Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My system got patch by a Virus


  • This topic is locked This topic is locked
23 replies to this topic

#1 futuristicx

futuristicx

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 17 September 2013 - 04:14 PM

Good day im Abu :)

My first report was in Here

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.40.2
Run by Dela Cruz at 5:06:10 on 2013-09-18
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1071 [GMT 8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe
C:\Documents and Settings\Dela Cruz\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com/
mCustomizeSearch = hxxp://www.google.com/
uURLSearchHooks: {e3600b2b-4c86-4697-96bc-74d4d209f6bc} - <orphaned>
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GarenaPlus] "d:\program files\garenalolph_launcher\gamedata\GarenaMessenger.exe" -autolaunch
uRun: [uTorrent] "c:\documents and settings\dela cruz\application data\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [F.lux] "c:\documents and settings\dela cruz\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Steam] "d:\program files\don't starve\bin_alt\steam.exe" -silent
uRun: [ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff] "c:\windows\system32\rundll32.exe" "c:\program files\conduit\ct3310511\plugins\TBVerifier.dll",RunConduitFloatingPlugin banjjklfojcdbofbhbgiedekefohoaff
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
StartupFolder: c:\docume~1\delacr~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:177
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D926CD09-FB59-497F-9FE5-0436F3AC5EF7} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dela cruz\application data\mozilla\firefox\profiles\b7nkeiwq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN29312802633139418&UM=2&SearchSource=3&q={searchTerms}
FF - plugin: c:\documents and settings\dela cruz\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\dela cruz\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: d:\program files\garenalolph_launcher\gamedata\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dll
FF - ExtSQL: 2013-08-25 21:14; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-09-13 22:14; [email protected]; c:\documents and settings\dela cruz\application data\mozilla\firefox\profiles\b7nkeiwq.default\extensions\[email protected]
FF - ExtSQL: 2013-09-16 01:17; {7e8a1050-cf67-4575-92df-dcc60e7d952d}; c:\documents and settings\dela cruz\application data\mozilla\firefox\profiles\b7nkeiwq.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
FF - ExtSQL: 2013-09-17 12:25; [email protected]; c:\documents and settings\dela cruz\application data\mozilla\firefox\profiles\b7nkeiwq.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 diskpt;diskpt;c:\windows\system32\drivers\diskpt.sys [2012-6-5 204384]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2013-1-9 112480]
R1 vdrv1000;vdrv1000;c:\windows\system32\drivers\vdrv1000.sys [2013-1-3 186392]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-17 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-17 701512]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-7-3 1228504]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-7-3 660184]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-4-3 73216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-17 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-7-3 16024]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-12-29 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-6-14 1691480]
S3 apf003;apf003;c:\windows\system32\apf003.sys [2013-4-21 13232]
S3 cpuz134;cpuz134;\??\c:\docume~1\delacr~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\delacr~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-4-4 83864]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2002-1-1 20032]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-4-3 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-4-3 235392]
S3 GGSAFERDriver;GGSAFER Driver;d:\program files\garenalolph_launcher\gamedata\room\safedrv.sys [2012-12-6 22112]
S3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2013-1-3 13952]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-1-11 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-2-22 22400]
S3 nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys --> c:\windows\system32\drivers\nbdrv.sys [?]
S3 nbdrvMP;nbdrvMP;c:\windows\system32\drivers\nbdrv.sys --> c:\windows\system32\drivers\nbdrv.sys [?]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-4-4 181784]
S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2012-12-31 759192]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe --> c:\program files\hotspot shield\bin\openvpnas.exe [?]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S4 HWDeviceService.exe;HWDeviceService.exe;"c:\documents and settings\all users\application data\datacardservice\hwdeviceservice.exe" -/service --> c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [?]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S4 Smart Bro. RunOuc;Smart Bro. OUC;c:\program files\smart bro\updatedog\ouc.exe [2013-4-3 246112]
S4 VC10SecS;Virtual CD v10 Management Service;c:\program files\virtual cd v10\system\VC10SecS.exe [2013-1-3 144712]
.
=============== Created Last 30 ================
.
2013-09-17 05:00:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-09-17 04:38:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-17 04:38:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-16 04:04:12 -------- d-----w- c:\program files\Alcohol Soft
2013-09-16 04:00:59 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-16 04:00:59 -------- d-----w- c:\documents and settings\all users\application data\eSafe
2013-09-16 03:59:59 -------- d-----w- c:\program files\WebConnect
2013-09-16 03:59:52 -------- d-----w- c:\program files\SimilarSites
2013-09-16 03:59:37 -------- d-----w- c:\documents and settings\dela cruz\application data\SimilarSites
2013-09-15 17:42:20 -------- d-----w- c:\documents and settings\dela cruz\application data\asoftech
2013-09-15 17:31:13 634880 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iKernel.dll
2013-09-15 17:31:13 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\ctor.dll
2013-09-15 17:31:13 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\DotNetInstaller.exe
2013-09-15 17:31:13 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iscript.dll
2013-09-15 17:31:13 159876 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\IGdi.dll
2013-09-15 17:31:13 151552 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iuser.dll
2013-09-15 17:31:12 270468 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\Setup.dll
2013-09-15 17:20:27 -------- d-----w- c:\program files\MyPC Backup
2013-09-15 17:18:41 -------- d-----w- c:\documents and settings\all users\application data\Conduit
2013-09-15 17:15:29 -------- d-----w- c:\windows\system32\WNLT
2013-09-15 17:12:51 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-15 17:12:40 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-15 17:06:00 -------- d-----w- c:\documents and settings\dela cruz\application data\.minecraft
2013-09-15 15:07:03 -------- d-----w- c:\documents and settings\all users\application data\Tunngle
2013-09-15 09:03:51 -------- d-----w- c:\documents and settings\dela cruz\local settings\application data\Rockstar Games
2013-09-15 07:14:41 -------- d-----w- c:\program files\common files\Steam
2013-09-15 02:29:09 -------- d-----w- c:\program files\Sacred Citadel
2013-09-14 14:57:46 -------- d-----w- c:\documents and settings\dela cruz\local settings\application data\CRE
2013-09-13 07:32:24 -------- d-----w- c:\documents and settings\all users\application data\Cateia Games
2013-09-13 02:37:40 -------- d-----w- c:\program files\ss helper
2013-09-13 02:37:31 -------- d-----w- c:\documents and settings\all users\application data\soaveensohare
2013-09-13 02:37:01 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2013-09-12 11:45:39 -------- d-----w- c:\documents and settings\dela cruz\Zomboid
2013-09-11 07:43:56 -------- d-----w- c:\documents and settings\all users\application data\SeriousBit
2013-09-10 10:46:29 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2013-09-10 10:46:29 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2013-09-10 10:46:29 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2013-09-10 10:46:29 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2013-09-10 10:46:29 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2013-09-10 10:46:27 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2013-09-10 10:46:27 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2013-09-10 10:42:59 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2013-09-10 10:42:59 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2013-09-10 10:42:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2013-09-10 10:42:59 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2013-09-10 10:42:59 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2013-09-10 10:42:54 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2013-09-10 10:42:54 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2013-09-09 08:07:53 -------- d-----w- c:\documents and settings\dela cruz\application data\TEdit
2013-09-08 07:12:38 -------- d-----w- c:\program files\TEdit
2013-09-04 09:18:50 -------- d-----w- c:\program files\Terraria
2013-09-02 09:24:03 -------- d-----w- c:\documents and settings\dela cruz\application data\SPORE
2013-09-02 09:23:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-09-01 12:58:44 -------- d-----w- c:\program files\Microsoft XNA
2013-08-31 10:49:23 -------- d-----w- c:\documents and settings\dela cruz\minecraft
2013-08-25 13:13:16 -------- d-----r- c:\program files\Skype
2013-08-25 12:55:50 -------- d-----w- C:\Documents
2013-08-20 03:23:22 -------- d-sh--w- C:\found.000
.
==================== Find3M  ====================
.
2013-09-15 17:12:20 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-15 17:12:20 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-15 04:33:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 04:33:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-03 08:32:42 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
2013-06-20 00:02:28 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2013-06-19 23:59:40 2817640 ----a-w- c:\windows\ALCWZRD.EXE
2013-06-19 23:59:36 64104 ----a-w- c:\windows\ALCMTR.EXE
2013-06-19 21:48:14 562688 ----a-w- C:\install.exe
.
============= FINISH:  5:06:58.65 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 AM

