BleepingComputer.com: Windows 7 virus + Redirect

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Windows 7 virus + Redirect Need help removing

#1 User is offline   Dalruin 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 19-December 11

Posted 26 December 2011 - 07:15 PM

About a week ago a message popped up on my screen and began to spam me telling me there were bad sectors on my harddrive and to fix it tried to download some bogus junk. I declined all this and immediately ran combofix and malwarebytes which seemed to remove that portion, but now I have some redirect thing that makes browsing the web difficult and annoying. I was wondering if anyone could help me remove this. Windows will not allow me to turn on a fire wall, I get an error code 0x80070424.

I ran the DDS scan and the GMER scan but GMER would only allow me to scan for services,registry,files, and C:. GMER also states that nothing has been changed after it finishes the scan and lists nothing...

Here is my DDS log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Tim at 17:51:21 on 2011-12-26
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6135.4010 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
E:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Tim\AppData\Local\Apps\2.0\5KOOB5VX.5DB\RJQG5K1E.RVH\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HttpWatch Basic: {f1f69322-008f-4895-b2bf-ad194219825a} - C:\Program Files (x86)\HttpWatch\httpwatchsc.dll
EB: HttpWatch Basic: {2b4c4770-27fd-4a09-b17d-33ca580965fb} - C:\Program Files (x86)\HttpWatch\httpwatch.dll
uRun: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
uRun: [Steam] "E:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [EADM] "E:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HttpWatch_RegIEPlugin] C:\Program Files (x86)\HttpWatch\regieplugin.exe
StartupFolder: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Tim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\ERROR\ImpulseNow.exe
StartupFolder: C:\Users\Tim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: HttpWatch Basic - C:\Program Files (x86)\HttpWatch\httpwatch.dll/1351
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {D103E85B-5D67-42c1-8C83-F01079DBAB26} - {2B4C4770-27FD-4A09-B17D-33CA580965FB} - C:\Program Files (x86)\HttpWatch\httpwatch.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DD676C85-F3A6-4B86-A67B-A6E275273672} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HttpWatch Basic: {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files (x86)\HttpWatch\httpwatchsc.dll
BHO-X64: HttpWatch Basic - No File
EB-X64: {2B4C4770-27FD-4A09-B17D-33CA580965FB} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HttpWatch_RegIEPlugin] C:\Program Files (x86)\HttpWatch\regieplugin.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qna3vwre.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\HttpWatch\Firefox\components\nphttpwatchff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-5 151552]
R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-4-8 24635]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-22 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-20 19:15:20 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-19 05:33:47 -------- d-----w- C:\Program Files (x86)\HttpWatch
2011-12-19 03:20:26 -------- d-----w- C:\ComboFix
2011-12-15 03:06:41 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 03:06:41 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 03:06:41 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 03:06:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 03:06:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-10 19:24:01 -------- d-----w- C:\ProgramData\CCP
2011-12-10 19:23:54 -------- d-----w- C:\Users\Tim\AppData\Local\CCP
2011-12-10 05:03:54 -------- d-----w- C:\Users\Tim\AppData\Local\FalloutNV
2011-12-09 04:37:25 -------- d-----w- C:\Users\Tim\AppData\Local\SCE
2011-12-08 07:42:50 -------- d-----w- C:\Users\Tim\AppData\Local\Adobe
2011-12-04 19:58:17 -------- d-----w- C:\Users\Tim\AppData\Local\2K Games
2011-12-04 19:58:16 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-12-04 06:09:50 -------- d-----w- C:\Users\Tim\AppData\Local\Skyrim
2011-12-04 05:53:34 -------- d-----w- C:\Users\Tim\AppData\Local\4A Games
2011-12-04 03:56:20 98816 ----a-w- C:\Windows\sed.exe
2011-12-04 03:56:20 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-04 03:56:20 256000 ----a-w- C:\Windows\PEV.exe
2011-12-04 03:56:20 208896 ----a-w- C:\Windows\MBR.exe
2011-12-04 03:49:19 116224 ----a-w- C:\Windows\SysWow64\CsY4H.com_
2011-12-04 03:48:17 -------- d-----w- C:\Users\Tim\AppData\Roaming\NVIDIA
2011-12-02 22:01:03 -------- d-----w- C:\Users\Tim\AppData\Local\Deployment
2011-12-02 22:01:03 -------- d-----w- C:\Users\Tim\AppData\Local\Apps
2011-12-02 09:55:08 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49F1C694-A4BC-4370-BAD3-B7D786D8AC41}\mpengine.dll
2011-11-30 17:29:45 -------- d-----w- C:\Users\Tim\AppData\Roaming\OpenOffice.org
2011-11-30 17:21:28 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-11-30 17:21:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-28 06:41:45 -------- d-----r- C:\Program Files (x86)\Skype
.
==================== Find3M ====================
.
2011-12-18 20:56:16 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-18 20:56:16 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-17 08:38:10 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-15 07:24:24 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-23 11:30:39 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-15 08:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 17:58:32.81 ===============

