Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove TrojanDownloader:Win32/Adload.DA


  • This topic is locked This topic is locked
41 replies to this topic

#1 tampakc

tampakc

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 25 June 2012 - 04:12 AM

No more than 3 days ago, while I was playing with my computer, my computer just stopped. I don't mean like freezes, it deactivates, like if the power is cut for a second. And, although that's not what I mention in the title, my computer, mentioned that TrojanDownloader:Win32/Adload.DA has stopped my computer from working properly 7 times, and not just that, but once, while I was playing a game and my computer shut down, my save file was lost... If, this has nothing to do with the virus, I would appreciate help with the shutting of thing my computer does. So far it has shut down only while I'm playing games (In full Screen) but, I don't think that proves anything because that's what I do most of the time, so it could be just a coincidence.

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 30 June 2012 - 04:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/458259 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:24 PM

Posted 30 June 2012 - 08:53 PM

Hello tampakc,

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again following the instructions below.

==========

:step1:
I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links.. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results. And attach.txt will be minimized.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

==========

:step2:
I also need a new log from the GMER anti-rootkit Scanner, please also do the following:

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


==========

What I would like to see in your next reply!

  • The DDS log
  • The minimized attach.txt from the DDS scan
  • The GMER log
bloopie

Edited by bloopie, 30 June 2012 - 09:12 PM.


#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:24 PM

Posted 03 July 2012 - 05:31 PM

Hello again,

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, we will be forced to close this topic!

bloopie

#5 tampakc

tampakc
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 03 July 2012 - 08:15 PM

I, um.... have a problem with all three things you want me to post... I can't download any of the DDS files, because the first link only brings a blank "Untitled" page and in the second link, when I choose Descargar = Download, nothing happens. Also, all of the boxes int the GMER window can't be checked or unchecked except for Services, Registry, Files and ADS, I just scanned and posted the results anyway though. Here you go.

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:24 PM

Posted 03 July 2012 - 08:58 PM

Hi again,

That's okay, I can still help! But what about this:

I just scanned and posted the results anyway though. Here you go.

I don't see any of what you posted. Could you please try again? :) Copy the logfile you got, and paste it here please.

Also, what version of Windows are you running? XP, Vista, 7?

bloopie

#7 tampakc

tampakc
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 04 July 2012 - 04:01 AM

