03-13 15:45 177680 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 14:36 . 2012-02-11 03:10 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 14:36 . 2012-02-11 03:10 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 14:35 . 2012-02-11 03:10 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 14:34 . 2012-02-11 03:10 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 14:34 . 2012-02-11 03:10 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 14:33 . 2012-02-11 03:10 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-16 08:38 . 2012-11-28 03:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 03:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 03:28 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 01:46 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 01:46 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 01:46 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 01:46 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 00:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 01:46 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 01:46 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 01:46 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 01:46 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 01:46 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 01:46 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 01:46 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 01:46 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 01:46 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 01:46 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 01:46 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-28 23:37 . 2012-09-28 23:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 23:36 . 2012-09-28 23:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 23:36 . 2012-09-28 23:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 23:36 . 2012-09-28 23:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 23:36 . 2012-09-28 23:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 23:36 . 2012-09-28 23:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 23:32 . 2012-09-28 23:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2011-07-28 21:09 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2011-07-28 21:40 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2011-04-20 09:07 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-07-28 01:41 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-07-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2011-04-20 08:49 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2011-07-28 21:03 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-07-28 01:15 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2011-04-20 08:21 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-07-28 01:13 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2011-07-28 20:53 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-25 22:47 . 2012-11-15 01:46 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 01:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 16:23 . 2012-05-08 01:07 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-24 16:23 . 2011-08-27 04:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Comrade.exe"="c:\program files (x86)\GameSpy\Comrade\Comrade.exe" [2007-05-27 36864]
"googletalk"="c:\users\Yapen\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MarbleStation"="c:\netmarbleglobal\MarbleStation\GlbMSLauncher.exe" [2011-12-07 1004152]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-16 9936512]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-17 5309056]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-29 642728]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-11 2254768]
.
c:\users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2012-5-2 3553176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\ZoomEx\sprotector.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-20 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1255736]
R3 X6va005;X6va005;c:\users\Yapen\AppData\Local\Temp\0059A09.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R3 xspirit;xspirit;c:\windows\xspirit.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 77432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2465712]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-01-05 46592]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 04:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://allurmage.myfreeboard.net/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - ExtSQL: 2012-12-16 22:36; 50cebd794be5d@50cebd794be97.com; c:\users\Yapen\AppData\Roaming\Mozilla\Firefox\Profiles\ubsk9yhm.default\extensions\50cebd794be5d@50cebd794be97.com
FF - ExtSQL: 2012-12-18 17:15; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files (x86)\Common Files\McAfee\SystemCore
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PrivitizeVPN - c:\program files (x86)\PrivitizeVPN\uninstall.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1 - c:\games\World_of_Warplanes\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Yapen\AppData\Local\Temp\0059A09.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}"=hex:51,66,7a,6c,4c,1d,38,12,17,42,8c,
08,d0,22,04,09,dc,f3,24,bf,30,cc,e5,3a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,38,12,49,4c,04,
a2,cd,51,b8,a4,d6,29,f9,08,a8,03,90,5c
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:56,b3,69,62,98,54,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,25,f4,3e,2c,0e,e1,4c,97,9e,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,25,f4,3e,2c,0e,e1,4c,97,9e,a8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\p*ű*& ]
@="WordPad Document"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\p*ű*& \Insertable]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\p*ű*& \MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\p*ű*& \Verb\0]
@="&Edit,0,2"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\p*ű*& \Verb\1]
@="&Open,0,2"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-21 16:25:41
ComboFix-quarantined-files.txt 2012-12-22 00:25
ComboFix2.txt 2012-12-19 01:05
.
Pre-Run: 703,714,729,984 bytes free
Post-Run: 703,355,072,512 bytes free
.
- - End Of File - - F62140ABF3F4955DAD7F7391CDFA271D

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 21 December 2012 - 08:06 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Ask Toolbar
Ask Toolbar Updater
BFlix
DealPly
Java 7 Update 9
Java™ 6 Update 29
Java™ 7 Update 3 (64-bit)
JavaFX 2.1.1
McAfee Security Scan Plus
PrivitizeVPN
uTorrentControl2 Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Zeroground

Zeroground
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 22 December 2012 - 03:26 PM

When operating Revo Uninstaller, I noticed that the UTorrent toolbar and the Ask Toolbar and Updater were not there.
There may be a corrupt file in Java.
CCleaner operated rather smoothly, as with MBAM
HijackThis had problems operating with the "Host Files". I could not find the Trend Micro folder in either program files.