Here is my Combofix log
ComboFix 11-12-18.02 - Tim 12/18/2011 21:29:01.2.8 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6135.4975 [GMT -6:00]
Running from: c:\users\Tim\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tim\AppData\Local\MossySkySA
c:\users\Tim\AppData\Local\MossySkySA\bin\2.0.18.0\copyright.txt
c:\users\Tim\AppData\Local\MossySkySA\data\MossySkySA.dat
c:\users\Tim\AppData\Local\MossySkySA\data\MossySkySA_kyf_update.dat
c:\users\Tim\AppData\Local\MossySkySA\data\MossySkySAau.dat
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 04:02 . 2011-12-19 04:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 03:06 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 03:06 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 03:06 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 03:06 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 03:06 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 02:52 . 2011-12-15 03:01 -------- d-----w- c:\program files (x86)\Real
2011-12-10 19:24 . 2011-12-10 19:24 -------- d--h--w- c:\programdata\CCP
2011-12-04 19:58 . 2011-12-04 19:58 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-12-04 03:49 . 2011-12-03 19:29 116224 ----a-w- c:\windows\SysWow64\CsY4H.com_
2011-12-02 09:55 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49F1C694-A4BC-4370-BAD3-B7D786D8AC41}\mpengine.dll
2011-11-30 17:21 . 2011-11-30 17:21 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-11-30 17:21 . 2011-11-30 17:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-30 17:21 . 2011-11-30 17:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-30 17:21 . 2011-11-30 17:21 -------- d-----w- c:\program files (x86)\Java
2011-11-28 06:41 . 2011-11-28 06:42 -------- d-----r- c:\program files (x86)\Skype
2011-11-28 06:41 . 2011-11-28 06:41 -------- d--h--w- c:\programdata\Skype
2011-11-25 12:09 . 2011-11-25 12:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-11-24 15:30 . 2011-11-24 15:30 -------- d-----w- c:\windows\SysWow64\Wat
2011-11-24 15:30 . 2011-11-24 15:30 -------- d-----w- c:\windows\system32\Wat
2011-11-24 11:08 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-11-24 11:08 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-11-24 11:03 . 2009-11-25 20:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-11-24 11:03 . 2009-11-25 20:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-11-24 11:03 . 2009-11-25 20:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-11-24 11:03 . 2009-11-25 20:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-11-24 11:03 . 2009-11-25 20:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-11-24 11:03 . 2009-11-25 20:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-11-24 11:03 . 2009-11-25 20:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-11-24 11:03 . 2009-11-25 20:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-11-24 11:03 . 2009-11-25 20:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-11-24 11:03 . 2009-11-25 20:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-11-24 07:33 . 2011-11-24 07:56 -------- d-----w- c:\program files (x86)\Havoc 1.71
2011-11-23 11:05 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2011-11-23 11:05 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2011-11-23 11:05 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-11-23 11:05 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
2011-11-23 11:05 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-11-23 11:05 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-11-23 11:05 . 2011-02-19 03:37 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-11-23 11:05 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-23 11:05 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-23 11:05 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-11-23 11:05 . 2009-10-19 14:46 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-11-23 11:05 . 2009-10-19 14:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-11-23 09:12 . 2011-12-18 20:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-23 09:11 . 2011-12-19 02:35 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-11-23 09:06 . 2011-11-23 09:06 -------- d--h--w- c:\programdata\EA Core
2011-11-23 05:18 . 2011-11-23 05:18 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-11-23 05:18 . 2011-12-18 20:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-23 05:18 . 2011-12-17 08:38 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-11-23 05:18 . 2011-12-15 07:24 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-23 04:33 . 2011-11-23 09:06 -------- d--h--w- c:\programdata\Electronic Arts