Posted 18 September 2013 - 03:37 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#3 futuristicx

futuristicx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 18 September 2013 - 05:37 AM

Good day Sir TB psychotic! umm what does it means when one of the rundll32.exe is running more than 650k mem usage but the others are below 40k? :( and when i am running the GMER my audio stutters.. :)


Edited by futuristicx, 18 September 2013 - 05:49 AM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 AM

Posted 18 September 2013 - 05:49 AM

I cannot pprovide any information without the gmer log.


Proud Member of UNITE

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#5 futuristicx

futuristicx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 18 September 2013 - 05:59 AM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-18 18:58:41
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 ST316081 rev.CC2H 149.05GB
Running: i2mhtkr6.exe; Driver: C:\DOCUME~1\DELACR~1\LOCALS~1\Temp\pfriapoc.sys
 
 
---- System - GMER 2.1 ----
 
INT 0x73        ?                                                                                                     8A9C7CC8
INT 0x83        ?                                                                                                     8A9C7CC8
INT 0xB4        ?                                                                                                     8A7F5CC8
 
---- Devices - GMER 2.1 ----
 
Device          \FileSystem\Ntfs \Ntfs                                                                                8A9C21F8
 
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                diskpt.sys
 
---- Trace I/O - GMER 2.1 ----
 
Trace           ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a9c31f8]<<                          8a9c31f8
Trace           1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a95e798]                                               8a95e798
Trace           3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a96b3b8]                          8a96b3b8
Trace           5 ACPI.sys[b7e68620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8a95fa38]      8a95fa38
Trace           \Driver\nvgts[0x8a91e290] -> IRP_MJ_CREATE -> 0x8a9c31f8                                              8a9c31f8
 
---- Registry - GMER 2.1 ----
 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                       0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                    0x7A 0xCB 0x5B 0x67 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                0x7A 0xCB 0x5B 0x67 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk                             0xB9 0x17 0x7B 0x7A ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{e5ab3623-b336-4fd2-bbf6-18ad4639cd65}@Model                              86
Reg             HKLM\SOFTWARE\Classes\CLSID\{e5ab3623-b336-4fd2-bbf6-18ad4639cd65}@Therad                             15
Reg             HKLM\SOFTWARE\Classes\CLSID\{e5ab3623-b336-4fd2-bbf6-18ad4639cd65}@SpecVersion                        1
Reg             HKLM\SOFTWARE\Classes\CLSID\{e5ab3623-b336-4fd2-bbf6-18ad4639cd65}@MData                              0x73 0xD5 0xCF 0xB8 ...
 
---- EOF - GMER 2.1 ----


:) here you go sir 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 AM

Posted 18 September 2013 - 06:04 AM

Conduit adware is running as a service - thats the reason of the rundll32.exe memory usage!

 

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK


IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

 

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#7 futuristicx

futuristicx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 18 September 2013 - 06:49 AM