I'm sorry but I attached a txt file. Well, I'm running Windows 7 although I don'y have the CD. Anyway, here you go:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-04 03:55:20
Windows 6.1.7601 Service Pack 1
Running: 7sxezu7g.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ε\3Γ\3Ί\3µ\3Ε\3\xae\3 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0ΐ\3Α\3Ώ\3Γ\3Ι\3ΐ\3Ή\3Ί\3Μ\3 \0\x384\3\x2015\3Ί\3Δ\3Ε\3Ώ\3) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?2?3?4?5?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0006\0t\0o\0004 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ώ\3Η\3\xad\3Δ\3µ\3Ε\3Γ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@001f5ca9871c 0xE5 0xFE 0xA4 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@0023f1211c78 0xA0 0x68 0x57 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@0023f105c2b2 0xDB 0xB8 0x08 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@6c0e0d95d01c 0x2E 0x5C 0xE6 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@402ba1d6aa9c 0x17 0x03 0xB4 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@2021a58726e5 0x6C 0x6B 0x06 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@0025e7eafaf1 0x07 0x1B 0x8F 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@00229887abf5 0x88 0x5F 0xE7 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@0021abc48609 0x04 0xEB 0x40 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@6cd68a15b28e 0x16 0x34 0x75 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@001ca4c063cf 0x58 0xF8 0x0D 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@3017c84c56ba 0xBF 0x36 0xEC 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@000d3aa3ad72 0x95 0x1E 0x59 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@3017c8345cd3 0x08 0x33 0x4D 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@00194f40ed08 0x78 0xB9 0x42 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133ea5c9@8400d2d6429f 0x1F 0xDE 0x5B 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x62 0xF2 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0xD0 0x40 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBE 0xF0 0x4D 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x85 0xF8 0x60 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ε\3Γ\3Ί\3µ\3Ε\3\xae\3 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0ΐ\3Α\3Ώ\3Γ\3Ι\3ΐ\3Ή\3Ί\3Μ\3 \0\x384\3\x2015\3Ί\3Δ\3Ε\3Ώ\3) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?2?3?4?5?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0006\0t\0o\0004 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ώ\3Η\3\xad\3Δ\3µ\3Ε\3Γ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@001f5ca9871c 0xE5 0xFE 0xA4 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@0023f1211c78 0xA0 0x68 0x57 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@0023f105c2b2 0xDB 0xB8 0x08 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@6c0e0d95d01c 0x2E 0x5C 0xE6 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@402ba1d6aa9c 0x17 0x03 0xB4 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@2021a58726e5 0x6C 0x6B 0x06 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@0025e7eafaf1 0x07 0x1B 0x8F 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@00229887abf5 0x88 0x5F 0xE7 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@0021abc48609 0x04 0xEB 0x40 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@6cd68a15b28e 0x16 0x34 0x75 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@001ca4c063cf 0x58 0xF8 0x0D 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@3017c84c56ba 0xBF 0x36 0xEC 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@000d3aa3ad72 0x95 0x1E 0x59 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@3017c8345cd3 0x08 0x33 0x4D 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@00194f40ed08 0x78 0xB9 0x42 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133ea5c9@8400d2d6429f 0x1F 0xDE 0x5B 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x62 0xF2 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0xD0 0x40 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBE 0xF0 0x4D 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x85 0xF8 0x60 0xB4 ...
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2990705981\Groups@\x2018\3\xb3\3\xb1\3ΐ\3\xb7\3Ό\3\xad\3\xbd\3\xb1\3 0
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2990705981\Groups@\x2022\3Ί\3Δ\3Μ\3Β\3 \0Γ\3Ν\3\xbd\3\x384\3µ\3Γ\3\xb7\3Β\3 0
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2990705981\Groups@\x9f\3Ό\3\xac\3\x384\3µ\3Β\3 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2990705981\Groups@\x9f\3Ή\3Ί\3Ώ\3\xb3\3\xad\3\xbd\3µ\3Ή\3\xb1\3 0
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2990705981\Groups@\xa6\3\x2015\3\xbb\3Ώ\3Ή\3 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2990705981\Groups@\x2020\3\xbb\3\xbb\3µ\3Β\3 \0µ\3ΐ\3\xb1\3Ζ\3\xad\3Β\3 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2990705981\Groups@\xa3\3Ε\3\xbd\3µ\3Α\3\xb3\3\xac\3Δ\3µ\3Β\3 1

---- EOF - GMER 1.0.15 ----

Is it Bad that this is such a long list?

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:24 PM

Posted 04 July 2012 - 01:19 PM

Hi again,

Is it Bad that this is such a long list?

Not at all! :) You will see some of these long lists during cleanup. Some are much longer than others. These are your logs I will be checking for you. :thumbup2:

But we still need the DDS log posted...

Have you tried to use the first DDS link (.scr)? You can also try right-clicking on either link and select Save Link As...

If you are still unable to download the tool, let's try this first:

==========

Let's try a small tool to help us now:

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, or you will need to run the application again.

==========

Now try again to run the DDS tool from post #3, and post the log that opens.

bloopie

#9 tampakc

tampakc
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 04 July 2012 - 02:49 PM

I managed to do it... Here is the DDS log. Do i still need to do what you told me to do though??
I am also attaching the zipped attach.txt file as requested by the DDS software.

