Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkits,trojans, and lot's of other problems


  • This topic is locked This topic is locked
7 replies to this topic

#1 EndlessParadigm

EndlessParadigm

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 03 August 2012 - 06:25 AM

I have in general a lot of bad stuff on my computer, ranging from trojans to rootkits, and an annoying svchost that takes all of my internet. So any help you could give would be greatly appreciated.

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 7:14:04 on 2012-08-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8187.4283 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Process Blocker\Process Blocker.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Brandon\AppData\Roaming\Spotify\spotify.exe
C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\perfmon.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={6BBC1D8E-383A-4A6A-B46B-5A9F1082493A}&mid=92245389b58a47d0a1a3d16d5b375790-baba5c9453f06d93a89b1a8d1cc2f82d3ce3803a&lang=en&ds=st011&pr=sa&d=2012-04-23 08:32:47&v=11.0.0.9&sap=hp
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Spotify] "C:\Users\Brandon\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1F16804C-B6AD-4EE3-A650-4B1D8FE2ED4A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{832811E0-40DD-45D7-A603-C4A3EB24340D} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p6y9k8sc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9aafc154-9938-4be1-99ab-ae6ba9b3374e%7D&mid=92245389b58a47d0a1a3d16d5b375790-baba5c9453f06d93a89b1a8d1cc2f82d3ce3803a&ds=st011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-23%2008%3A32%3A47&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-25 8704]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-7-30 415072]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-20 1262400]
R2 Process Blocker;Process Blocker;C:\Program Files\Process Blocker\Process Blocker.exe [2012-3-28 86888]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-25 2666880]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-3 250056]
S3 dhdusb.NTamd64;Dynex Enhanced Wireless G USB Network Adapter Service;C:\Windows\system32\DRIVERS\bcmusbdhdlh64.sys --> C:\Windows\system32\DRIVERS\bcmusbdhdlh64.sys [?]
S3 DroidCam;DroidCam Virtual Audio;C:\Windows\system32\drivers\droidcam.sys --> C:\Windows\system32\drivers\droidcam.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-7 1038088]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120]
S3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13C.sys --> C:\Windows\system32\DRIVERS\MRVW13C.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 rt70x64;Belkin Wireless G USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr7064.sys --> C:\Windows\system32\DRIVERS\netr7064.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VCR2PC;VCR2PC Analog Capture;C:\Windows\system32\DRIVERS\0140_ION.sys --> C:\Windows\system32\DRIVERS\0140_ION.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== File Associations ===============
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-03 09:18:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-03 08:49:55 -------- d-----w- C:\ProgramData\SecTaskMan
2012-08-03 08:49:51 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-08-03 08:09:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-03 00:38:38 -------- d-----w- C:\android-sdk
2012-08-03 00:01:29 -------- d-----w- C:\Users\Administrator\.android
2012-08-02 20:35:56 -------- d-----w- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2012-08-02 20:33:14 -------- d-----w- C:\Program Files (x86)\AMD
2012-08-02 20:33:07 -------- d-----w- C:\Users\Administrator\AppData\Local\Downloaded Installations
2012-08-02 20:24:42 -------- d-----w- C:\Program Files (x86)\Eidos
2012-08-02 10:38:24 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B75C2EBA-517C-4547-ACFB-99469C1DC92D}\mpengine.dll
2012-08-01 10:43:07 -------- d-----w- C:\Users\Administrator\AppData\Local\Adobe
2012-08-01 10:37:51 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-01 09:27:07 -------- d-----w- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
2012-08-01 08:25:34 -------- d-----w- C:\Users\Administrator\AppData\Local\{9035C177-156B-40C3-A489-CF206C343B09}
2012-08-01 08:25:22 -------- d-----w- C:\Users\Administrator\AppData\Local\{CBC3DA27-5BEA-45AB-A193-5173261ABB2A}
2012-08-01 08:25:08 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Windows Live Writer
2012-08-01 08:25:08 -------- d-----w- C:\Users\Administrator\AppData\Local\Windows Live Writer
2012-08-01 08:19:11 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\542dfedc1cd6fbe01\DSETUP.dll