ComboFix 13-09-17.01 - Dela Cruz 09/18/2013  19:33:06.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1233 [GMT 8:00]
Running from: c:\documents and settings\Dela Cruz\My Documents\Downloads\Programs\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\soaveensohare
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dela Cruz\Application Data\mIRC\logs\status.log
c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]
c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]\bootstrap.js
c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]\chrome.manifest
c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]\content\bg.js
c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]\install.rdf
c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okaepokdplbgaeghdnggglpkiicpgcni
c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okaepokdplbgaeghdnggglpkiicpgcni\5.10\background.html
c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okaepokdplbgaeghdnggglpkiicpgcni\5.10\content.js
c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okaepokdplbgaeghdnggglpkiicpgcni\5.10\lsdb.js
c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okaepokdplbgaeghdnggglpkiicpgcni\5.10\manifest.json
c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okaepokdplbgaeghdnggglpkiicpgcni\5.10\P1P.js
c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okaepokdplbgaeghdnggglpkiicpgcni\5.10\sqlite.js
c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_okaepokdplbgaeghdnggglpkiicpgcni_0.localstorage
c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
C:\END
C:\Install.exe
c:\windows\msvcr71.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\PowerToyReadme.htm
.
Infected copy of c:\windows\system32\midimap.dll was found and disinfected 
Restored copy from - c:\windows\VistaMizer\old\midimap.dll 
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WSYSSVC
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-18 to 2013-09-18  )))))))))))))))))))))))))))))))
.
.
2013-09-17 05:00 . 2013-09-17 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-17 04:38 . 2013-09-17 04:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-17 04:38 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-16 13:46 . 2013-09-16 13:46 -------- d-----w- c:\program files\ERUNT
2013-09-16 04:04 . 2013-09-16 04:04 -------- d-----w- c:\program files\Alcohol Soft
2013-09-16 04:00 . 2013-09-17 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\eSafe
2013-09-16 04:00 . 2013-09-16 04:00 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-16 03:59 . 2013-09-16 04:06 -------- d-----w- c:\program files\WebConnect
2013-09-16 03:59 . 2013-09-16 03:59 -------- d-----w- c:\program files\SimilarSites
2013-09-16 03:59 . 2013-09-16 03:59 -------- d-----w- c:\documents and settings\Dela Cruz\Application Data\SimilarSites
2013-09-15 17:42 . 2013-09-15 17:42 -------- d-----w- c:\documents and settings\Dela Cruz\Application Data\asoftech
2013-09-15 17:31 . 2013-09-15 17:31 159876 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2013-09-15 17:31 . 2002-08-05 02:46 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2013-09-15 17:31 . 2002-08-01 19:10 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2013-09-15 17:31 . 2002-08-01 18:20 634880 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2013-09-15 17:31 . 2002-08-01 18:20 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2013-09-15 17:31 . 2002-08-01 18:20 151552 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2013-09-15 17:31 . 2013-09-15 17:31 270468 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2013-09-15 17:20 . 2013-09-15 17:41 -------- d-----w- c:\program files\MyPC Backup
2013-09-15 17:18 . 2013-09-15 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Conduit
2013-09-15 17:15 . 2013-09-16 02:16 -------- d-----w- c:\windows\system32\WNLT
2013-09-15 17:14 . 2013-09-15 17:14 -------- d-----w- c:\program files\Common Files\Java
2013-09-15 17:12 . 2013-09-15 17:12 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-15 17:12 . 2013-09-15 17:12 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-15 17:06 . 2013-09-15 17:08 -------- d-----w- c:\documents and settings\Dela Cruz\Application Data\.minecraft
2013-09-15 15:07 . 2013-09-15 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Tunngle
2013-09-15 09:03 . 2013-09-15 09:03 -------- d-----w- c:\documents and settings\Dela Cruz\Local Settings\Application Data\Rockstar Games
2013-09-15 07:14 . 2013-09-15 16:42 -------- d-----w- c:\program files\Common Files\Steam
2013-09-15 02:29 . 2013-09-15 10:39 -------- d-----w- c:\program files\Sacred Citadel
2013-09-14 14:57 . 2013-09-15 17:18 -------- d-----w- c:\documents and settings\Dela Cruz\Local Settings\Application Data\CRE
2013-09-14 02:25 . 2013-09-14 02:25 -------- d-----w- c:\program files\Ubisoft
2013-09-13 07:32 . 2013-09-13 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Cateia Games
2013-09-13 02:37 . 2013-09-16 02:16 -------- d-----w- c:\program files\ss helper
2013-09-13 02:37 . 2013-09-16 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2013-09-12 11:45 . 2013-09-12 12:02 -------- d-----w- c:\documents and settings\Dela Cruz\Zomboid
2013-09-11 07:43 . 2013-09-11 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SeriousBit
2013-09-10 10:46 . 2005-04-03 15:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-09-10 10:46 . 2005-04-03 15:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-09-10 10:46 . 2005-04-03 15:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-09-10 10:46 . 2005-04-03 15:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-09-10 10:46 . 2005-04-03 14:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-09-10 10:46 . 2013-09-10 10:46 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-09-10 10:46 . 2013-09-10 10:46 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-09-10 10:42 . 2002-12-05 06:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-09-10 10:42 . 2002-12-05 06:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-09-10 10:42 . 2002-12-02 07:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-09-10 10:42 . 2002-12-02 05:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-09-10 10:42 . 2002-12-02 05:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-09-10 10:42 . 2013-09-10 10:42 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-09-10 10:42 . 2013-09-10 10:42 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-09-09 08:07 . 2013-09-09 09:44 -------- d-----w- c:\documents and settings\Dela Cruz\Application Data\TEdit
2013-09-08 07:12 . 2013-09-08 07:12 -------- d-----w- c:\program files\TEdit
2013-09-04 09:18 . 2013-09-04 09:18 -------- d-----w- c:\program files\Terraria
2013-09-02 09:32 . 2013-09-02 09:32 -------- d-----w- c:\program files\Electronic Arts
2013-09-02 09:24 . 2013-09-02 09:45 -------- d-----w- c:\documents and settings\Dela Cruz\Application Data\SPORE
2013-09-02 09:23 . 2013-09-02 09:23 -------- d--h--r- c:\documents and settings\Dela Cruz\Application Data\SecuROM
2013-09-02 09:23 . 2013-09-02 09:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-09-01 12:58 . 2013-09-01 12:58 -------- d-----w- c:\program files\Microsoft XNA
2013-08-31 10:49 . 2013-08-31 10:49 -------- d-----w- c:\documents and settings\Dela Cruz\minecraft
2013-08-25 13:13 . 2013-08-25 13:14 -------- d-----r- c:\program files\Skype
2013-08-25 13:13 . 2013-08-25 13:13 -------- d-----w- c:\program files\Common Files\Skype
2013-08-25 12:55 . 2013-09-01 08:21 -------- d-----w- C:\Documents
2013-08-20 03:23 . 2013-08-20 03:23 -------- d-----w- C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 17:12 . 2012-09-21 06:46 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-15 17:12 . 2012-09-21 06:46 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-15 04:33 . 2012-06-05 06:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 04:33 . 2012-06-05 06:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-03 08:32 . 2013-07-03 08:32 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 21:41 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-13 21:41 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2008-04-13 21:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\VistaMizer\old\comres.dll