DDS Log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by ΧΡΗΣΤΟΣ at 22:42:30 on 2012-07-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.4087.1565 [GMT 3:00]
.
AV: ESET Smart Security 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Folding@HomeCPU\1\Fah.exe
C:\Folding@HomeCPU\2\Fah.exe
C:\Folding@HomeCPU\3\Fah.exe
C:\Folding@HomeCPU\4\Fah.exe
C:\Folding@HomeCPU\5\Fah.exe
C:\Folding@HomeCPU\3\FahCore_a4.exe
C:\Folding@HomeCPU\4\FahCore_a4.exe
C:\Folding@HomeCPU\5\FahCore_a4.exe
C:\Folding@HomeCPU\7\Fah.exe
C:\Folding@HomeCPU\8\Fah.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Folding@HomeCPU\7\FahCore_a4.exe
C:\Folding@HomeCPU\8\FahCore_a4.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Folding@HomeCPU\1\FahCore_a4.exe
C:\Folding@HomeCPU\2\FahCore_a4.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\WB Games\LEGO® Harry Potter™ 2\LEGOHarry2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\ΧΡΗΣΤΟΣ\Downloads\dds.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=15183
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=el_GR&c=94&bd=Pavilion&pf=cnnb
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=el_GR&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files (x86)\YouTube Downloader Toolbar\SearchSettings.dll
uURLSearchHooks: H - No File
uURLSearchHooks: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll
uURLSearchHooks: H - No File
mURLSearchHooks: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll
mWinlogon: Userinit=userinit.exe
BHO: {027279a5-4f6b-495c-56b6-1fe863142f4f} - Adobe PDF Link Helper
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {258c9770-1713-4021-8d7e-1f184a2bd754} - ShoppingReport2
BHO: Freecause Toolbar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Βοηθός εισόδου του Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files (x86)\YouTube Downloader Toolbar\SearchSettings.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll
TB: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {A34284A7-30D1-40F6-B5FF-ECD7DAC46231} - No File
TB: {707DB484-2428-402D-AFB5-D85B387544C7} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: ShopperReports: {bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Configuring] rundll32.exe C:\Users\4614~1\AppData\Local\Temp\2459184.dll,W
uRun: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
uRun: [Facebook Update] "C:\Users\ΧΡΗΣΤΟΣ\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [SearchSettings] "C:\Program Files (x86)\YouTube Downloader Toolbar\SearchSettings.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [TaskTray]
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&ξαγωγή στο Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\ΧΡΗΣΤΟΣ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Αποστολή εικόνας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Αποστολή σελίδας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - {3E2DFD6A-4E20-4d4c-AA8B-E1F9DBEF3C80} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {EB620C54-E229-4942-87CE-E717109FC8C6} - {714E0876-FCEE-49ce-A429-B9AD8AEFCB56} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/el/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553533700} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.magic-kinder.com/totalimmersion/plugin/DFusionHomeWebPlugIn.Installer.exe
TCP: Interfaces\{189C3D25-F800-41CE-A3A3-C76843F07FDF}\359454D454E435D2434343433334 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189C3D25-F800-41CE-A3A3-C76843F07FDF}\368627963747F637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189C3D25-F800-41CE-A3A3-C76843F07FDF}\4505D2C494E4B4F5649344530363 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{189C3D25-F800-41CE-A3A3-C76843F07FDF}\86F6C602D202E456476416374756250275C414E40233 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{189C3D25-F800-41CE-A3A3-C76843F07FDF}\C696E6B6379737 : DhcpNameServer = 195.170.0.1 195.170.2.2 192.168.1.1
TCP: Interfaces\{189C3D25-F800-41CE-A3A3-C76843F07FDF}\D616279616 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189C3D25-F800-41CE-A3A3-C76843F07FDF}\F44554631633167333 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189C3D25-F800-41CE-A3A3-C76843F07FDF}\F44554933393030363 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7A548B7A-26DE-49F3-A073-21AF74123DF7} : NameServer = 213.249.17.10 213.249.39.29
TCP: Interfaces\{D83FF728-924D-46C3-B952-6B4818C9E3AA} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{027279A5-4F6B-495C-56B6-1FE863142F4F}
{0347C33E-8762-4905-BF09-768834316C61}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{258C9770-1713-4021-8D7E-1F184A2BD754}
{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}
{2EECD738-5844-4a99-B4B6-146BF802613B}
{326E768D-4182-46FD-9C16-1449A49795F4}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
{F3FEE66E-E034-436a-86E4-9690573BEE8A}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{25515A79-C1C7-4B97-97F8-31A711694487}
{F3FEE66E-E034-436a-86E4-9690573BEE8A}
{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
{98889811-442D-49dd-99D7-DC866BE87DBC}
{D4027C7F-154A-4066-A1AD-4243D8127440}
TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {A34284A7-30D1-40F6-B5FF-ECD7DAC46231} - No File
TB-X64: {707DB484-2428-402D-AFB5-D85B387544C7} - No File
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} - No File
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [SearchSettings] "C:\Program Files (x86)\YouTube Downloader Toolbar\SearchSettings.exe"
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [TaskTray]
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [(Ź¨¦œ§ Ά¦šγ)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
SEH-X64: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/06 01:08:58];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-11-6 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-5-14 731840]
R2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 Folding@home-CPU-[1];Folding@home-CPU-[1];C:\Folding@HomeCPU\1\Fah.exe -svcstart -d "C:\Folding@HomeCPU\1" --> C:\Folding@HomeCPU\1\Fah.exe -svcstart -d C:\Folding@HomeCPU\1 [?]
R2 Folding@home-CPU-[2];Folding@home-CPU-[2];C:\Folding@HomeCPU\2\Fah.exe -svcstart -d "C:\Folding@HomeCPU\2" --> C:\Folding@HomeCPU\2\Fah.exe -svcstart -d C:\Folding@HomeCPU\2 [?]
R2 Folding@home-CPU-[3];Folding@home-CPU-[3];C:\Folding@HomeCPU\3\Fah.exe -svcstart -d "C:\Folding@HomeCPU\3" --> C:\Folding@HomeCPU\3\Fah.exe -svcstart -d C:\Folding@HomeCPU\3 [?]