2012-08-01 08:19:11 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\542dfedc1cd6fbe01\DXSETUP.exe
2012-08-01 08:19:11 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\542dfedc1cd6fbe01\dsetup32.dll
2012-08-01 08:18:33 -------- d-----w- C:\Users\Administrator\AppData\Local\Windows Live
2012-08-01 05:49:22 -------- d-----w- C:\Users\Administrator\AppData\Local\Apps
2012-08-01 02:45:42 -------- d-----w- C:\Users\Administrator\AppData\Roaming\NVIDIA
2012-07-30 07:25:10 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Image-Line
2012-07-30 07:18:19 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-07-30 07:17:58 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2012-07-30 07:17:58 -------- d-----w- C:\Program Files (x86)\VstPlugins
2012-07-30 07:17:48 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-07-30 07:17:45 -------- d-----w- C:\Program Files (x86)\Outsim
2012-07-30 07:15:37 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-07-30 06:31:23 -------- d-----w- C:\Users\Administrator\AppData\Roaming\BitTorrent
2012-07-29 22:59:35 -------- d-----w- C:\Windows\pss
2012-07-29 09:38:50 -------- d-----w- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2012-07-28 05:42:33 -------- d-----w- C:\Users\Administrator\AppData\Local\Apple
2012-07-28 05:41:24 -------- d-----w- C:\Users\Administrator\AppData\Local\Apple Computer
2012-07-28 04:23:50 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Rainmeter
2012-07-28 01:39:51 -------- d-----w- C:\Users\Administrator\AppData\Local\Yahoo
2012-07-26 20:47:07 -------- d-----w- C:\Users\Administrator\AppData\Local\PunkBuster
2012-07-25 01:23:44 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Mumble
2012-07-25 01:18:57 -------- d-----w- C:\Users\Administrator\AppData\Roaming\AVG
2012-07-25 00:23:11 -------- d-----w- C:\Program Files\Process Blocker
2012-07-23 20:34:41 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-07-23 13:09:23 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Spotify
2012-07-23 13:09:23 -------- d-----w- C:\Users\Administrator\AppData\Local\Spotify
2012-07-23 13:09:22 -------- d-----w- C:\Users\Administrator\AppData\Roaming\LolClient
2012-07-23 12:20:02 -------- d-----w- C:\Users\Administrator\AppData\Local\Macromedia
2012-07-22 18:05:13 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6BAF5CC5-19FE-48C1-918B-4A3434B6FEB5}\gapaengine.dll
2012-07-22 17:58:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-22 17:58:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-22 14:55:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-22 14:29:05 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-07-22 14:29:05 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-07-22 14:29:05 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-07-22 14:29:05 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-07-22 14:29:05 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-07-22 14:29:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-07-22 14:29:05 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-07-22 14:05:56 395776 ----a-w- C:\Windows\System32\webio.dll
2012-07-22 14:05:56 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-07-22 14:02:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-07-22 14:02:58 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-07-22 14:02:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-07-22 14:02:58 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-07-22 14:02:57 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-07-22 14:02:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-07-22 14:02:51 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-22 14:02:51 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-22 14:02:51 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-07-22 14:02:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-07-22 14:02:02 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-07-22 14:00:21 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-07-20 09:37:43 -------- d-----w- C:\Users\Administrator\AppData\Local\Mozilla
2012-07-20 09:29:25 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-07-20 09:26:11 -------- d-----w- C:\Users\Administrator\AppData\Local\ArcSoft
2012-07-16 11:54:06 -------- d-----w- C:\Program Files (x86)\Team Meat
2012-07-16 08:05:58 -------- d-----w- C:\Program Files (x86)\World of Warcraft Beta
2012-07-16 04:23:22 40960 ----a-w- C:\Windows\SysWow64\F5D7050.dll
2012-07-16 04:23:21 -------- d-----w- C:\Program Files (x86)\Belkin
2012-07-16 04:00:34 308224 ----a-w- C:\Windows\System32\drivers\netr7064.sys
2012-07-16 04:00:34 200704 ----a-w- C:\Windows\SysWow64\UpdateDriver.exe
2012-07-15 01:59:57 -------- d-----w- C:\Program Files (x86)\iLivid
