Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Creates User accounts, public folders, changes permissions.


  • This topic is locked This topic is locked
19 replies to this topic

#1 om_mmm

om_mmm

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 09 May 2013 - 12:54 AM

The computer started acting strangely, like redirecting Chrome to Google and occasionally the blue screen all that has stopped, but while looking around I noticed there were folders I did not create and User settings I had not changed. Normally I am the only user and administrator and guest acct is turned off.  However, now there was user "fbwuser" account and other accts. which seem to have disappeared. Still there are random folders throughout (i.e. Public Videos) and others to which I get denied access. At times I get the feeling it is being accessed remotely, but all this is very new to me,

so I don't know where to start.

 

below is the dss & also attached the .txt 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476
Run by Ivan Gabriel at 11:25:25 on 2013-05-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3561.1404 [GMT 7:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Program Files (x86)\Mediafour\Media SOS\MediaSOSRemovableDiskService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\WLANExt.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Mystify.scr
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
dURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
mWinlogon: Userinit = userinit.exe,
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
uRun: [Google Update] "C:\Users\Ivan Gabriel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe -autorun
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_222_ActiveX.exe -update activex
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3F3D9EC1-0AE3-4C12-A5AB-B1B49C3DC017} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3F3D9EC1-0AE3-4C12-A5AB-B1B49C3DC017}\24A4F544275616D6F56463 : DHCPNameServer = 192.168.20.1
TCP: Interfaces\{3F3D9EC1-0AE3-4C12-A5AB-B1B49C3DC017}\341445D26427565675966496044584 : DHCPNameServer = 61.19.245.245
TCP: Interfaces\{3F3D9EC1-0AE3-4C12-A5AB-B1B49C3DC017}\341445D294E6475627E65647044584 : DHCPNameServer = 61.19.245.245 61.19.245.246
TCP: Interfaces\{3F3D9EC1-0AE3-4C12-A5AB-B1B49C3DC017}\4505D2C494E4B4F5149363632403 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3F3D9EC1-0AE3-4C12-A5AB-B1B49C3DC017}\8507562796160235C4F533364333 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{3F3D9EC1-0AE3-4C12-A5AB-B1B49C3DC017}\943445026627565602759464940226970245255554 : DHCPNameServer = 10.42.254.42 10.42.254.2
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://acer.msn.com
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [InstantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [ALU] C:\Program Files\Acer\Acer Updater\ALU.exe -r
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-3-20 31872]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-6-1 102528]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-6-1 219776]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-3-20 95248]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-21 30368]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-21 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-21 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-21 110752]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-21 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-21 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-21 280992]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-21 550560]
.
=============== Created Last 30 ================
.
2013-05-08 06:52:38 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar
2013-05-08 06:51:53 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-29 09:57:32 -------- d-----w- C:\Users\Ivan Gabriel\AppData\Local\adawarebp
2013-04-29 09:41:49 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-04-29 09:41:19 -------- d-----w- C:\Program Files (x86)\adawaretb
2013-04-28 04:02:00 -------- d-----w- C:\Users\Ivan Gabriel\AppData\Local\Avg2013
2013-04-27 15:04:07 38456 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2013-04-26 17:33:47 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-04-26 17:33:37 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{802A4281-FEB4-41F6-AEE9-C5EB69892AA1}\mpengine.dll
2013-04-26 17:05:52 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-23 12:37:32 -------- d-----w- C:\Program Files\PeerBlock
2013-04-12 18:53:02 46280 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2013-04-11 03:32:35 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-04-10 15:13:02 -------- d-----w- C:\Program Files\iPod
2013-04-10 15:13:00 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-10 15:13:00 -------- d-----w- C:\Program Files\iTunes
2013-04-10 15:13:00 -------- d-----w- C:\Program Files (x86)\iTunes
2013-04-10 14:11:08 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-04-10 14:10:24 -------- d-----w- C:\Users\Ivan Gabriel\AppData\Local\Downloaded Installations
2013-04-10 14:09:02 -------- d-----w- C:\ProgramData\blekko toolbars
2013-04-10 14:08:53 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-04-10 14:08:40 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-04-10 14:08:03 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 14:07:52 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-10 14:07:51 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-10 14:07:49 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-10 14:07:48 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-10 14:07:47 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-10 14:07:46 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-10 14:07:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 14:06:40 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 14:06:37 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 14:06:37 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 14:06:36 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 14:06:35 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 14:06:34 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 13:50:21 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-04-10 13:50:21 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-04-10 13:50:18 -------- d-----w- C:\Users\Ivan Gabriel\AppData\Roaming\LavasoftStatistics
2013-04-10 13:49:14 -------- d-----w- C:\Users\Ivan Gabriel\AppData\Roaming\Ad-Aware Antivirus
2013-04-10 13:30:44 -------- d-----w- C:\Users\Ivan Gabriel\AppData\Local\ElevatedDiagnostics
.
==================== Find3M  ====================
.
2013-03-11 18:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-22 01:53:00 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 11:26:43.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 22,241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 12 May 2013 - 09:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 om_mmm