R2 Folding@home-CPU-[4];Folding@home-CPU-[4];C:\Folding@HomeCPU\4\Fah.exe -svcstart -d "C:\Folding@HomeCPU\4" --> C:\Folding@HomeCPU\4\Fah.exe -svcstart -d C:\Folding@HomeCPU\4 [?]
R2 Folding@home-CPU-[5];Folding@home-CPU-[5];C:\Folding@HomeCPU\5\Fah.exe -svcstart -d "C:\Folding@HomeCPU\5" --> C:\Folding@HomeCPU\5\Fah.exe -svcstart -d C:\Folding@HomeCPU\5 [?]
R2 Folding@home-CPU-[7];Folding@home-CPU-[7];C:\Folding@HomeCPU\7\Fah.exe -svcstart -d "C:\Folding@HomeCPU\7" --> C:\Folding@HomeCPU\7\Fah.exe -svcstart -d C:\Folding@HomeCPU\7 [?]
R2 Folding@home-CPU-[8];Folding@home-CPU-[8];C:\Folding@HomeCPU\8\Fah.exe -svcstart -d "C:\Folding@HomeCPU\8" --> C:\Folding@HomeCPU\8\Fah.exe -svcstart -d C:\Folding@HomeCPU\8 [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-9-19 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Folding@home-CPU-[6];Folding@home-CPU-[6];C:\Folding@HomeCPU\6\Fah.exe -svcstart -d "C:\Folding@HomeCPU\6" --> C:\Folding@HomeCPU\6\Fah.exe -svcstart -d C:\Folding@HomeCPU\6 [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-13 136176]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 2348352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-29 250056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2010-10-1 1527900]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 gupdatem;Υπηρεσία Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-13 136176]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys --> C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\system32\DRIVERS\ew_juextctrl.sys --> C:\Windows\system32\DRIVERS\ew_juextctrl.sys [?]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\system32\DRIVERS\ew_juwwanecm.sys --> C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 NETw5s64;Πρόγραμμα οδήγησης προσαρμογέα Intel® Wireless WiFi Link για Windows 7 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-6-27 155344]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2010-9-9 13824]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-04 19:35:36 -------- d-----w- C:\Users\???????\AppData\Local\Microsoft
2012-07-04 09:33:14 -------- d-----w- C:\Users\ΧΡΗΣΤΟΣ\AppData\Roaming\Vso
2012-07-04 09:32:42 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll
2012-07-04 09:32:42 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll
2012-07-04 09:32:42 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll
2012-07-04 09:32:42 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll
2012-07-04 09:32:42 102439 ----a-w- C:\Windows\SysWow64\sipr3260.dll
2012-07-04 09:32:41 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
2012-07-04 09:32:41 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll
2012-07-04 09:32:32 -------- d-----w- C:\Program Files (x86)\VSO
2012-07-04 00:07:19 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7B6E6F30-003C-4DC4-8914-DD09D1306BA3}\mpengine.dll
2012-07-03 11:42:42 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-06-30 10:35:32 -------- d-----w- C:\Program Files (x86)\Game Maker 8 Pro Edition
2012-06-29 22:29:40 -------- d-----w- C:\Users\ΧΡΗΣΤΟΣ\AppData\Roaming\LolClient
2012-06-27 22:41:55 -------- d-----w- C:\Windows\el
2012-06-27 22:37:32 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-06-27 22:33:37 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e4bebb3c1cd54b402\MeshBetaRemover.exe
2012-06-27 22:33:36 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e41552061cd54b401\DSETUP.dll
2012-06-27 22:33:36 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e41552061cd54b401\DXSETUP.exe
2012-06-27 22:33:36 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e41552061cd54b401\dsetup32.dll
2012-06-25 11:03:06 -------- d-----w- C:\Program Files (x86)\Pokedexer
2012-06-25 10:40:36 19456 ----a-w- C:\Windows\SysWow64\libusbd-9x.exe
2012-06-25 10:40:36 18944 ----a-w- C:\Windows\SysWow64\libusbd-nt.exe
2012-06-25 10:40:35 -------- d-----w- C:\Program Files (x86)\LibUSB-Win32-0.1.10.1
2012-06-24 18:04:17 -------- d-----w- C:\Windows\3414A564B87F473397D809744A28C571.TMP
2012-06-23 21:11:36 -------- d-----w- C:\Users\ΧΡΗΣΤΟΣ\AppData\Roaming\WB Games
2012-06-23 20:53:28 -------- d-----w- C:\Program Files (x86)\WB Games
2012-06-21 08:48:20 -------- d-----w- C:\Users\ΧΡΗΣΤΟΣ\AppData\Roaming\PFStaticIP
2012-06-21 07:14:34 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 07:14:09 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 07:13:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 07:13:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 14:19:24 -------- d-----w- C:\Users\ΧΡΗΣΤΟΣ\AppData\Roaming\LolClient2
2012-06-19 13:40:02 -------- d-----w- C:\Riot Games
2012-06-19 10:50:48 -------- d-----w- C:\ProgramData\PMB Files
2012-06-19 10:50:02 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-06-15 17:15:11 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-15 17:15:08 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-15 17:15:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-15 17:15:07 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-15 17:15:06 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-15 17:15:05 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-15 10:46:44 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-15 10:46:31 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-15 10:46:25 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-15 08:31:52 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-15 08:31:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-14 17:28:01 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 17:28:01 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 17:28:00 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 16:43:51 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-14 16:38:48 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 13:58:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-09 21:02:32 -------- d-sh--w- C:\found.000
2012-06-07 09:27:08 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-07 09:26:22 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
.
==================== Find3M ====================
.
2012-06-23 15:14:42 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 15:14:42 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-30 13:41:22 525544 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 22:43:28,74 ===============