2012-07-14 06:40:12 8139072 ----a-w- C:\Windows\System32\nvcuda.dll
2012-07-14 06:40:12 5982528 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-07-14 06:40:12 2881856 ----a-w- C:\Windows\System32\nvcuvenc.dll
2012-07-14 06:40:12 2681664 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-07-14 06:40:12 25743168 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-07-14 06:40:12 2524992 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-07-14 06:40:12 25248064 ----a-w- C:\Windows\System32\nvcompiler.dll
2012-07-14 06:40:12 2445120 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-07-14 06:40:12 19607872 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-07-14 06:40:12 18044224 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-07-14 06:40:12 17551680 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-07-14 06:40:12 14298944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-07-13 06:38:41 -------- d-----w- C:\ProgramData\ArcSoft
2012-07-13 06:38:29 22784 ----a-w- C:\Windows\SysWow64\drivers\afc.sys
2012-07-13 06:38:08 -------- d-----w- C:\Program Files (x86)\ION
2012-07-13 06:38:07 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2012-07-13 06:37:08 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-07-13 06:37:08 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-07-13 06:37:08 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-13 06:37:08 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-07-13 06:37:07 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-07-13 06:13:05 76864 ----a-w- C:\Windows\System32\acpinfo.ax
2012-07-13 06:13:05 301504 ----a-w- C:\Windows\System32\drivers\0140_ION.sys
2012-07-13 06:13:05 121920 ----a-w- C:\Windows\System32\VendorCmdRW.dll
2012-07-09 05:04:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-09 05:04:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-09 05:04:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-05 22:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-08-02 23:39:26 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 23:39:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-27 08:27:17 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-27 03:13:53 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-27 00:34:42 2248 ----a-w- C:\Windows\System32\ASOROSet.bin
2012-07-10 08:34:37 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-03 11:37:11 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-03 10:09:00 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 10:48:00 8105280 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48:00 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-05-15 10:48:00 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-05-15 10:48:00 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
2012-05-15 10:48:00 2368832 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-05-15 10:48:00 1738048 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-05-15 10:48:00 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-05-15 10:48:00 10194752 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-11 02:47:45 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-05-11 02:47:45 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-05-11 02:47:45 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-05-10 11:08:00 249856 ------w- C:\Windows\Setup1.exe
2012-05-10 11:07:59 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-05-06 21:17:03 431104 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-05-06 21:17:03 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-05-06 21:17:03 136192 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-06 21:17:03 114688 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH: 7:16:33.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 06 August 2012 - 02:52 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 EndlessParadigm

EndlessParadigm
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 06 August 2012 - 08:19 AM

Security Check:


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Combofix:


ComboFix 12-08-05.02 - Administrator 08/06/2012 5:50.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8187.6418 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\InstallNotifier.exe
c:\program files (x86)\Shop to Win\unins000.dat
c:\program files (x86)\Shop to Win\unins000.exe
c:\users\Administrator\AppData\Roaming\Fiva
c:\users\Administrator\AppData\Roaming\Fiva\evapm.adh
c:\users\Brandon\AppData\Roaming\Dyyno
c:\users\Brandon\AppData\Roaming\Dyyno\dgcsrv.xml
c:\users\Brandon\AppData\Roaming\Dyyno\dyyno.xml
c:\users\Brandon\AppData\Roaming\mIRC\logs\status.log
c:\users\Public\videos\ventrilo-3.0.8-Windows-x64.exe
c:\users\Public\videos\VHSC_inst.exe
c:\users\Public\videos\wlsetup-web(1).exe