om_mmm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 14 May 2013 - 04:37 AM

Hi Nasdaq,

( I'm in Asia and its not easy to find the right help to assist with this issue. )

... thank you very much for the help.

 

 

Below are the three log reports.

 

1________

 

 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
AVG Internet Security 2013   
Lavasoft Ad-Aware            
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Wise Disk Cleaner 7.73  
 Panda Cloud Cleaner   
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Ad-Aware Antivirus AdAwareService.exe   
 Ad-Aware Antivirus SBAMSvc.exe   
 IObit IObit Malware Fighter IMFsrv.exe  
 IObit IObit Malware Fighter IMF.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 

 

 

 

 

2_________

 

# AdwCleaner v2.300 - Logfile created 05/14/2013 at 15:33:05
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ivan Gabriel - IVANGABRIEL-PC
# Boot Mode : Normal
# Running from : C:\Users\Ivan Gabriel\Desktop\c\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : Application Updater
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Users\Ivan Gabriel\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Ivan Gabriel\AppData\Roaming\dvdvideosoftiehelpers
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Search Page] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Par défaut)] = hxxp://isearch.glarysoft.com/?q=%s&src=iesearch --> Empty data
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Par défaut)] = hxxp://isearch.glarysoft.com/?q=%s&src=iesearch --> Empty data
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Ivan Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [5184 octets] - [14/05/2013 15:33:05]
 
########## EOF - C:\AdwCleaner[S1].txt - [5244 octets] ##########
 

 

 

 

 

3___________

 