[7] 2004-08-03 22:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-13 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-13 . 1F7C9DEE77978EF9E8142CAD137E27CB . 770560 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-13 . 1F7C9DEE77978EF9E8142CAD137E27CB . 770560 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-03 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2004-08-03 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-13 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-13 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[7] 2004-08-03 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-13 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-13 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-13 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2008-04-13 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\regedit.exe
[7] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-13 . BD604DB0B7FF60CCC578DF54C5563E80 . 1312256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-13 . BD604DB0B7FF60CCC578DF54C5563E80 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[7] 2008-04-13 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ole32.dll
[7] 2004-08-03 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2008-04-13 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-13 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-13 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-13 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2008-04-13 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\hnetcfg.dll
[7] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-13 . C8E7AEEEF81D5FE655CCF69E8217BEB3 . 2280960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 . C8E7AEEEF81D5FE655CCF69E8217BEB3 . 2280960 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2004-08-03 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
.
[-] 2008-04-13 . F129FB11F0871750888AEBC3F7B3CE7D . 2402304 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . F129FB11F0871750888AEBC3F7B3CE7D . 2402304 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2004-08-03 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 08:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 08:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 08:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 08:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 08:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-06-19 3540416]
"GarenaPlus"="d:\program files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe" [2013-09-05 9846576]
"uTorrent"="c:\documents and settings\Dela Cruz\Application Data\uTorrent\uTorrent.exe" [2013-09-14 1130576]
"F.lux"="c:\documents and settings\Dela Cruz\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Steam"="d:\program files\Don't Starve\bin_alt\steam.exe" [2013-09-06 1811368]
"ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff"="c:\program files\Conduit\CT3310511\plugins\TBVerifier.dll" [1618-10-20 287008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 25088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2013-06-19 91520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-08-30 108392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-08-30 15512424]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-12-09 336992]
.
c:\documents and settings\Dela Cruz\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCdownloader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NCdownloader.lnk
backup=c:\windows\pss\NCdownloader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dela Cruz^Start Menu^Programs^Startup^Nettalk.lnk]
path=c:\documents and settings\Dela Cruz\Start Menu\Programs\Startup\Nettalk.lnk
backup=c:\windows\pss\Nettalk.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dela Cruz^Start Menu^Programs^Startup^Rainmeter.lnk]
path=c:\documents and settings\Dela Cruz\Start Menu\Programs\Startup\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Partner]
c:\program files\pocketwifi\pocketwifi [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aeria Ignite]
2013-04-26 00:52 1919000 ----a-w- c:\program files\Aeria Games\Ignite\aeriaignite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-19 21:40 5594880 ----a-w- c:\documents and settings\Dela Cruz\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 12:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2013-06-19 22:01 52616 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelReg]
2013-06-19 22:32 196608 ----a-w- c:\program files\MSI\DualCoreCenter\DelReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-06-19 21:40 138096 ----atw- c:\documents and settings\Dela Cruz\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2013-06-19 22:21 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iFunBoxConnector]
2013-06-19 22:22 812544 ----a-w- c:\program files\i-Funbox DevTeam\ifb_conn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-06-19 22:24 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-03-28 09:32 1511792 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-06-19 22:40 310640 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
2013-06-19 22:33 498176 ----a-w- c:\program files\MSI\Live Update 3\LMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 12:49 6591800 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2013-06-19 22:36 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-12-09 09:51 336992 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-07-25 00:58 20684656 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 01:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2013-06-19 22:44 2158592 ----a-w- c:\program files\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-06-20 00:24 805208 ----a-w- d:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC10Player]
2011-10-19 04:13 411976 ----a-w- c:\program files\Virtual CD v10\System\VC10Play.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SkypeUpdate"=2 (0x2)
"Skype C2C Service"=2 (0x2)
"HssWd"=2 (0x2)
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"hshld"=2 (0x2)
"ekrn"=2 (0x2)
"Smart Bro. RunOuc"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"Microsoft SharePoint Workspace Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"HWDeviceService.exe"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BBUpdate"=3 (0x3)
"BBSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
"VC10SecS"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WsysSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Dela Cruz\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\Apps\\LoLPH\\Air\\LolClient.exe"= d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\Apps\\LoLPH\\Air\\LOLClient.exe
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\Apps\\LoLPH\\Game\\League of Legends.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\GarenaMessenger.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\UpdateManager.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\bbtalk\\BBTalk.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Avatar Star\\AvatarStar.exe"=
"d:\\Avatar Star\\client.exe"=
"d:\\Avatar Star\\LoginUpdate\\AvatarStar.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\UpdateEx.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Documents and Settings\\Dela Cruz\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\bbtalk\\GarenaTalkOverlay.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceHelper.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\LoLPHLauncher.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\ggdllhost.exe"=
"c:\\Documents and Settings\\Dela Cruz\\Application Data\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"57552:TCP"= 57552:TCP:Pando Media Booster
"57552:UDP"= 57552:UDP:Pando Media Booster
"6927:TCP"= 6927:TCP:League of Legends Launcher
"6927:UDP"= 6927:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"6931:TCP"= 6931:TCP:League of Legends Launcher
"6931:UDP"= 6931:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher
"6897:TCP"= 6897:TCP:League of Legends Launcher
"6897:UDP"= 6897:UDP:League of Legends Launcher
"6949:TCP"= 6949:TCP:League of Legends Launcher
"6949:UDP"= 6949:UDP:League of Legends Launcher
"6945:TCP"= 6945:TCP:League of Legends Launcher
"6945:UDP"= 6945:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6978:TCP"= 6978:TCP:League of Legends Launcher
"6978:UDP"= 6978:UDP:League of Legends Launcher
"6979:TCP"= 6979:TCP:League of Legends Launcher
"6979:UDP"= 6979:UDP:League of Legends Launcher
"6962:TCP"= 6962:TCP:League of Legends Launcher
"6962:UDP"= 6962:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
"6929:TCP"= 6929:TCP:League of Legends Launcher