c:\users\Public\videos\wlsetup-web.exe
c:\users\Public\videos\WoW-4.0.0-WOW-enUS-Installer(1).exe
c:\users\Public\videos\WoW-4.0.0-WOW-enUS-Installer.exe
c:\users\Public\videos\wrar400.exe
c:\users\Public\videos\wt_setup.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{54274e5e-8e4d-7e2c-74f6-6f67400115f5}\@
c:\windows\Installer\{54274e5e-8e4d-7e2c-74f6-6f67400115f5}\L\00000004.@
c:\windows\Installer\{54274e5e-8e4d-7e2c-74f6-6f67400115f5}\L\201d3dde
c:\windows\Installer\{54274e5e-8e4d-7e2c-74f6-6f67400115f5}\U\00000004.@
c:\windows\Installer\{54274e5e-8e4d-7e2c-74f6-6f67400115f5}\U\00000008.@
c:\windows\Installer\{54274e5e-8e4d-7e2c-74f6-6f67400115f5}\U\000000cb.@
c:\windows\Installer\{54274e5e-8e4d-7e2c-74f6-6f67400115f5}\U\80000000.@
c:\windows\Installer\{54274e5e-8e4d-7e2c-74f6-6f67400115f5}\U\80000032.@
c:\windows\Installer\{54274e5e-8e4d-7e2c-74f6-6f67400115f5}\U\80000064.@
c:\windows\SysWow64\F5D7050.dll
c:\windows\SysWow64\tooldownloadreadme.htm
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
F:\Autorun.inf
F:\Setup.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 10:33 . 2012-08-06 10:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-06 10:33 . 2012-08-06 10:33 -------- d-----w- c:\users\Mcx1-BRANDON-PC\AppData\Local\temp
2012-08-06 10:33 . 2012-08-06 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 10:33 . 2012-08-06 10:33 -------- d-----w- c:\users\Brandon\AppData\Local\temp
2012-08-06 09:11 . 2012-08-06 09:11 -------- d-----w- c:\program files (x86)\Applian Technologies
2012-08-06 09:09 . 2012-08-06 09:09 -------- d-----w- c:\program files (x86)\Freecorder 6
2012-08-06 09:09 . 2012-08-06 09:09 -------- d-----w- c:\program files (x86)\Freecorder Toolbar
2012-08-06 09:09 . 2012-08-06 09:09 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2012-08-06 09:09 . 2012-08-06 09:09 -------- d-----w- c:\program files (x86)\Funmoods
2012-08-06 06:00 . 2012-08-06 06:00 -------- d-----w- c:\users\Administrator\AppData\Local\Navnet_Solutions
2012-08-06 04:30 . 2012-08-06 04:30 -------- d-----w- c:\program files (x86)\NavNetApp
2012-08-06 04:30 . 2012-08-06 04:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\NavNet Solutions
2012-08-05 00:50 . 2012-08-05 00:50 -------- d-----w- c:\users\Administrator\AppData\Local\Origin
2012-08-05 00:49 . 2012-08-05 00:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\Origin
2012-08-04 14:47 . 2012-08-04 14:47 -------- d-----w- c:\users\Administrator\AppData\Local\SKIDROW
2012-08-04 14:40 . 2012-08-04 14:40 -------- d-----w- c:\program files (x86)\Streum On Studio
2012-08-04 14:23 . 2012-08-04 14:35 -------- d-----w- C:\Fraps
2012-08-04 12:39 . 2012-08-06 11:07 -------- d-----w- c:\users\Administrator\AppData\Roaming\Yqhobu
2012-08-04 12:39 . 2012-08-04 12:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\Syinzu
2012-08-04 10:25 . 2012-08-04 10:25 -------- d-----w- c:\users\Administrator\AppData\Local\Skyrim
2012-08-04 10:21 . 2012-08-04 13:07 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-08-04 01:11 . 2012-08-04 01:11 -------- d-----w- c:\users\Administrator\AppData\Local\SCE
2012-08-04 01:11 . 2012-08-04 01:11 -------- d-----w- C:\Crash
2012-08-03 09:18 . 2012-08-03 10:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-03 08:49 . 2012-08-03 08:54 -------- d-----w- c:\programdata\SecTaskMan
2012-08-03 08:49 . 2012-08-03 08:49 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-08-03 08:09 . 2012-08-03 08:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-03 00:38 . 2012-08-03 00:48 -------- d-----w- C:\android-sdk
2012-08-03 00:01 . 2012-08-03 00:53 -------- d-----w- c:\users\Administrator\.android
2012-08-02 21:44 . 2012-08-02 21:44 -------- d--h--r- c:\users\Administrator\AppData\Roaming\SecuROM
2012-08-02 20:35 . 2012-08-02 20:35 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2012-08-02 20:33 . 2012-08-02 20:33 -------- d-----w- c:\program files (x86)\AMD
2012-08-02 20:33 . 2012-08-02 20:33 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2012-08-02 20:24 . 2012-08-02 20:24 -------- d-----w- c:\program files (x86)\Eidos
2012-08-02 10:38 . 2012-06-29 07:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B75C2EBA-517C-4547-ACFB-99469C1DC92D}\mpengine.dll
2012-08-01 10:43 . 2012-08-01 10:43 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2012-08-01 10:37 . 2012-06-29 07:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-01 09:27 . 2012-08-01 09:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\OpenOffice.org
2012-08-01 08:25 . 2012-08-01 08:25 -------- d-----w- c:\users\Administrator\AppData\Local\Windows Live Writer
2012-08-01 08:25 . 2012-08-01 08:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Windows Live Writer