ComboFix 13-05-13.01 - Ivan Gabriel 05/14/2013  15:55:58.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3561.2207 [GMT 7:00]
Running from: c:\users\Ivan Gabriel\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-14 to 2013-05-14  )))))))))))))))))))))))))))))))
.
.
2013-05-14 09:06 . 2013-05-14 09:06 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-05-14 04:16 . 2013-05-14 04:16 -------- d-----w- c:\users\Ivan Gabriel\AppData\Roaming\AVG2013
2013-05-14 04:12 . 2013-05-14 04:15 -------- d-----w- c:\programdata\AVG2013
2013-05-14 04:12 . 2013-05-14 04:12 -------- d-----w- C:\$AVG
2013-05-14 04:10 . 2013-05-14 04:10 -------- d-----w- c:\program files (x86)\AVG
2013-05-14 04:00 . 2013-05-14 04:00 105 ----a-w- C:\prefs.js
2013-05-14 03:51 . 2010-11-26 11:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-05-10 12:18 . 2013-04-16 23:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF558289-DCC4-4308-B50E-33A2FC9ADB82}\mpengine.dll
2013-05-09 08:18 . 2013-05-09 08:18 -------- d-----w- c:\program files (x86)\Panda Security
2013-05-08 06:51 . 2013-05-08 06:51 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-29 09:57 . 2013-04-29 09:57 -------- d-----w- c:\users\Ivan Gabriel\AppData\Local\adawarebp
2013-04-29 09:41 . 2013-04-29 09:41 -------- d-----w- c:\programdata\Downloaded Installations
2013-04-28 04:02 . 2013-05-14 07:37 -------- d-----w- c:\users\Ivan Gabriel\AppData\Local\Avg2013
2013-04-27 15:04 . 2013-02-11 05:28 38456 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-04-26 17:05 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 12:37 . 2013-05-14 05:10 -------- d-----w- c:\program files\PeerBlock
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 04:04 . 2013-04-10 13:50 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-05-14 04:04 . 2013-04-10 13:50 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-08 06:44 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 19:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 18:53 . 2013-04-12 18:53 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-04-10 20:06 . 2012-11-13 11:31 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-28 19:53 . 2013-03-28 19:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-20 20:08 . 2013-03-20 20:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-03-19 06:04 . 2013-04-10 14:06 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 14:06 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 14:06 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:06 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 14:06 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 14:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 14:07 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 06:57 . 2013-04-10 20:04 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 20:04 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 20:04 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 20:04 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 20:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 20:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 20:04 237056 ----a-w- c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 20:04 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 20:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 20:04 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 20:04 816640 ----a-w- c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 20:04 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 20:04 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 20:04 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 20:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 20:04 248320 ----a-w- c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 20:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 20:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 20:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 20:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 20:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 20:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-22 01:53 . 2013-02-22 01:53 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-15 06:08 . 2013-04-10 14:07 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 14:07 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 14:07 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 14:07 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 14:07 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 14:07 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 08:49 281760 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
"FreeCT"="c:\program files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe" [2012-12-17 2107304]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-29 630912]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-24 336992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_222_ActiveX.exe" [2012-03-19 352928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-20 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-20 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-20 110752]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-20 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-20 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-20 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-20 550560]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-02-11 38456]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-30 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [2012-02-01 31872]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-07 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-07 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-07 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-07 45880]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-14 14456]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-28 246072]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-07 206136]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-20 240952]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-04-12 46280]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-03-19 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-03-19 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-03-19 62776]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-03-17 1236336]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-29 235520]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-20 106144]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2013-04-10 1428472]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-04-25 4936752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-17 283136]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2012-03-23 355920]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 871296]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2012-02-29 28264]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-12-04 103472]
S2 Media SOS removable disk service;Media SOS removable disk service;c:\program files (x86)\Mediafour\Media SOS\MediaSOSRemovableDiskService.exe [2012-10-25 20480]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-19 3677000]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-12 82872]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-10-25 102528]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-10-25 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-20 30368]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-03-19 244560]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-29 342632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 42184]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-13 56448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-19 17:08]
.
2013-05-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2013-01-22 17:26]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 04:55]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 04:55]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3764405354-2316010602-3348670856-1000Core.job
- c:\users\Ivan Gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 00:40]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3764405354-2316010602-3348670856-1000UA.job
- c:\users\Ivan Gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 00:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 08:49 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstantUpdate"="c:\program files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe" [2012-02-20 124520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-20 1020576]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-20 800416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"ALU"="c:\program files\Acer\Acer Updater\ALU.exe" [2012-02-07 2337144]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\System32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\System32\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4d,34,70,7d,b7,4b,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,61,7b,cc,b0,d6,83,42,b7,5f,a5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-05-14  16:16:31 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-14 09:16
.
Pre-Run: 285,709,987,840 bytes free
Post-Run: 285,348,601,856 bytes free
.
- - End Of File - - 1747A5C7178BEA206EBF9E49AA13F3EE


#4 nasdaq

nasdaq

  • Malware Response Team
  • 22,241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 14 May 2013 - 08:10 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Please let me know of the remaining issues with this computer.

#5 om_mmm

om_mmm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 May 2013 - 01:31 AM

i didnt find a way to delete adobe reader 10,
I think installing reader 11 deleted traces of Adobe reader 10.
below is the log from junkware.
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ivan Gabriel on Wed 05/15/2013 at 13:15:32.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Ivan Gabriel\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\Ivan Gabriel\appdata\local\{8241A35A-C6C1-48BA-BE5B-1341F7481B77}
Successfully deleted: [Empty Folder] C:\Users\Ivan Gabriel\appdata\local\{B39723FA-BA56-4F8D-B29B-1BDF235F689C}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/15/2013 at 13:23:51.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 om_mmm

om_mmm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 May 2013 - 02:30 AM

thnx again..

I have questions that i feel may be remaining issues:

 

#1 - Issue-Question

I don't know which folders are legit and belong (...?)

For "Users" I have Guest Acct - OFF

 

However, when I go to to the Users folder in my C:/ drive

there are seven User folders that I did not create.

Four of them have a lock and

one denies me access completely.