Attached Files



#10 tampakc

tampakc
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 05 July 2012 - 05:54 AM

Oh, as I said at my first post... Which I don't know if you saw, My problem is that my computer just shuts off while I'm playing. And Windows said that that virus has caused windows to not work properly 7 times... I don't know if that what is means... But if removing this virus is going to help with this issue that's what I'll do. Although, if I remove the virus and windows still shuts off... Will I need to create another topic?

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:24 PM

Posted 05 July 2012 - 05:55 PM

Hi again,

Sorry for the delay. As I am still a trainee here at BC, all of my posts need to be checked first by an instructor before I am allowed to post here.
This may cause a small delay in my responses, but on the other hand, you will have two sets of eyes checking your logs instead of one. :)

I am currently researching your logs and I will get back with instructions probably tomorrow (my local timezone...USA eastern).

My problem is that my computer just shuts off while I'm playing.

Yes, I am taking this into consideration as well. :wink:

We first need to make sure the machine is free of malware before we address that issue. I will try to address it for you here, but if I am unable then I will give instruction on when and where you should post a new topic to receive the best help. :thumbup2:

Thank you for your patience, and look for my post tomorrow.

bloopie

#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:24 PM

Posted 06 July 2012 - 06:15 PM

Hello again,

I see you have UniblueRegistryBooster installed. The use of any registry cleaner can cause many problems on your computer including rendering it unbootable! These programs are not foolproof, and one mistake can make your machine useless!
I'd advise you do not use this program in the future.