"6929:UDP"= 6929:UDP:League of Legends Launcher
"6993:TCP"= 6993:TCP:League of Legends Launcher
"6993:UDP"= 6993:UDP:League of Legends Launcher
"6939:TCP"= 6939:TCP:League of Legends Launcher
"6939:UDP"= 6939:UDP:League of Legends Launcher
"6921:TCP"= 6921:TCP:League of Legends Launcher
"6921:UDP"= 6921:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6893:TCP"= 6893:TCP:League of Legends Launcher
"6893:UDP"= 6893:UDP:League of Legends Launcher
"6954:TCP"= 6954:TCP:League of Legends Launcher
"6954:UDP"= 6954:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"6919:TCP"= 6919:TCP:League of Legends Launcher
"6919:UDP"= 6919:UDP:League of Legends Launcher
"6888:TCP"= 6888:TCP:League of Legends Launcher
"6888:UDP"= 6888:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"6900:TCP"= 6900:TCP:League of Legends Launcher
"6900:UDP"= 6900:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"6894:TCP"= 6894:TCP:League of Legends Launcher
"6894:UDP"= 6894:UDP:League of Legends Launcher
"6899:TCP"= 6899:TCP:League of Legends Launcher
"6899:UDP"= 6899:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"6905:TCP"= 6905:TCP:League of Legends Launcher
"6905:UDP"= 6905:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6947:TCP"= 6947:TCP:League of Legends Launcher
"6947:UDP"= 6947:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6930:TCP"= 6930:TCP:League of Legends Launcher
"6930:UDP"= 6930:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6904:TCP"= 6904:TCP:League of Legends Launcher
"6904:UDP"= 6904:UDP:League of Legends Launcher
"6969:TCP"= 6969:TCP:League of Legends Launcher
"6969:UDP"= 6969:UDP:League of Legends Launcher
"6983:TCP"= 6983:TCP:League of Legends Launcher
"6983:UDP"= 6983:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6974:TCP"= 6974:TCP:League of Legends Launcher
"6974:UDP"= 6974:UDP:League of Legends Launcher
"6973:TCP"= 6973:TCP:League of Legends Launcher
"6973:UDP"= 6973:UDP:League of Legends Launcher
"6981:TCP"= 6981:TCP:League of Legends Launcher
"6981:UDP"= 6981:UDP:League of Legends Launcher
"6987:TCP"= 6987:TCP:League of Legends Launcher
"6987:UDP"= 6987:UDP:League of Legends Launcher
"2151:TCP"= 2151:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
.
R0 diskpt;diskpt;c:\windows\system32\drivers\diskpt.sys [6/5/2012 2:20 PM 204384]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1/9/2013 9:18 PM 112480]
R1 vdrv1000;vdrv1000;c:\windows\system32\drivers\vdrv1000.sys [1/3/2013 5:01 PM 186392]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [7/3/2013 4:32 PM 1228504]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [7/3/2013 4:32 PM 660184]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [4/3/2013 9:41 PM 73216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [7/3/2013 4:32 PM 16024]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [12/29/2012 4:23 PM 27136]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:56 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/14/2013 1:28 PM 1691480]
S3 apf003;apf003;c:\windows\system32\apf003.sys [4/21/2013 3:04 PM 13232]
S3 cpuz134;cpuz134;\??\c:\docume~1\DELACR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\DELACR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [4/4/2013 2:34 AM 83864]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [1/1/2002 3:28 AM 20032]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [4/3/2013 9:41 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [4/3/2013 9:41 PM 235392]
S3 GGSAFERDriver;GGSAFER Driver;d:\program files\GarenaLoLPH_Launcher\GameData\Room\safedrv.sys [12/6/2012 1:13 AM 22112]
S3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [1/3/2013 5:01 PM 13952]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [1/11/2012 2:11 PM 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2/22/2012 6:34 PM 22400]
S3 nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys --> c:\windows\system32\DRIVERS\nbdrv.sys [?]
S3 nbdrvMP;nbdrvMP;c:\windows\system32\DRIVERS\nbdrv.sys --> c:\windows\system32\DRIVERS\nbdrv.sys [?]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [4/4/2013 2:34 AM 181784]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [12/31/2012 10:46 PM 759192]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe --> c:\program files\Hotspot Shield\bin\openvpnas.exe [?]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S4 HWDeviceService.exe;HWDeviceService.exe;"c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe" -/service --> c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [?]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/25/2013 8:52 AM 162672]
S4 Smart Bro. RunOuc;Smart Bro. OUC;c:\program files\Smart Bro\UpdateDog\ouc.exe [4/3/2013 9:41 PM 246112]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
S4 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [1/3/2013 5:00 PM 144712]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-16 18:37 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 04:33]
.
2013-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003Core.job
- c:\documents and settings\Dela Cruz\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-08 21:40]
.
2013-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003UA.job
- c:\documents and settings\Dela Cruz\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-08 21:40]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-30 15:45]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-30 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN29312802633139418&UM=2&SearchSource=3&q={searchTerms}
FF - ExtSQL: 2013-08-25 21:14; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-09-13 22:14; [email protected]; c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]
FF - ExtSQL: 2013-09-16 01:17; {7e8a1050-cf67-4575-92df-dcc60e7d952d}; c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
FF - ExtSQL: 2013-09-17 12:25; [email protected]; c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{e3600b2b-4c86-4697-96bc-74d4d209f6bc} - (no file)
WebBrowser-{E3600B2B-4C86-4697-96BC-74D4D209F6BC} - (no file)
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-Google Update - c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-ManyCam - c:\program files\ManyCam\Bin\ManyCam.exe
MSConfigStartUp-razorp - c:\documents and settings\Dela Cruz\Application Data/Windows/razorp.exe
MSConfigStartUp-Shadow Defender Daemon - c:\program files\Shadow Defender\DefenderDaemon.exe
AddRemove-Dungeons of Dredmor incl. all DLC 1.1.2 - c:\program files\Gaslamp Games
AddRemove-File Splitter and Joiner_is1 - c:\windows\unins000.exe
AddRemove-HoN - c:\program files\GarenaHoN\uninst.exe
AddRemove-HotspotShield - c:\program files\Hotspot Shield\Uninstall.exe
AddRemove-LoLPH - d:\program files\GarenaLoLPH\uninst.exe
AddRemove-{081C46AD-3B78-84C9-D748-65453338C6D7} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{A292D~1\Setup.exe
AddRemove-{8E5600D4-5249-FF28-A3BC-F694BADAF0D6} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{0A8B8~1\Setup.exe
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView - c:\program files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX - c:\program files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
AddRemove-YourFileDownloader - c:\program files\YourFileDownloader\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-18 19:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1659004503-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:96,10,66,e9,0f,55,0f,7d,de,0f,dd,8f,a4,03,35,cc,8d,e3,1c,40,50,
   32,5f,77,d9,3b,2c,90,a2,1d,27,be,65,06,43,ca,e7,3e,e4,e8,2a,96,3a,34,d3,ec,\
"rkeysecu"=hex:67,12,67,da,e1,99,35,8b,bb,82,57,c7,5a,ed,83,40
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b9,17,7b,7a,ec,d5,3d,72,22,29,33,c6,e8,82,ca,af,da,2b,14,15,cd,
   6e,02,0a,15,43,1a,ad,1c,83,d5,05,66,b7,4f,50,c3,fe,9c,cf,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e5ab3623-b336-4fd2-bbf6-18ad4639cd65}]
@Denied: (Full) (Everyone)
"Model"=dword:00000056
"Therad"=dword:0000000f
"SpecVersion"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\DHCPCSVC.DLL
c:\windows\system32\msi.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\Rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2013-09-18  19:47:30 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-18 11:47
.
Pre-Run: 2,405,273,600 bytes free
Post-Run: 2,299,617,280 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 06AF9C0999C7FF9D0B19634383AAAC55
8F558EB6672622401DA993E1E865C861