This is the list of the Users folder

 

-All Users

-Default

-Default User

-fbwuser

-Ivan Gabriel (this is the one I created - Admin)

-Public

-Temp

(fbwuser is what I searched on google to find this site @ url below)

http://www.bleepingcomputer.com/forums/t/491379/win32downloadadming-crossrider-conduit/

...also the .ini  file in Users folder was created in 2009 but I only bought the laptop new 2012

....lots of ntdat. and .log files throughout were created 2009 so I'm a bit unsure whats the deal

 

 

 

#2 Issue - Question

There are several folders throughout the system with a lock, access is denied and i cannot change their settings or permissions as an admin.

Example is a folder "Public Videos" I did not create recently that denies me access to do anything to it. Is this normal?

 

 

#3 Issue - Question

should there be two Desktop.ini files on my desktop?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 22,241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 15 May 2013 - 08:44 AM


The only folder I'm concerned with it fbwuser. If you used FaceBook or used it before it may be related I do not know.
Lets check it out.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :dir
    C:\Users\All Users\fbwuser
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

...also the .ini file in Users folder was created in 2009 but I only bought the laptop new 2012
....lots of ntdat. and .log files throughout were created 2009 so I'm a bit unsure whats the deal

Probably set when the operating system was installed. Leave it alone.
===

#2 Issue - Question
There are several folders throughout the system with a lock, access is denied and i cannot change their settings or permissions as an admin.
Example is a folder "Public Videos" I did not create recently that denies me access to do anything to it. Is this normal?

These a locked by the operating system. Leave them alone.
===

#3 Issue - Question
should there be two Desktop.ini files on my desktop?

You can Open them with Notepad and look at the content.
I'm sure they are not the same.
If it's not broken do not fix it is my moto...

#8 om_mmm

om_mmm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 16 May 2013 - 02:25 AM

thank you, ill run systemlook tonight when i get home and post it.

 

 

The only folder I'm concerned with it fbwuser. If you used FaceBook or used it before it may be related I do not know.
Lets check it out.

 

Before I started taking this issue seriously,

I searched around on the web. (five weeks ago)

I found two other forums who had same "fbwuser" issue.

the response  team mentioned to them that it was commonly related to having

hotspot shield hijacked / intercepted to access the system files.

I havent been unable to find these same sources again but

then I found Bleepincomp.com and here i am.

......

 

 

my fbwuser user account was created together with all

those other user folders i did not have before. This happened 1 week after

using hotspot shield. This is when more folders started to appear in my system denying 

me access and my personal user settings began to change.

 

 

I uninstalled it back then (3 weeks ago)

but there are still remnants of hotspot shield throughout my system ..

(including in the protocol & device properties of the internal wireless card)

 

.....

 

how can I delete these "random folders" like "Public Videos" that deny me access?

and ...

can I just delete all the other user folders "User" account folders that are NOT locked?

if I am the admin why can I not delete or access the other user account permissions?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 22,241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 16 May 2013 - 07:23 AM

Before I started taking this issue seriously,
I searched around on the web. (five weeks ago)
I found two other forums who had same "fbwuser" issue.
the response team mentioned to them that it was commonly related to having
hotspot shield hijacked / intercepted to access the system files.
I havent been unable to find these same sources again but
then I found Bleepincomp.com and here i am.

Yes I saw that to somewhere. That is why I want to have a look what is in the folder.

how can I delete these "random folders" like "Public Videos" that deny me access?
and ...
can I just delete all the other user folders "User" account folders that are NOT locked?
if I am the admin why can I not delete or access the other user account permissions?

The folders are protected by the Operating system. I have the same on my computer. I do not remove anything unless it's giving me problems.

As I have said before "If its not broken do not fix it"

#10 om_mmm

om_mmm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 16 May 2013 - 11:00 PM

ok. Below is SystemLook's log.

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:23 on 17/05/2013 by Ivan Gabriel
Administrator - Elevation successful
 
========== dir ==========
 
C:\Users\All Users\fbwuser - Unable to find folder.
 
-= EOF =-

 

I found fbwuser entries on other "User" directories & files

so I ran it there as well, just in case. Below are the logs.