2012-08-01 08:21 . 2012-08-01 08:21 -------- d-----w- c:\program files\Windows Live
2012-08-01 08:19 . 2012-08-01 08:19 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\542dfedc1cd6fbe01\DSETUP.dll
2012-08-01 08:19 . 2012-08-01 08:19 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\542dfedc1cd6fbe01\DXSETUP.exe
2012-08-01 08:19 . 2012-08-01 08:19 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\542dfedc1cd6fbe01\dsetup32.dll
2012-08-01 08:18 . 2012-08-04 14:24 -------- d-----w- c:\users\Administrator\AppData\Local\Windows Live
2012-08-01 05:49 . 2012-08-01 05:49 -------- d-----w- c:\users\Administrator\AppData\Local\Apps
2012-08-01 02:45 . 2012-08-01 10:42 -------- d-----w- c:\users\Administrator\AppData\Roaming\NVIDIA
2012-07-30 07:25 . 2012-07-30 07:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Image-Line
2012-07-30 07:18 . 2012-07-30 07:18 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-07-30 07:17 . 2012-07-30 07:17 -------- d-----w- c:\program files (x86)\VstPlugins
2012-07-30 07:17 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-07-30 07:17 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-07-30 07:17 . 2012-07-30 07:17 -------- d-----w- c:\program files (x86)\Outsim
2012-07-30 07:15 . 2012-07-30 07:17 -------- d-----w- c:\program files (x86)\Image-Line
2012-07-30 06:31 . 2012-08-04 14:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\BitTorrent
2012-07-29 09:38 . 2012-07-29 09:38 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2012-07-28 05:42 . 2012-07-28 05:42 -------- d-----w- c:\users\Administrator\AppData\Local\Apple
2012-07-28 05:41 . 2012-07-28 05:41 -------- d-----w- c:\users\Administrator\AppData\Local\Apple Computer
2012-07-28 04:23 . 2012-07-28 04:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Rainmeter
2012-07-28 01:39 . 2012-07-28 01:39 -------- d-----w- c:\users\Administrator\AppData\Local\Yahoo
2012-07-26 20:47 . 2012-08-04 01:13 -------- d-----w- c:\users\Administrator\AppData\Local\PunkBuster
2012-07-25 01:23 . 2012-07-26 01:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Mumble
2012-07-25 01:18 . 2012-07-25 01:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG
2012-07-25 00:23 . 2012-07-25 00:23 -------- d-----w- c:\program files\Process Blocker
2012-07-23 21:11 . 2012-08-06 09:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2012-07-23 20:34 . 2012-07-23 20:34 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-23 13:09 . 2012-08-06 11:31 -------- d-----w- c:\users\Administrator\AppData\Roaming\Spotify
2012-07-23 13:09 . 2012-08-06 09:09 -------- d-----w- c:\users\Administrator\AppData\Local\Spotify
2012-07-23 13:09 . 2012-07-23 13:09 -------- d-----w- c:\users\Administrator\AppData\Roaming\LolClient
2012-07-23 12:20 . 2012-07-23 12:20 -------- d-----w- c:\users\Administrator\AppData\Local\Macromedia
2012-07-22 18:05 . 2012-07-22 18:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BAF5CC5-19FE-48C1-918B-4A3434B6FEB5}\gapaengine.dll
2012-07-22 17:58 . 2012-07-22 17:58 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-22 17:58 . 2012-07-22 17:58 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-22 14:55 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-22 14:29 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-22 14:29 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-22 14:29 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-22 14:29 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-22 14:29 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-22 14:29 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-22 14:29 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-22 14:05 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-07-22 14:05 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-07-22 14:03 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-22 14:02 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-22 14:02 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-22 14:02 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-07-22 14:02 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-07-22 14:02 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-07-22 14:02 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-07-22 14:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-22 14:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-22 14:02 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-22 14:02 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-07-22 14:02 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-07-22 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-21 17:50 . 2012-07-22 21:58 -------- d-----w- c:\users\Brandon\AppData\Local\Spotify