2011-11-23 04:33 . 2011-11-23 09:06 -------- d--h--w- c:\programdata\Origin
2011-11-23 04:33 . 2011-11-23 04:42 -------- d--h--w- c:\program files (x86)\Origin Games
2011-11-23 04:10 . 2011-12-15 18:12 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-11-23 04:08 . 2011-11-23 04:08 -------- d--h--w- c:\programdata\Blizzard Entertainment
2011-11-23 04:03 . 2011-12-19 02:57 -------- d--h--w- c:\users\Tim
2011-11-23 04:03 . 2011-11-23 04:03 -------- d-----w- C:\Recovery
2011-11-23 03:59 . 2011-11-23 03:59 -------- d--h--w- c:\programdata\Stardock
2011-11-23 03:59 . 2011-11-23 03:59 -------- d--h--w- c:\programdata\Gibraltar
2011-11-23 03:34 . 2011-11-23 03:34 -------- d-----w- c:\program files\Ventrilo
2011-11-23 03:34 . 2011-11-23 03:34 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-11-23 03:26 . 2011-12-15 03:04 -------- d--h--w- c:\users\UpdatusUser
2011-11-23 03:05 . 2011-05-25 00:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-23 03:00 . 2011-11-23 11:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 03:00 . 2011-11-23 03:00 -------- d-----w- c:\windows\SysWow64\Macromed
2011-11-23 03:00 . 2011-11-23 03:00 -------- d-----w- c:\windows\system32\Macromed
2011-11-23 02:45 . 2008-11-04 21:12 23096 ----a-w- c:\windows\system32\drivers\MTiCtwl.sys
2011-11-23 02:45 . 2011-11-23 02:45 -------- d-----w- c:\program files\MagicTune Premium
2011-11-23 02:44 . 2011-11-23 02:44 -------- d-----w- c:\program files (x86)\MultiScreen
2011-11-23 02:33 . 2011-11-23 04:03 -------- d-----w- c:\windows\Panther
2011-11-23 02:30 . 2011-11-23 02:30 -------- d-----w- c:\program files (x86)\EVGA Precision
2011-11-23 02:24 . 2010-06-21 22:07 255592 ----a-w- c:\windows\system32\nvcohda6.dll
2011-11-23 02:24 . 2011-11-23 03:15 -------- d-----w- C:\NVIDIA
2011-11-23 02:23 . 2011-12-19 04:04 -------- d--h--w- c:\programdata\NVIDIA
2011-11-23 02:23 . 2011-11-23 03:26 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-11-23 02:23 . 2011-11-23 02:23 -------- d--h--w- c:\programdata\NVIDIA Corporation
2011-11-23 02:23 . 2011-11-23 03:26 -------- d-----w- c:\program files\NVIDIA Corporation
2011-11-23 02:21 . 2011-11-23 02:21 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-11-23 02:19 . 2010-03-31 07:35 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x64.sys
2011-11-23 02:19 . 2011-11-23 02:19 -------- d-----w- c:\program files\EVGA
2011-11-23 02:15 . 2011-11-23 02:15 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-11-23 02:15 . 2011-11-23 02:15 -------- d-----w- c:\program files\Realtek
2011-11-23 02:13 . 2011-11-23 02:13 -------- d-----w- c:\program files (x86)\NEC Electronics
2011-11-23 02:12 . 2011-12-18 20:49 -------- d-sh--w- c:\windows\Installer
2011-11-23 02:11 . 2009-12-19 09:11 314400 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-11-23 02:11 . 2009-12-03 09:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-11-23 02:11 . 2009-12-03 09:27 104480 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-11-23 02:11 . 2011-11-23 02:45 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-11-23 02:10 . 2011-11-23 02:16 -------- d-----w- c:\program files (x86)\Intel
2011-11-23 02:10 . 2009-12-14 04:33 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2011-11-23 02:10 . 2011-11-23 02:10 -------- d-----w- C:\Intel
2011-11-23 02:04 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-11-23 02:04 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-11-23 02:04 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-11-23 02:04 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 08:54 . 2011-10-15 08:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-15 08:53 . 2010-07-10 00:17 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2010-07-10 00:17 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2010-07-10 00:17 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2010-07-10 00:17 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2010-07-10 00:17 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2010-07-09 22:38 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2010-07-09 22:38 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-04_04.03.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-23 11:05 . 2011-08-20 04:35 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-15 04:31 . 2011-11-05 04:34 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-15 04:31 . 2011-11-05 04:32 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-11-23 11:05 . 2011-08-20 04:32 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-12-15 04:31 . 2011-11-05 04:34 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-11-23 11:05 . 2011-08-20 04:35 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-11-23 11:05 . 2011-08-20 04:38 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-12-15 04:31 . 2011-11-05 04:35 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-11-23 11:05 . 2011-08-20 04:35 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-12-15 04:31 . 2011-11-05 04:34 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-12-15 04:31 . 2011-11-05 04:34 48128 c:\windows\SysWOW64\jsproxy.dll