 

===============================================

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:31 on 17/05/2013 by Ivan Gabriel
Administrator - Elevation successful
 
========== dir ==========
 
C:\Users\fbwuser - Parameters: "(none)"
 
---Files---
NTUSER.DAT --a---- 8192 bytes [10:33 27/04/2013] [02:17 17/05/2013]
NTUSER.DAT.LOG1 --ahs-- 5120 bytes [16:11 23/04/2013] [02:17 17/05/2013]
NTUSER.DAT.LOG2 --ahs-- 0 bytes [16:11 23/04/2013] [16:11 23/04/2013]
NTUSER.DAT{ede1cc60-ac2d-11e2-9d93-dc0ea1b81a66}.TM.blf --ahs-- 65536 bytes [16:11 23/04/2013] [16:11 23/04/2013]
NTUSER.DAT{ede1cc60-ac2d-11e2-9d93-dc0ea1b81a66}.TMContainer00000000000000000001.regtrans-ms --ahs-- 524288 bytes [16:11 23/04/2013] [16:11 23/04/2013]
NTUSER.DAT{ede1cc60-ac2d-11e2-9d93-dc0ea1b81a66}.TMContainer00000000000000000002.regtrans-ms --ahs-- 524288 bytes [16:11 23/04/2013] [16:11 23/04/2013]
NTUSER.DAT{fe41602a-accb-11e2-bcf3-dc0ea1b81a66}.TM.blf --ahs-- 65536 bytes [10:51 24/04/2013] [11:33 24/04/2013]
NTUSER.DAT{fe41602a-accb-11e2-bcf3-dc0ea1b81a66}.TMContainer00000000000000000001.regtrans-ms --ahs-- 524288 bytes [10:51 24/04/2013] [11:33 24/04/2013]
NTUSER.DAT{fe41602a-accb-11e2-bcf3-dc0ea1b81a66}.TMContainer00000000000000000002.regtrans-ms --ahs-- 524288 bytes [10:51 24/04/2013] [11:33 24/04/2013]
 
---Folders---
AppData d------ [09:16 14/05/2013]
 
-= EOF =-

===============================================

 

All Users

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:01 on 17/05/2013 by Ivan Gabriel
Administrator - Elevation successful
 
========== dir ==========
 
C:\Users\All Users\Hotspot Shield\config - Parameters: "(none)"
 
---Files---
defprxy.cfg --a---- 319 bytes [06:03 10/04/2013] [07:00 13/04/2013]
fbw-info-direct.cfg --a---- 2376 bytes [21:26 13/02/2013] [21:26 13/02/2013]
hssstate.cfg --a---- 412 bytes [16:07 04/04/2013] [20:08 14/04/2013]
startup.cfg --a---- 2544 bytes [16:07 04/04/2013] [07:00 13/04/2013]
wlnet.cfg --a---- 392 bytes [16:09 04/04/2013] [16:09 04/04/2013]
wlnet_st.cfg --a---- 1372 bytes [16:09 04/04/2013] [09:08 14/04/2013]
 
---Folders---
hsspx d------ [16:06 04/04/2013]
hsswd d------ [16:06 04/04/2013]
 
-= EOF =-
 

 

========================================

 

========================================
 

I wanted to ask you ... Why can't I have access to OR change my own

permissions to view the "Default User" dir?

 

I ran SystemLook. Log Below just in case it helps.

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:40 on 17/05/2013 by Ivan Gabriel
Administrator - Elevation successful
 
========== dir ==========
 
C:\Users\Default User - Parameters: "(none)"
 
---Files---
None found.
 
---Folders---
None found.
 
-= EOF =-

=============================

 

Again thank you nasdaq for your ample patience and help.

 

 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 22,241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 17 May 2013 - 09:54 AM

This script should remove the unwanted folder.

Open notepad and copy/paste the text in the quote box below into it:
 
Folder::
C:\Users\fbwuser\AppData
C:\Users\All Users\Hotspot Shield\config
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===
 

I wanted to ask you ... Why can't I have access to OR change my own
permissions to view the "Default User" dir?

Technically I do not know. I suggest you ask in the Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html

An expert with that operating system should be able to answer you.

#12 om_mmm

om_mmm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 22 May 2013 - 05:12 AM

resultant log posted below.

additional info

#1.. yesterday found Adobe Acrobat 10 folder created recently inside the folder where i store all the "BleepingComputer" .exe & .txt  files we've been using (JRT.exe, systemlook.exe, combofix etc...)