==========

:step1: Warning

Going over your logs I noticed that you have a P2P program µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Windows Orb > Control Panel > Programs > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.

==========

:step2: Run Combofix

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

In your next reply, please include the C:\Combofix.txt and let me know how your computer is running!

bloopie

#13 tampakc

tampakc
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 07 July 2012 - 02:38 PM

I posted both the file and the log itself. Also, by how my computer is running, do you mean whether it still shuts off? It will take some time to say... Since I haven't used it much recently. I will start using it and if it still shuts off I will let you know. Also, how would my computer be fixed since all we have cone by now is create logs? Does combo fix remove infections?

Here's the log:


ComboFix 12-07-07.04 - ΧΡΗΣΤΟΣ 07/07/2012 21:58:36.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.4087.2162 [GMT 3:00]
Running from: c:\users\???????\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: ESET Smart Security 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: ESET Smart Security 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FunWebProducts
c:\program files (x86)\ShoppingReport2
c:\program files (x86)\ShoppingReport2\Uninst.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\1964.lnk
c:\users\ΧΡΗΣΤΟΣ\Documents\~WRL0005.tmp
c:\users\ΧΡΗΣΤΟΣ\xobglu32.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 19:13 . 2012-07-07 19:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-07 19:13 . 2012-07-07 19:13 -------- d-----w- c:\users\UpdatusUser.ΧΡΗΣΤΟΣ-PC\AppData\Local\temp
2012-07-07 19:13 . 2012-07-07 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-07 18:44 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-07 18:44 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-07 18:44 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-07-07 18:43 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-07 18:43 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-07 18:43 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-07-07 18:43 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-07-07 18:43 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-07 18:43 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-07 18:43 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-07 18:43 . 2012-06-27 20:33 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-07-07 18:43 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-07 18:43 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-07 18:42 . 2012-07-07 18:42 -------- d-----w- c:\programdata\AVAST Software
2012-07-07 18:42 . 2012-07-07 18:42 -------- d-----w- c:\program files\AVAST Software
2012-07-04 19:35 . 2012-07-04 19:35 -------- d-----w- c:\users\E002~1
2012-07-04 09:33 . 2012-07-04 10:03 -------- d-----w- c:\users\ΧΡΗΣΤΟΣ\AppData\Roaming\Vso
2012-07-04 09:32 . 2009-09-02 10:44 65602 ----a-w- c:\windows\SysWow64\cook3260.dll
2012-07-04 09:32 . 2009-09-02 10:44 217127 ----a-w- c:\windows\SysWow64\drv43260.dll
2012-07-04 09:32 . 2009-09-02 10:44 208935 ----a-w- c:\windows\SysWow64\drv33260.dll
2012-07-04 09:32 . 2009-09-02 10:44 176165 ----a-w- c:\windows\SysWow64\drv23260.dll
2012-07-04 09:32 . 2009-09-02 10:44 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll
2012-07-04 09:32 . 2009-09-02 10:44 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-07-04 09:32 . 2009-09-02 10:44 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-07-04 09:32 . 2012-07-04 09:32 -------- d-----w- c:\program files (x86)\VSO
2012-07-04 01:20 . 2012-07-07 18:52 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B6E6F30-003C-4DC4-8914-DD09D1306BA3}\offreg.dll
2012-07-04 01:00 . 2012-07-04 01:10 -------- d-----w- c:\program files (x86)\Gabest
2012-07-04 00:07 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B6E6F30-003C-4DC4-8914-DD09D1306BA3}\mpengine.dll
2012-07-03 11:42 . 2012-07-03 11:42 -------- d-----w- c:\program files (x86)\Ask.com
2012-06-30 10:35 . 2012-06-30 10:35 -------- d-----w- c:\program files (x86)\Game Maker 8 Pro Edition
2012-06-29 22:29 . 2012-06-29 22:29 -------- d-----w- c:\users\ΧΡΗΣΤΟΣ\AppData\Roaming\LolClient
2012-06-27 22:41 . 2012-06-27 22:41 -------- d-----w- c:\windows\el
2012-06-27 22:37 . 2012-03-08 15:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-27 22:33 . 2012-06-27 22:33 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e4bebb3c1cd54b402\MeshBetaRemover.exe
2012-06-27 22:33 . 2012-06-27 22:33 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e41552061cd54b401\DSETUP.dll
2012-06-27 22:33 . 2012-06-27 22:33 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e41552061cd54b401\DXSETUP.exe
2012-06-27 22:33 . 2012-06-27 22:33 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e41552061cd54b401\dsetup32.dll
2012-06-25 11:03 . 2012-06-25 11:03 -------- d-----w- c:\program files (x86)\Pokedexer
2012-06-25 10:40 . 2005-03-09 17:50 19456 ----a-w- c:\windows\SysWow64\libusbd-9x.exe
2012-06-25 10:40 . 2005-03-09 17:50 18944 ----a-w- c:\windows\SysWow64\libusbd-nt.exe
2012-06-25 10:40 . 2012-06-25 10:40 -------- d-----w- c:\program files (x86)\LibUSB-Win32-0.1.10.1
2012-06-24 18:04 . 2012-06-24 18:05 -------- d-----w- c:\windows\3414A564B87F473397D809744A28C571.TMP
2012-06-23 21:11 . 2012-06-23 21:11 -------- d-----w- c:\users\ΧΡΗΣΤΟΣ\AppData\Roaming\WB Games
2012-06-23 20:53 . 2012-06-23 20:53 -------- d-----w- c:\program files (x86)\WB Games
2012-06-21 08:48 . 2012-06-21 19:21 -------- d-----w- c:\users\ΧΡΗΣΤΟΣ\AppData\Roaming\PFStaticIP
2012-06-21 08:48 . 2012-06-21 08:48 -------- d-----w- c:\users\ΧΡΗΣΤΟΣ\AppData\Local\APN
2012-06-21 07:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 07:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 07:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 07:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 07:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 07:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 07:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:13 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 07:13 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 13:40 . 2012-06-19 13:40 -------- d-----w- C:\Riot Games
2012-06-19 10:50 . 2012-07-04 19:33 -------- d-----w- c:\users\ΧΡΗΣΤΟΣ\AppData\Local\PMB Files
2012-06-19 10:50 . 2012-07-04 19:33 -------- d-----w- c:\programdata\PMB Files