#8 futuristicx

futuristicx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 18 September 2013 - 06:50 AM

Here you go sir marius :)



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 AM

Posted 18 September 2013 - 07:13 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Attached Files


Proud Member of UNITE

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#10 futuristicx

futuristicx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 18 September 2013 - 07:33 AM

ComboFix 13-09-17.01 - Dela Cruz 09/18/2013  20:20:10.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1435 [GMT 8:00]
Running from: c:\documents and settings\Dela Cruz\Desktop\PC FIXER\ComboFix.exe
Command switches used :: c:\documents and settings\Dela Cruz\Desktop\PC FIXER\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Conduit
c:\documents and settings\Dela Cruz\Application Data\SimilarSites
c:\documents and settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\program files\Conduit\Community Alerts\Alert0.dll
c:\program files\Conduit\CT3289075\plugins\TBVerifier.dll
c:\program files\Conduit\CT3310511\plugins\TBVerifier.dll
c:\program files\MyPC Backup
c:\program files\MyPC Backup\DEL_UnRegisterExtensions.exe
c:\program files\SimilarSites
c:\program files\WebConnect
c:\program files\WebConnect\WebConnectBHO.dll
.
.
--------------- FCopy ---------------
.
c:\windows\VistaMizer\old\comres.dll --> c:\windows\system32\comres.dll
c:\windows\VistaMizer\old\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\VistaMizer\old\comctl32.dll --> c:\windows\system32\comctl32.dll
c:\windows\VistaMizer\old\user32.dll --> c:\windows\system32\user32.dll
c:\windows\VistaMizer\old\explorer.exe --> c:\windows\explorer.exe
c:\windows\VistaMizer\old\regedit.exe --> c:\windows\regedit.exe
c:\windows\VistaMizer\old\ole32.dll --> c:\windows\system32\ole32.dll
c:\windows\VistaMizer\old\ctfmon.exe --> c:\windows\system32\ctfmon.exe
c:\windows\VistaMizer\old\hnetcfg.dll --> c:\windows\system32\hnetcfg.dll
c:\windows\VistaMizer\old\ntkrnlpa.exe --> c:\windows\system32\ntkrnlpa.exe
c:\windows\VistaMizer\old\ntoskrnl.exe --> c:\windows\system32\ntoskrnl.exe
.
(((((((((((((((((((((((((   Files Created from 2013-08-18 to 2013-09-18  )))))))))))))))))))))))))))))))
.
.
2013-09-17 05:00 . 2013-09-17 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-17 04:38 . 2013-09-17 04:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-17 04:38 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-16 13:46 . 2013-09-16 13:46 -------- d-----w- c:\program files\ERUNT
2013-09-16 04:04 . 2013-09-16 04:04 -------- d-----w- c:\program files\Alcohol Soft
2013-09-16 04:00 . 2013-09-17 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\eSafe
2013-09-16 04:00 . 2013-09-16 04:00 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-15 17:42 . 2013-09-15 17:42 -------- d-----w- c:\documents and settings\Dela Cruz\Application Data\asoftech
2013-09-15 17:31 . 2013-09-15 17:31 159876 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2013-09-15 17:31 . 2002-08-05 02:46 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2013-09-15 17:31 . 2002-08-01 19:10 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2013-09-15 17:31 . 2002-08-01 18:20 634880 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2013-09-15 17:31 . 2002-08-01 18:20 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2013-09-15 17:31 . 2002-08-01 18:20 151552 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2013-09-15 17:31 . 2013-09-15 17:31 270468 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2013-09-15 17:15 . 2013-09-16 02:16 -------- d-----w- c:\windows\system32\WNLT
2013-09-15 17:14 . 2013-09-15 17:14 -------- d-----w- c:\program files\Common Files\Java
2013-09-15 17:12 . 2013-09-15 17:12 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-15 17:12 . 2013-09-15 17:12 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-15 17:06 . 2013-09-15 17:08 -------- d-----w- c:\documents and settings\Dela Cruz\Application Data\.minecraft
2013-09-15 15:07 . 2013-09-15 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Tunngle
2013-09-15 09:03 . 2013-09-15 09:03 -------- d-----w- c:\documents and settings\Dela Cruz\Local Settings\Application Data\Rockstar Games
2013-09-15 07:14 . 2013-09-15 16:42 -------- d-----w- c:\program files\Common Files\Steam
2013-09-15 02:29 . 2013-09-15 10:39 -------- d-----w- c:\program files\Sacred Citadel
2013-09-14 14:57 . 2013-09-15 17:18 -------- d-----w- c:\documents and settings\Dela Cruz\Local Settings\Application Data\CRE
2013-09-14 02:25 . 2013-09-14 02:25 -------- d-----w- c:\program files\Ubisoft
2013-09-13 07:32 . 2013-09-13 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Cateia Games
2013-09-13 02:37 . 2013-09-16 02:16 -------- d-----w- c:\program files\ss helper
2013-09-13 02:37 . 2013-09-16 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2013-09-12 11:45 . 2013-09-12 12:02 -------- d-----w- c:\documents and settings\Dela Cruz\Zomboid
2013-09-11 07:43 . 2013-09-11 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SeriousBit
2013-09-10 10:46 . 2005-04-03 15:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-09-10 10:46 . 2005-04-03 15:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-09-10 10:46 . 2005-04-03 15:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-09-10 10:46 . 2005-04-03 15:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-09-10 10:46 . 2005-04-03 14:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-09-10 10:46 . 2013-09-10 10:46 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-09-10 10:46 . 2013-09-10 10:46 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-09-10 10:42 . 2002-12-05 06:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-09-10 10:42 . 2002-12-05 06:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-09-10 10:42 . 2002-12-02 07:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-09-10 10:42 . 2002-12-02 05:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-09-10 10:42 . 2002-12-02 05:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-09-10 10:42 . 2013-09-10 10:42 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-09-10 10:42 . 2013-09-10 10:42 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-09-09 08:07 . 2013-09-09 09:44 -------- d-----w- c:\documents and settings\Dela Cruz\Application Data\TEdit
2013-09-08 07:12 . 2013-09-08 07:12 -------- d-----w- c:\program files\TEdit
2013-09-04 09:18 . 2013-09-04 09:18 -------- d-----w- c:\program files\Terraria
2013-09-02 09:32 . 2013-09-02 09:32 -------- d-----w- c:\program files\Electronic Arts
2013-09-02 09:24 . 2013-09-02 09:45 -------- d-----w- c:\documents and settings\Dela Cruz\Application Data\SPORE
2013-09-02 09:23 . 2013-09-02 09:23 -------- d--h--r- c:\documents and settings\Dela Cruz\Application Data\SecuROM
2013-09-02 09:23 . 2013-09-02 09:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-09-01 12:58 . 2013-09-01 12:58 -------- d-----w- c:\program files\Microsoft XNA
2013-08-31 10:49 . 2013-08-31 10:49 -------- d-----w- c:\documents and settings\Dela Cruz\minecraft
2013-08-25 13:13 . 2013-08-25 13:14 -------- d-----r- c:\program files\Skype
2013-08-25 13:13 . 2013-08-25 13:13 -------- d-----w- c:\program files\Common Files\Skype
2013-08-25 12:55 . 2013-09-01 08:21 -------- d-----w- C:\Documents
2013-08-20 03:23 . 2013-08-20 03:23 -------- d-----w- C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 17:12 . 2012-09-21 06:46 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-15 17:12 . 2012-09-21 06:46 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-15 04:33 . 2012-06-05 06:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 04:33 . 2012-06-05 06:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-03 08:32 . 2013-07-03 08:32 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 08:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 08:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 08:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 08:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 08:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-06-19 3540416]
"GarenaPlus"="d:\program files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe" [2013-09-05 9846576]
"uTorrent"="c:\documents and settings\Dela Cruz\Application Data\uTorrent\uTorrent.exe" [2013-09-14 1130576]
"F.lux"="c:\documents and settings\Dela Cruz\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Steam"="d:\program files\Don't Starve\bin_alt\steam.exe" [2013-09-06 1811368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2013-06-19 91520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-08-30 108392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-08-30 15512424]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-12-09 336992]
.
c:\documents and settings\Dela Cruz\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCdownloader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NCdownloader.lnk
backup=c:\windows\pss\NCdownloader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dela Cruz^Start Menu^Programs^Startup^Nettalk.lnk]
path=c:\documents and settings\Dela Cruz\Start Menu\Programs\Startup\Nettalk.lnk
backup=c:\windows\pss\Nettalk.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dela Cruz^Start Menu^Programs^Startup^Rainmeter.lnk]
path=c:\documents and settings\Dela Cruz\Start Menu\Programs\Startup\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Partner]
c:\program files\pocketwifi\pocketwifi [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aeria Ignite]
2013-04-26 00:52 1919000 ----a-w- c:\program files\Aeria Games\Ignite\aeriaignite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-19 21:40 5594880 ----a-w- c:\documents and settings\Dela Cruz\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 12:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2013-06-19 22:01 52616 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelReg]
2013-06-19 22:32 196608 ----a-w- c:\program files\MSI\DualCoreCenter\DelReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-06-19 21:40 138096 ----atw- c:\documents and settings\Dela Cruz\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2013-06-19 22:21 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iFunBoxConnector]