- 2011-11-23 11:05 . 2011-08-20 04:35 48128 c:\windows\SysWOW64\jsproxy.dll
- 2011-12-03 19:10 . 2011-12-04 03:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-03 19:10 . 2011-12-19 03:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2011-12-19 04:04 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-04 04:01 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-03 19:10 . 2011-12-04 03:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-12-03 19:10 . 2011-12-19 03:08 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-11-23 02:17 . 2011-12-19 03:00 21372 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-19 02:37 28126 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-11-23 11:05 . 2011-08-20 05:41 97280 c:\windows\system32\mshtmled.dll
+ 2011-12-15 04:31 . 2011-11-05 05:23 97280 c:\windows\system32\mshtmled.dll
- 2011-11-23 11:05 . 2011-08-20 05:37 12288 c:\windows\system32\msfeedssync.exe
+ 2011-12-15 04:31 . 2011-11-05 05:19 12288 c:\windows\system32\msfeedssync.exe
+ 2011-12-15 04:31 . 2011-11-05 05:23 82944 c:\windows\system32\msfeedsbs.dll
- 2011-11-23 11:05 . 2011-08-20 05:41 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-12-15 04:31 . 2011-11-05 05:26 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2011-11-23 11:05 . 2011-08-20 05:45 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-12-15 04:31 . 2011-11-05 05:23 57856 c:\windows\system32\licmgr10.dll
- 2011-11-23 11:05 . 2011-08-20 05:41 57856 c:\windows\system32\licmgr10.dll
+ 2011-12-15 04:31 . 2011-11-05 05:22 64512 c:\windows\system32\jsproxy.dll
- 2011-11-23 11:05 . 2011-08-20 05:41 64512 c:\windows\system32\jsproxy.dll
- 2009-07-13 23:19 . 2009-07-14 01:40 43520 c:\windows\system32\csrsrv.dll
+ 2011-12-15 04:31 . 2011-10-26 05:19 43520 c:\windows\system32\csrsrv.dll
- 2011-11-23 02:39 . 2011-12-03 18:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-23 02:39 . 2011-12-19 04:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-23 02:39 . 2011-12-03 18:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-23 02:39 . 2011-12-19 04:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-19 04:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-03 18:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-23 04:03 . 2011-12-04 04:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-23 04:03 . 2011-12-19 04:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-12-19 02:50 85688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-19 02:59 . 2011-12-19 04:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-19 02:59 . 2011-12-19 04:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-12-19 02:59 . 2011-12-19 04:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-11-23 04:03 . 2011-12-19 04:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-23 04:03 . 2011-12-04 04:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-23 04:03 . 2011-12-04 04:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-23 04:03 . 2011-12-19 04:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-23 04:03 . 2011-12-19 04:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-23 04:03 . 2011-12-04 04:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-23 04:03 . 2011-12-19 04:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-23 04:03 . 2011-12-04 04:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-18 20:50 . 2011-12-18 20:50 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-11-23 02:10 . 2011-12-19 02:37 4844 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2451475031-710244570-332162562-1001_UserData.bin
+ 2011-12-17 08:34 . 2011-12-17 08:34 9560 c:\windows\system32\NetworkList\Icons\{A1254D12-2D23-4AE8-A920-4C410F3324DF}_48.bin
+ 2011-12-17 08:34 . 2011-12-17 08:34 4280 c:\windows\system32\NetworkList\Icons\{A1254D12-2D23-4AE8-A920-4C410F3324DF}_32.bin
+ 2011-12-17 08:34 . 2011-12-17 08:34 2456 c:\windows\system32\NetworkList\Icons\{A1254D12-2D23-4AE8-A920-4C410F3324DF}_24.bin
+ 2011-12-19 04:04 . 2011-12-19 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-04 04:01 . 2011-12-04 04:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-19 04:04 . 2011-12-19 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-04 04:01 . 2011-12-04 04:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-15 04:31 . 2011-11-05 04:35 981504 c:\windows\SysWOW64\wininet.dll