 . i did not create this folder. The folder was full of .exe and .cab files along

with other .logs I unhappily deleted it with shredder.

#2 .. additionally fbwuser acct. folder updates the ntuser.dat files every time i log on or make changes.

#3 .. C:\Users\fbwuser\AppData was not deleted and two folders remain inside (Local & Temp)

#4 .. I ran a registry cleaner "IObit malware" and alot of stuff came up (root entries, etc.. )that weren't

there before (as in VERY recent changes that weren't made by me or what we've been working on)

but related to Acrobat, Flash Player, and a few of the same folders related to the this same issue.

I did not proceed with the cleaning (only did the analyzing) in case you wanted to see what came up.

 

combofix log below

===============

ComboFix 13-05-22.01 - Ivan Gabriel 05/22/2013  16:07:18.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3561.2329 [GMT 7:00]
Running from: c:\users\Ivan Gabriel\Desktop\ComboFix.exe
Command switches used :: c:\users\Ivan Gabriel\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\All Users\Hotspot Shield
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-22 to 2013-05-22  )))))))))))))))))))))))))))))))
.
.
2013-05-22 09:16 . 2013-05-22 09:16 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-05-18 06:43 . 2012-05-08 11:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-05-18 05:53 . 2013-05-18 05:53 -------- d-----w- c:\program files\McAfee
2013-05-16 09:45 . 2013-05-16 09:47 -------- d-----w- c:\programdata\YTD Video Downloader
2013-05-15 06:15 . 2013-05-15 06:15 -------- d-----w- c:\windows\ERUNT
2013-05-15 06:14 . 2013-05-15 06:15 -------- d-----w- C:\JRT
2013-05-14 04:16 . 2013-05-14 04:16 -------- d-----w- c:\users\Ivan Gabriel\AppData\Roaming\AVG2013
2013-05-14 04:12 . 2013-05-14 04:15 -------- d-----w- c:\programdata\AVG2013
2013-05-14 04:12 . 2013-05-14 04:12 -------- d-----w- C:\$AVG
2013-05-14 04:10 . 2013-05-14 04:10 -------- d-----w- c:\program files (x86)\AVG
2013-05-14 04:00 . 2013-05-14 04:00 105 ----a-w- C:\prefs.js
2013-05-14 03:51 . 2010-11-26 11:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-10 12:18 . 2013-04-16 23:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF558289-DCC4-4308-B50E-33A2FC9ADB82}\mpengine.dll
2013-05-09 08:18 . 2013-05-09 08:18 -------- d-----w- c:\program files (x86)\Panda Security
2013-05-08 06:51 . 2013-05-08 06:51 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-29 09:41 . 2013-04-29 09:41 -------- d-----w- c:\programdata\Downloaded Installations
2013-04-28 04:02 . 2013-05-14 07:37 -------- d-----w- c:\users\Ivan Gabriel\AppData\Local\Avg2013
2013-04-27 15:04 . 2013-04-11 04:06 39504 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-04-26 17:05 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 12:37 . 2013-05-22 09:04 -------- d-----w- c:\program files\PeerBlock
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 04:04 . 2013-04-10 13:50 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-05-14 04:04 . 2013-04-10 13:50 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-08 06:44 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 19:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 18:53 . 2013-04-12 18:53 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-04-10 20:06 . 2012-11-13 11:31 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-28 19:53 . 2013-03-28 19:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-20 20:08 . 2013-03-20 20:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-03-19 06:04 . 2013-04-10 14:06 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 14:06 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 14:06 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:06 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 14:06 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 14:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 14:07 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 06:57 . 2013-04-10 20:04 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 20:04 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 20:04 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 20:04 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 20:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 20:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 20:04 237056 ----a-w- c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 20:04 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 20:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 20:04 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 20:04 816640 ----a-w- c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 20:04 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 20:04 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 20:04 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 20:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 20:04 248320 ----a-w- c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 20:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 20:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 20:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 20:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 20:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 20:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-22 01:53 . 2013-02-22 01:53 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-29 630912]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_222_ActiveX.exe" [2012-03-19 352928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE -startup
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-19 3677000]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-20 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-20 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-20 110752]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-20 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-20 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-20 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-20 550560]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-04-11 39504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-30 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [2012-02-01 31872]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-07 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-07 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-07 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-07 45880]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-14 14456]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-28 246072]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-07 206136]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-20 240952]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-04-12 46280]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-03-19 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-03-19 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-03-19 62776]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-03-17 1236336]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-29 235520]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-20 106144]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2013-04-10 1428472]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-05-13 4937264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-17 283136]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2012-03-23 355920]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 871296]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2012-02-29 28264]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]
S2 Media SOS removable disk service;Media SOS removable disk service;c:\program files (x86)\Mediafour\Media SOS\MediaSOSRemovableDiskService.exe [2012-10-25 20480]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-12 82872]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-10-25 102528]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-10-25 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-20 30368]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-03-19 244560]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-29 342632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 42184]
S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-13 56448]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-19 17:08]
.
2013-05-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2013-01-22 17:26]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 04:55]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 04:55]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3764405354-2316010602-3348670856-1000Core.job
- c:\users\Ivan Gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 00:40]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3764405354-2316010602-3348670856-1000UA.job
- c:\users\Ivan Gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 00:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 08:49 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstantUpdate"="c:\program files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe" [2012-02-20 124520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-20 1020576]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-20 800416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"ALU"="c:\program files\Acer\Acer Updater\ALU.exe" [2012-02-07 2337144]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\System32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\System32\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4d,34,70,7d,b7,4b,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,61,7b,cc,b0,d6,83,42,b7,5f,a5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-22  16:20:30
ComboFix-quarantined-files.txt  2013-05-22 09:20
ComboFix2.txt  2013-05-14 09:16
.
Pre-Run: 287,647,551,488 bytes free
Post-Run: 287,574,921,216 bytes free
.
- - End Of File - - 8BA1B28067A70ED6EAFAC9E9E04CF9BC
 