2012-06-19 10:50 . 2012-06-19 10:50 -------- d-----w- c:\program files (x86)\Pando Networks
2012-06-15 17:15 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-15 17:15 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-15 17:15 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-15 17:15 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-15 17:15 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-15 17:15 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-15 10:46 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-15 10:46 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-15 10:46 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-15 08:31 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-15 08:31 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 17:28 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 17:28 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 17:28 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 16:43 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 16:38 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 13:58 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-09 21:02 . 2012-06-09 21:02 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:14 . 2012-05-29 15:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 15:14 . 2011-05-15 21:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-30 13:41 . 2011-09-25 11:23 525544 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}"= "c:\program files (x86)\Gamers Unite! Snag Bar\Helper.dll" [2010-05-23 243200]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files (x86)\PHPNukeEN\tbPHPN.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E2A57EE8-6A26-499F-95F8-A96E5C3BE17E}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
2010-05-23 17:10 1558528 ----a-w- c:\program files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 18:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\PHPNukeEN\tbPHPN.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files (x86)\Gamers Unite! Snag Bar\Toolbar.dll" [2010-05-23 1558528]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files (x86)\PHPNukeEN\tbPHPN.dll" [2010-09-12 3863136]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"Facebook Update"="c:\users\ΧΡΗΣΤΟΣ\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-16 137536]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-06-22 16712]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 aswFW;avast! TDI Firewall driver; [x]
R1 aswSnx;aswSnx; [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 136176]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-17 35104]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-05-20 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-05-20 13952]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-06-28 13352]
R3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-05-20 98816]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-05-20 28672]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-05-20 213504]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]
R3 NETw5s64;Πρόγραμμα οδήγησης προσαρμογέα Intel® Wireless WiFi Link για Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TVICHW64;TVICHW64;c:\windows\SysWOW64\Drivers\TVICHW64.SYS [2005-10-08 13824]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-09 834544]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSP;aswSP; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 134024]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/06 01:08];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-23 18:45 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 44944]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-05-20 86016]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-07-23 5435904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWKBD
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWNDIS2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 15:14]
.
2012-07-07 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-07 13:50]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 06:21]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 06:21]
.
2012-06-19 c:\windows\Tasks\HPCeeScheduleForΧΡΗΣΤΟΣ.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2692520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=15183
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ΧΡΗΣΤΟΣ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Αποστολή εικόνας στη συσκευή &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Αποστολή σελίδας στη συσκευή &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7A548B7A-26DE-49F3-A073-21AF74123DF7}: NameServer = 213.249.17.10 213.249.39.29
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.magic-kinder.com/totalimmersion/plugin/DFusionHomeWebPlugIn.Installer.exe
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
URLSearchHooks-{a34284a7-30d1-40f6-b5ff-ecd7dac46231} - (no file)
URLSearchHooks-{707db484-2428-402d-afb5-d85b387544c7} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{027279A5-4F6B-495C-56B6-1FE863142F4F} - (no file)
Wow6432Node-HKCU-Run-UniblueRegistryBooster - c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\YouTube Downloader Toolbar\SearchSettings.exe
Wow6432Node-HKLM-Run-TaskTray - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{25515A79-C1C7-4B97-97F8-31A711694487} - (no file)
WebBrowser-{A34284A7-30D1-40F6-B5FF-ECD7DAC46231} - (no file)
WebBrowser-{707DB484-2428-402D-AFB5-D85B387544C7} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-PDF Writer - c:\windows\system32\uninstpw.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1270869078-1707584010-649696065-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:fc,90,2e,18,da,19,50,e7,e7,5e,b6,49,64,4a,87,e5,dc,8c,1f,b2,1d,98,59,
37,46,8c,04,82,32,17,8b,9c,92,53,b3,bd,ad,6b,8f,84,eb,59,6d,fd,c4,af,9c,fe,\
"??"=hex:b7,f3,71,51,d7,47,9d,9b,ce,1f,1f,34,e6,6d,b5,32
.
[HKEY_USERS\S-1-5-21-1270869078-1707584010-649696065-1000\Software\SecuROM\License information*]
"datasecu"=hex:fe,71,be,19,6a,f4,09,f6,6b,df,b0,f6,f2,25,fb,fd,5c,c9,93,85,76,
66,aa,e1,66,0a,57,98,b4,5d,99,29,bb,7c,f1,29,c4,ee,35,83,61,00,37,d6,7d,17,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-07 22:17:37
ComboFix-quarantined-files.txt 2012-07-07 19:17
.
Pre-Run: 28 Κατάλογοι 92.175.712.256 διαθέσιμα byte
Post-Run: 37 Κατάλογοι 95.349.510.144 διαθέσιμα byte
.
- - End Of File - - CA9AA8C30516296B5F0B8F20B5D69527