- 2011-11-23 11:05 . 2011-08-20 04:38 981504 c:\windows\SysWOW64\wininet.dll
+ 2011-12-15 04:31 . 2011-11-05 04:35 132096 c:\windows\SysWOW64\url.dll
- 2011-11-23 11:05 . 2011-08-20 04:38 132096 c:\windows\SysWOW64\url.dll
+ 2011-12-15 04:31 . 2011-11-05 04:34 606208 c:\windows\SysWOW64\mstime.dll
- 2011-11-23 11:05 . 2011-08-20 04:36 606208 c:\windows\SysWOW64\mstime.dll
- 2011-11-23 11:05 . 2011-08-20 04:35 599552 c:\windows\SysWOW64\msfeeds.dll
+ 2011-12-15 04:31 . 2011-11-05 04:34 599552 c:\windows\SysWOW64\msfeeds.dll
+ 2011-12-15 04:31 . 2011-11-11 05:50 176640 c:\windows\SysWOW64\ieui.dll
- 2011-11-23 11:05 . 2011-08-20 04:35 176640 c:\windows\SysWOW64\ieui.dll
- 2011-11-23 11:05 . 2011-08-20 04:35 185856 c:\windows\SysWOW64\iepeers.dll
+ 2011-12-15 04:31 . 2011-11-05 04:34 185856 c:\windows\SysWOW64\iepeers.dll
+ 2011-12-15 04:31 . 2011-11-05 04:33 381440 c:\windows\SysWOW64\iedkcs32.dll
- 2011-11-23 11:05 . 2011-08-20 04:34 381440 c:\windows\SysWOW64\iedkcs32.dll
- 2009-07-14 04:54 . 2011-12-04 04:01 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-19 04:04 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-24 21:11 . 2011-12-18 20:14 268272 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-12-15 04:31 . 2011-11-05 05:26 134144 c:\windows\system32\url.dll
- 2011-11-23 11:05 . 2011-08-20 05:44 134144 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2011-12-04 03:57 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-19 04:09 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-19 04:09 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-04 03:57 103496 c:\windows\system32\perfc009.dat
- 2011-11-23 11:05 . 2011-08-20 05:41 703488 c:\windows\system32\msfeeds.dll
+ 2011-12-15 04:31 . 2011-11-05 05:23 703488 c:\windows\system32\msfeeds.dll
+ 2011-12-15 04:31 . 2011-11-11 06:41 247808 c:\windows\system32\ieui.dll
- 2011-11-23 11:05 . 2011-08-20 05:40 247808 c:\windows\system32\ieui.dll
- 2011-11-23 11:05 . 2011-08-20 05:40 256000 c:\windows\system32\iepeers.dll
+ 2011-12-15 04:31 . 2011-11-05 05:22 256000 c:\windows\system32\iepeers.dll
- 2011-11-23 11:05 . 2011-08-20 05:40 445952 c:\windows\system32\iedkcs32.dll
+ 2011-12-15 04:31 . 2011-11-05 05:22 445952 c:\windows\system32\iedkcs32.dll
+ 2009-07-14 04:45 . 2011-12-15 09:17 292728 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2011-12-01 15:22 292728 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:38 . 2011-11-23 02:34 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2011-12-15 03:01 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:12 . 2011-11-24 21:12 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-12-19 04:22 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-04 04:00 . 2011-12-15 09:16 260160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-12-19 03:14 283212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-04 04:00 283212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-19 02:48 . 2011-12-19 03:16 223744 c:\windows\assembly\temp\kwrd.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-12-04 19:58 . 2011-12-04 19:58 200704 c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll
+ 2011-12-15 04:31 . 2011-11-05 04:35 1230336 c:\windows\SysWOW64\urlmon.dll
- 2011-11-23 11:05 . 2011-08-20 04:38 1230336 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-15 04:31 . 2011-11-05 04:34 5997568 c:\windows\SysWOW64\mshtml.dll
+ 2011-12-15 04:31 . 2011-11-05 04:34 2072576 c:\windows\SysWOW64\iertutil.dll
- 2011-11-23 11:05 . 2011-08-20 04:35 2072576 c:\windows\SysWOW64\iertutil.dll
+ 2009-07-14 04:54 . 2011-12-19 04:04 2949120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-23 11:05 . 2011-08-20 05:45 1197568 c:\windows\system32\wininet.dll
+ 2011-12-15 04:31 . 2011-11-05 05:26 1197568 c:\windows\system32\wininet.dll
- 2011-11-23 11:05 . 2011-08-20 05:44 1501184 c:\windows\system32\urlmon.dll
+ 2011-12-15 04:31 . 2011-11-05 05:26 1501184 c:\windows\system32\urlmon.dll
+ 2011-12-15 04:31 . 2011-11-05 05:23 1026560 c:\windows\system32\mstime.dll
- 2011-11-23 11:05 . 2011-08-20 05:42 1026560 c:\windows\system32\mstime.dll
+ 2011-12-15 04:31 . 2011-11-05 05:23 9332736 c:\windows\system32\mshtml.dll
+ 2011-12-15 04:31 . 2011-11-05 05:22 2458624 c:\windows\system32\iertutil.dll
- 2011-11-23 11:05 . 2011-08-20 05:40 2458624 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2011-12-01 15:24 3897568 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-12-19 02:37 3897568 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-24 15:30 . 2011-12-19 03:14 6980777 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2451475031-710244570-332162562-1001-8192.dat