Many thanks.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 22,241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 22 May 2013 - 08:09 AM

This should have been the correct fix to remove the fbwuser folder. My mistake.

Open notepad and copy/paste the text in the quote box below into it:

Folder::
C:\Users\fbwuser

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

#1.. yesterday found Adobe Acrobat 10 folder created recently inside the folder where i store all the "BleepingComputer"
Delete the Adobe Acrobat 10 folder. Keep it in your Recycle bin just in can you get a message that it's needed by a program.
Flush it in a week if all is well.
===

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
keep me posted.

#14 om_mmm

om_mmm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 28 May 2013 - 12:10 AM

hi, sorry for the delayed response

( internet access is unavailable for days at a time ... Thailand)

hope you've been doing well.

 

below are both reports for CFscript and ESET

 

 

ComboFix 13-05-27.02 - Ivan Gabriel 05/28/2013  10:54:35.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3561.2142 [GMT 7:00]
Running from: c:\users\Ivan Gabriel\Desktop\ComboFix.exe
Command switches used :: c:\users\Ivan Gabriel\Desktop\cfscript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-28 to 2013-05-28  )))))))))))))))))))))))))))))))
.
.
2013-05-28 04:51 . 2013-05-28 04:51 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-05-23 05:08 . 2013-05-23 05:08 -------- d-----w- c:\program files (x86)\ESET
2013-05-18 06:43 . 2012-05-08 11:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-05-18 05:53 . 2013-05-18 05:53 -------- d-----w- c:\program files\McAfee
2013-05-16 09:45 . 2013-05-16 09:47 -------- d-----w- c:\programdata\YTD Video Downloader
2013-05-15 06:15 . 2013-05-15 06:15 -------- d-----w- c:\windows\ERUNT
2013-05-15 06:14 . 2013-05-15 06:15 -------- d-----w- C:\JRT
2013-05-14 04:16 . 2013-05-14 04:16 -------- d-----w- c:\users\Ivan Gabriel\AppData\Roaming\AVG2013
2013-05-14 04:12 . 2013-05-14 04:15 -------- d-----w- c:\programdata\AVG2013
2013-05-14 04:12 . 2013-05-14 04:12 -------- d-----w- C:\$AVG
2013-05-14 04:10 . 2013-05-14 04:10 -------- d-----w- c:\program files (x86)\AVG
2013-05-14 03:51 . 2010-11-26 11:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-10 12:18 . 2013-04-16 23:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF558289-DCC4-4308-B50E-33A2FC9ADB82}\mpengine.dll
2013-05-09 08:18 . 2013-05-09 08:18 -------- d-----w- c:\program files (x86)\Panda Security
2013-05-08 06:51 . 2013-05-08 06:51 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-29 09:41 . 2013-04-29 09:41 -------- d-----w- c:\programdata\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 04:04 . 2013-04-10 13:50 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-05-14 04:04 . 2013-04-10 13:50 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-08 06:44 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 19:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 18:53 . 2013-04-12 18:53 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-04-12 14:45 . 2013-04-26 17:05 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 04:06 . 2013-04-27 15:04 39504 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-04-10 20:06 . 2012-11-13 11:31 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-28 19:53 . 2013-03-28 19:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-20 20:08 . 2013-03-20 20:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-03-19 06:04 . 2013-04-10 14:06 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 14:06 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 14:06 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:06 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 14:06 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 14:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 14:07 3153408 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-29 630912]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_222_ActiveX.exe" [2012-03-19 352928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE -startup
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2013-04-10 1428472]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-05-13 4937264]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-19 3677000]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-20 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-20 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-20 110752]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-20 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-20 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-20 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-20 550560]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-04-11 39504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-30 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [2012-02-01 