Attached Files



#14 tampakc

tampakc
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 07 July 2012 - 07:57 PM

By the way, can I undo what I did using defogger now?

And can I re enable my antivirus programs?

#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:24 PM

Posted 08 July 2012 - 10:54 AM

Hi again,

Does combo fix remove infections?


Yes it does that, and much more!!...as we've seen here:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FunWebProducts
c:\program files (x86)\ShoppingReport2
c:\program files (x86)\ShoppingReport2\Uninst.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\1964.lnk
c:\users\ΧΡΗΣΤΟΣ\Documents\~WRL0005.tmp
c:\users\ΧΡΗΣΤΟΣ\xobglu32.dll
c:\windows\XSxS


You'd be surprised exactly just what it does! :wink:

===========

Also, how would my computer be fixed since all we have cone by now is create logs?

Please be calm. These logs are how I read your machine's good/bad habbits.

I understand you are having problems, but I need to do my job and remove any malware on the machine before we can tackle the remaining issues, okay?

===========

Did you install Avast intentionally??!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton AV or Avira AV.

==========

Now yes, you may re-enable your antivirus program. The Defogger step should be saved until after these two scans below.

==========

:step1: Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Other Troubleshooting Tips:
==========

:step2: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

In you next reply, please include:

  • The MBAM log.
  • The ESET log.
  • How your computer is running!!
  • Do you still have the random reboots?
bloopie

Edited by bloopie, 08 July 2012 - 11:02 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users