+ 2006-12-02 13:09 . 2006-12-02 13:09 2818048 c:\windows\Installer\7ccac62.msi
+ 2011-04-16 14:44 . 2011-04-16 14:44 2770944 c:\windows\Installer\6385692.msi
+ 2011-12-18 20:50 . 2011-12-18 20:50 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-04 03:47 . 2011-12-04 03:47 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-18 20:50 . 2011-12-18 20:50 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-11-23 11:05 . 2011-08-20 04:35 10990080 c:\windows\SysWOW64\ieframe.dll
+ 2011-12-15 04:31 . 2011-11-11 05:50 10990080 c:\windows\SysWOW64\ieframe.dll
+ 2009-07-14 02:34 . 2011-12-19 03:11 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-12-03 23:23 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-12-15 04:31 . 2011-11-11 06:41 12370944 c:\windows\system32\ieframe.dll
- 2011-11-23 11:05 . 2011-08-20 05:40 12370944 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiScreen"="c:\program files (x86)\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
"Steam"="e:\program files (x86)\Steam\Steam.exe" [2011-11-23 1242448]
"EADM"="e:\program files (x86)\Origin\Origin.exe" [2011-11-07 28846216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 741376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-12-2 0]
Impulse Now.lnk - c:\error\ImpulseNow.exe [N/A]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-05 151552]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-04-09 24635]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\At10.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At12.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At14.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At16.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At18.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At2.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At20.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At22.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At24.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At26.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At28.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At30.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At32.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At34.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At36.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-19 c:\windows\Tasks\At38.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At4.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-19 c:\windows\Tasks\At40.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-19 c:\windows\Tasks\At42.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At44.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-19 c:\windows\Tasks\At46.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At48.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At6.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
2011-12-18 c:\windows\Tasks\At8.job
- c:\windows\system32\CsY4H.com_ [2011-12-04 19:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneLauncher.exe" [2011-05-27 53760]
"combofix"="c:\combofix\CF189.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qna3vwre.default\
FF - prefs.js: network.proxy.type - 0
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-mkJuKvSjVSH.exe - c:\programdata\mkJuKvSjVSH.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-12-18 22:47:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 04:47
ComboFix2.txt 2011-12-04 04:05
.
Pre-Run: 35,146,596,352 bytes free
Post-Run: 34,762,604,544 bytes free
.
- - End Of File - - B65110A9EA35D8E8DFD9AD97D7D85A49

Attached File(s)


#2 User is offline   HelpBot 

  • Bleepin' Binary Bot
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Bots
  • Posts: 5,607
  • Joined: 05-October 07
  • Gender:Male

Posted 01 January 2012 - 07:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434629 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.

  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.


Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,538
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 04 January 2012 - 02:17 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#4 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,538
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 07 January 2012 - 12:01 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,538
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 10 January 2012 - 12:23 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users