31872]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-07 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-07 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-07 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-07 45880]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-14 14456]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-28 246072]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-07 206136]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-20 240952]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-04-12 46280]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-03-19 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-03-19 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-03-19 62776]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-03-17 1236336]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-29 235520]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-20 106144]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-17 283136]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2012-03-23 355920]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 871296]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2012-02-29 28264]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]
S2 Media SOS removable disk service;Media SOS removable disk service;c:\program files (x86)\Mediafour\Media SOS\MediaSOSRemovableDiskService.exe [2012-10-25 20480]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-12 82872]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-10-25 102528]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-10-25 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-20 30368]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-03-19 244560]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-29 342632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 42184]
S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-13 56448]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-19 17:08]
.
2013-05-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2013-01-22 17:26]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 04:55]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 04:55]
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3764405354-2316010602-3348670856-1000Core.job
- c:\users\Ivan Gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 00:40]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3764405354-2316010602-3348670856-1000UA.job
- c:\users\Ivan Gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 00:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ivan Gabriel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstantUpdate"="c:\program files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe" [2012-02-20 124520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-20 1020576]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-20 800416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"ALU"="c:\program files\Acer\Acer Updater\ALU.exe" [2012-02-07 2337144]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\System32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\System32\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4d,34,70,7d,b7,4b,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,61,7b,cc,b0,d6,83,42,b7,5f,a5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-28  11:54:23
ComboFix-quarantined-files.txt  2013-05-28 04:54
ComboFix2.txt  2013-05-23 03:21
ComboFix3.txt  2013-05-22 09:20
ComboFix4.txt  2013-05-14 09:16
.
Pre-Run: 290,848,550,912 bytes free
Post-Run: 290,885,894,144 bytes free
.
- - End Of File - - 030687B63B9C9ACE6DC0D5C123A97C3A
 

#################

ESET below:

################

 

 

C:\Users\Ivan Gabriel\Desktop\PC Clear\Adaware_Installer.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Ivan Gabriel\Downloads\cbsidlm-cbsi5_3_0_96-Cool_Timer-SEO-10062255.exe probably a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\Ivan Gabriel\Downloads\cbsidlm-tr1_12-Edraw_Mind_Map-SEO-197599.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Ivan Gabriel\Downloads\cbsidlm-tr1_12-Matrix_Trilogy_3D_Code_Screensaver-SEO-10186398.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Ivan Gabriel\Downloads\cbsidlm-tr1_12-Solar_System__Earth_3D_Screensaver-SEO-175468.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Ivan Gabriel\Downloads\FreeAudioDub.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Ivan Gabriel\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\Installer\c299b.msi a variant of Win32/Toolbar.Widgi application deleted - quarantined
 

############################################

 

( i will have access to internet again for the next five days

- - - then no access during weekend)

 

thank you nasdaq for your patience.



#15 om_mmm

om_mmm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 28 May 2013 - 12:27 AM

p.s.  i just realized the fbwuser folder & contents are still there.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users