2013-06-19 22:22 812544 ----a-w- c:\program files\i-Funbox DevTeam\ifb_conn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-06-19 22:24 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-03-28 09:32 1511792 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-06-19 22:40 310640 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
2013-06-19 22:33 498176 ----a-w- c:\program files\MSI\Live Update 3\LMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 12:49 6591800 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2013-06-19 22:36 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-12-09 09:51 336992 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-07-25 00:58 20684656 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 01:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2013-06-19 22:44 2158592 ----a-w- c:\program files\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-06-20 00:24 805208 ----a-w- d:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC10Player]
2011-10-19 04:13 411976 ----a-w- c:\program files\Virtual CD v10\System\VC10Play.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SkypeUpdate"=2 (0x2)
"Skype C2C Service"=2 (0x2)
"HssWd"=2 (0x2)
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"hshld"=2 (0x2)
"ekrn"=2 (0x2)
"Smart Bro. RunOuc"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"Microsoft SharePoint Workspace Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"HWDeviceService.exe"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BBUpdate"=3 (0x3)
"BBSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
"VC10SecS"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WsysSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Dela Cruz\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\Apps\\LoLPH\\Air\\LolClient.exe"= d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\Apps\\LoLPH\\Air\\LOLClient.exe
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\Apps\\LoLPH\\Game\\League of Legends.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\GarenaMessenger.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\UpdateManager.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\bbtalk\\BBTalk.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Avatar Star\\AvatarStar.exe"=
"d:\\Avatar Star\\client.exe"=
"d:\\Avatar Star\\LoginUpdate\\AvatarStar.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\UpdateEx.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Documents and Settings\\Dela Cruz\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\bbtalk\\GarenaTalkOverlay.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceHelper.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\LoLPHLauncher.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"d:\\Program Files\\GarenaLoLPH_Launcher\\GameData\\ggdllhost.exe"=
"c:\\Documents and Settings\\Dela Cruz\\Application Data\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"57552:TCP"= 57552:TCP:Pando Media Booster
"57552:UDP"= 57552:UDP:Pando Media Booster
"6927:TCP"= 6927:TCP:League of Legends Launcher
"6927:UDP"= 6927:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"6931:TCP"= 6931:TCP:League of Legends Launcher
"6931:UDP"= 6931:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher
"6897:TCP"= 6897:TCP:League of Legends Launcher
"6897:UDP"= 6897:UDP:League of Legends Launcher
"6949:TCP"= 6949:TCP:League of Legends Launcher
"6949:UDP"= 6949:UDP:League of Legends Launcher
"6945:TCP"= 6945:TCP:League of Legends Launcher
"6945:UDP"= 6945:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6978:TCP"= 6978:TCP:League of Legends Launcher
"6978:UDP"= 6978:UDP:League of Legends Launcher
"6979:TCP"= 6979:TCP:League of Legends Launcher
"6979:UDP"= 6979:UDP:League of Legends Launcher
"6962:TCP"= 6962:TCP:League of Legends Launcher
"6962:UDP"= 6962:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
"6929:TCP"= 6929:TCP:League of Legends Launcher
"6929:UDP"= 6929:UDP:League of Legends Launcher
"6993:TCP"= 6993:TCP:League of Legends Launcher
"6993:UDP"= 6993:UDP:League of Legends Launcher
"6939:TCP"= 6939:TCP:League of Legends Launcher
"6939:UDP"= 6939:UDP:League of Legends Launcher
"6921:TCP"= 6921:TCP:League of Legends Launcher
"6921:UDP"= 6921:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6893:TCP"= 6893:TCP:League of Legends Launcher
"6893:UDP"= 6893:UDP:League of Legends Launcher
"6954:TCP"= 6954:TCP:League of Legends Launcher
"6954:UDP"= 6954:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"6919:TCP"= 6919:TCP:League of Legends Launcher
"6919:UDP"= 6919:UDP:League of Legends Launcher
"6888:TCP"= 6888:TCP:League of Legends Launcher
"6888:UDP"= 6888:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"6900:TCP"= 6900:TCP:League of Legends Launcher
"6900:UDP"= 6900:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"6894:TCP"= 6894:TCP:League of Legends Launcher
"6894:UDP"= 6894:UDP:League of Legends Launcher
"6899:TCP"= 6899:TCP:League of Legends Launcher
"6899:UDP"= 6899:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"6905:TCP"= 6905:TCP:League of Legends Launcher
"6905:UDP"= 6905:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6947:TCP"= 6947:TCP:League of Legends Launcher
"6947:UDP"= 6947:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6930:TCP"= 6930:TCP:League of Legends Launcher
"6930:UDP"= 6930:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6904:TCP"= 6904:TCP:League of Legends Launcher
"6904:UDP"= 6904:UDP:League of Legends Launcher
"6969:TCP"= 6969:TCP:League of Legends Launcher
"6969:UDP"= 6969:UDP:League of Legends Launcher
"6983:TCP"= 6983:TCP:League of Legends Launcher
"6983:UDP"= 6983:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6974:TCP"= 6974:TCP:League of Legends Launcher
"6974:UDP"= 6974:UDP:League of Legends Launcher
"6973:TCP"= 6973:TCP:League of Legends Launcher
"6973:UDP"= 6973:UDP:League of Legends Launcher
"6981:TCP"= 6981:TCP:League of Legends Launcher
"6981:UDP"= 6981:UDP:League of Legends Launcher
"6987:TCP"= 6987:TCP:League of Legends Launcher
"6987:UDP"= 6987:UDP:League of Legends Launcher
"2151:TCP"= 2151:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
.
R0 diskpt;diskpt;c:\windows\system32\drivers\diskpt.sys [6/5/2012 2:20 PM 204384]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1/9/2013 9:18 PM 112480]
R1 vdrv1000;vdrv1000;c:\windows\system32\drivers\vdrv1000.sys [1/3/2013 5:01 PM 186392]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [7/3/2013 4:32 PM 1228504]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [7/3/2013 4:32 PM 660184]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [4/3/2013 9:41 PM 73216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [7/3/2013 4:32 PM 16024]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [12/29/2012 4:23 PM 27136]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:56 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/14/2013 1:28 PM 1691480]
S3 apf003;apf003;c:\windows\system32\apf003.sys [4/21/2013 3:04 PM 13232]
S3 cpuz134;cpuz134;\??\c:\docume~1\DELACR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\DELACR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [4/4/2013 2:34 AM 83864]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [1/1/2002 3:28 AM 20032]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [4/3/2013 9:41 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [4/3/2013 9:41 PM 235392]
S3 GGSAFERDriver;GGSAFER Driver;d:\program files\GarenaLoLPH_Launcher\GameData\Room\safedrv.sys [12/6/2012 1:13 AM 22112]
S3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [1/3/2013 5:01 PM 13952]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [1/11/2012 2:11 PM 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2/22/2012 6:34 PM 22400]
S3 nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys --> c:\windows\system32\DRIVERS\nbdrv.sys [?]
S3 nbdrvMP;nbdrvMP;c:\windows\system32\DRIVERS\nbdrv.sys --> c:\windows\system32\DRIVERS\nbdrv.sys [?]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [4/4/2013 2:34 AM 181784]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [12/31/2012 10:46 PM 759192]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe --> c:\program files\Hotspot Shield\bin\openvpnas.exe [?]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S4 HWDeviceService.exe;HWDeviceService.exe;"c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe" -/service --> c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [?]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/25/2013 8:52 AM 162672]
S4 Smart Bro. RunOuc;Smart Bro. OUC;c:\program files\Smart Bro\UpdateDog\ouc.exe [4/3/2013 9:41 PM 246112]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
S4 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [1/3/2013 5:00 PM 144712]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-16 18:37 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 04:33]
.
2013-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003Core.job
- c:\documents and settings\Dela Cruz\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-08 21:40]
.
2013-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003UA.job
- c:\documents and settings\Dela Cruz\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-08 21:40]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-30 15:45]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-30 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\
FF - ExtSQL: 2013-08-25 21:14; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-09-13 22:14; [email protected]; c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]
FF - ExtSQL: 2013-09-16 01:17; {7e8a1050-cf67-4575-92df-dcc60e7d952d}; c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
FF - ExtSQL: 2013-09-17 12:25; [email protected]; c:\documents and settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-18 20:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1659004503-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:96,10,66,e9,0f,55,0f,7d,de,0f,dd,8f,a4,03,35,cc,8d,e3,1c,40,50,
   32,5f,77,d9,3b,2c,90,a2,1d,27,be,65,06,43,ca,e7,3e,e4,e8,2a,96,3a,34,d3,ec,\
"rkeysecu"=hex:67,12,67,da,e1,99,35,8b,bb,82,57,c7,5a,ed,83,40
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
.
Completion time: 2013-09-18  20:28:17
ComboFix-quarantined-files.txt  2013-09-18 12:28
ComboFix2.txt  2013-09-18 11:47
.
Pre-Run: 2,238,820,352 bytes free
Post-Run: 2,175,623,168 bytes free
.
- - End Of File - - 4D564172B0D12DCF9EC2BCF6F50306EB
8F558EB6672622401DA993E1E865C861
 