Log for MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yapen :: YAPEN-PC [administrator]

12/22/2012 12:01:47 PM
mbam-log-2012-12-22 (12-01-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211436
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Yapen\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 198
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-03-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-04-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-05-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-06-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-07-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-08-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-09-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-10-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-11-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-12-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-13-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-14-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-15-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-16-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-17-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-18-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-19-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-20-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-21-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-22-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-23-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-24-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-25-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-26-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-27-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-28-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-29-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-06-30-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-01-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-02-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-03-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-04-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-05-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-06-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-07-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-08-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-09-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-10-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-11-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-12-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-13-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-14-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-15-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-16-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-17-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-18-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-19-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-20-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-21-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-22-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-23-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-24-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-25-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-26-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-27-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-28-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-29-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-30-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-07-31-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-01-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-02-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-03-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-04-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-05-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-06-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-07-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-08-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-09-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-10-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-11-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-12-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-13-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-14-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-15-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-16-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-17-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-18-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-19-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-20-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-21-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-22-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-23-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-24-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-25-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-26-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-27-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-28-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-29-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-30-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-08-31-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-01-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-02-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-03-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-04-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-05-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-06-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-07-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-08-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-09-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-10-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-11-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-12-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-13-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-14-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-15-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-16-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-17-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-18-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-19-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-20-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-21-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-22-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-23-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-24-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-25-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-26-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-27-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-28-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-29-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-09-30-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-01-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-02-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-03-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-04-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-05-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-06-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-07-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-08-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-09-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-10-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-11-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-12-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-13-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-14-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-15-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-16-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-17-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-18-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-19-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-20-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-21-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-22-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-23-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-24-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-25-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-26-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-27-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-28-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-29-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-30-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-10-31-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-01-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-02-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-03-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-04-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-05-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-06-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-07-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-08-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-09-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-10-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-11-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-12-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-13-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-14-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-15-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-16-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-17-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-18-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-19-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-20-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-21-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-22-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-23-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-24-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-25-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-26-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-27-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-28-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-29-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-11-30-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-01-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-02-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-03-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-04-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-05-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-06-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-07-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-08-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-09-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-10-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-11-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-12-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-13-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-14-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-15-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-16-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Yapen\AppData\Roaming\dclogs\2012-12-17-2.dc (Stolen.Data) -> Quarantined and deleted successfully.

(end)


Log for HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:09:49 PM, on 12/22/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
C:\Users\Yapen\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DDNi\AMD Core Line\CenterStage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Yapen\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121218171531.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Yapen\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MarbleStation] C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O20 - AppInit_DLLs: c:\PROGRA~2\ZoomEx\sprotector.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

--
End of file - 12641 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 22 December 2012 - 10:16 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
      O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
      O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
      O4 - HKCU\..\Run: [googletalk] C:\Users\Yapen\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
      O4 - HKCU\..\Run: [MarbleStation] C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Zeroground

Zeroground
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 24 December 2012 - 04:16 PM

Some items were found:

C:\Program Files (x86)\ZoomEx\sprotector.dll Win32/SProtector.A application
C:\ProgramData\Zoomex\settings.ini Win32/Adware.MultiPlug.F application
C:\Qoobox\Quarantine\C\Users\Yapen\AppData\Roaming\686347.exe.vir a variant of MSIL/Injector.ADP trojan
C:\System Volume Information\SystemRestore\FRStaging\Users\Yapen\AppData\Roaming\686347.exe a variant of MSIL/Injector.ADP trojan
C:\System Volume Information\SystemRestore\FRStaging\Users\Yapen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\686347.exe a variant of MSIL/Injector.ADP trojan
C:\System Volume Information\SystemRestore\FRStaging\Users\Yapen\Downloads\cnet2_YsflightForWindows_zip.exe a variant of Win32/InstallCore.D application
C:\System Volume Information\SystemRestore\FRStaging\Users\Yapen\Downloads\flstudio_10.0.9.exe Win32/OpenCandy application
C:\Users\All Users\Zoomex\settings.ini Win32/Adware.MultiPlug.F application
C:\Users\Yapen\Downloads\cnet2_YsflightForWindows_zip.exe a variant of Win32/InstallCore.D application
C:\Users\Yapen\Downloads\flstudio_10.0.9.exe Win32/OpenCandy application
Operating memory Win32/SProtector.A application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users