 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 AM

Posted 18 September 2013 - 08:11 AM

OK, then proceed with Malwarebytes Antimalware.


Proud Member of UNITE

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#12 futuristicx

futuristicx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 18 September 2013 - 08:33 AM

sorry for the delay :)

2 hours and still scanning -.- hehe

Edited by futuristicx, 18 September 2013 - 09:36 AM.


#13 futuristicx

futuristicx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 18 September 2013 - 04:42 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.18.07
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dela Cruz :: DELACRUZ [administrator]
 
9/18/2013 8:36:37 PM
mbam-log-2013-09-18 (20-36-37).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 411724
Time elapsed: 3 hour(s), 23 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Hacktool.Crk) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 11
C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Conduit\CT2718116\www.GTAViceCity.ruAutoUpdaterHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\setup.zip (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\PhotoScape_V3.6.5.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\WebConnect\WebConnectBHO.dll.vir (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ctfmon.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E9D078C6-EE17-4E6C-B442-F4D5F5F78C51}\RP207\A0211569.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E9D078C6-EE17-4E6C-B442-F4D5F5F78C51}\RP207\A0211584.dll (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04162013_224254\C_Documents and Settings\All Users\Application Data\BRowsE2soave\uninstall.exe (PUP.Optional.SilentInstall.A) -> Quarantined and deleted successfully.
D:\starcraft\SETUP.EXE (Hacktool.Crk) -> Quarantined and deleted successfully.
D:\DOwnloads\SMF\Daemon Tools Lite.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
(end)
 

Sorry for the delay sir marius :) Good morning :)



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 AM

Posted 19 September 2013 - 02:49 AM

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#15 futuristicx

futuristicx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 19 September 2013 - 05:47 AM

Farbar Service Scanner Version: 13-09-2013
Ran by Dela Cruz (administrator) on 19-09-2013 at 18:46:55
Running from "C:\Documents and Settings\Dela Cruz\Desktop\PC FIXER"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0D0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B0000000C0000000D000000
IpSec Tag value is correct.
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users