2012-07-21 17:48 . 2012-07-22 21:58 -------- d-----w- c:\users\Brandon\AppData\Roaming\Spotify
2012-07-20 09:37 . 2012-07-20 09:37 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2012-07-20 09:29 . 2012-07-20 09:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-07-20 09:26 . 2012-07-20 09:26 -------- d-----w- c:\users\Administrator\AppData\Local\ArcSoft
2012-07-20 09:25 . 2012-07-20 09:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\ArcSoft
2012-07-16 12:11 . 2012-07-20 08:59 -------- d-----w- c:\users\Brandon\AppData\Roaming\vlc
2012-07-16 11:54 . 2012-07-16 11:54 -------- d-----w- c:\program files (x86)\Team Meat
2012-07-16 11:46 . 2012-07-16 11:46 -------- d-----w- c:\users\Brandon\AppData\Roaming\Sony Creative Software Inc
2012-07-16 08:05 . 2012-08-03 03:40 -------- d-----w- c:\program files (x86)\World of Warcraft Beta
2012-07-16 04:23 . 2012-07-16 04:23 -------- d-----w- c:\program files (x86)\Belkin
2012-07-16 04:00 . 2012-07-16 03:59 308224 ----a-w- c:\windows\system32\drivers\netr7064.sys
2012-07-16 04:00 . 2006-08-15 15:42 200704 ----a-w- c:\windows\SysWow64\UpdateDriver.exe
2012-07-15 02:06 . 2012-07-15 02:06 -------- d-----w- c:\users\Brandon\AppData\Local\Ilivid Player
2012-07-15 01:59 . 2012-07-15 02:06 -------- d-----w- c:\program files (x86)\iLivid
2012-07-14 06:49 . 2012-07-14 06:49 -------- d-----w- c:\users\Brandon\AppData\Roaming\wargaming.net
2012-07-13 06:39 . 2012-07-13 06:39 -------- d-----w- c:\users\Brandon\AppData\Local\Programs
2012-07-13 06:38 . 2012-07-13 06:38 -------- d-----w- c:\users\Brandon\AppData\Local\ArcSoft
2012-07-13 06:38 . 2012-07-14 06:42 -------- d-----w- c:\programdata\ArcSoft
2012-07-13 06:38 . 2012-07-20 09:01 -------- d-----w- c:\users\Brandon\AppData\Roaming\ArcSoft
2012-07-13 06:38 . 2006-11-14 15:31 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2012-07-13 06:38 . 2012-07-13 06:38 -------- d-----w- c:\program files (x86)\ION
2012-07-13 06:38 . 2012-07-13 06:38 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-07-13 06:38 . 2005-04-27 20:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2012-07-13 06:37 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-07-13 06:37 . 2001-09-05 08:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-13 06:37 . 2001-09-05 08:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-07-13 06:37 . 2001-09-05 08:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-07-13 06:37 . 2003-04-16 03:26 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 01:13 . 2011-10-03 18:58 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-04 01:13 . 2011-10-03 18:53 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-04 01:10 . 2011-10-03 18:53 282512 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-04 01:10 . 2011-10-03 18:53 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-02 23:39 . 2012-05-03 05:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 23:39 . 2011-12-28 01:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 00:34 . 2011-10-25 21:25 2248 ----a-w- c:\windows\system32\ASOROSet.bin
2012-07-03 10:09 . 2012-07-03 11:32 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-03 07:19 . 2011-12-12 09:35 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 08:05 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 08:05 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 08:05 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 08:05 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 08:05 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 08:05 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 08:05 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 08:04 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 08:04 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 10:48 . 2012-05-20 17:05 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-20 17:05 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-10-03 19:32 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-10-03 19:32 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-02-23 06:58 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-02-23 06:58 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-02-23 06:58 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-06-10 20:37 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2011-02-23 05:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-02-23 05:38 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-02-23 05:38 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-02-23 05:39 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-02-23 05:39 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-11 02:47 . 2011-11-17 11:09 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-05-11 02:47 . 2011-11-17 11:09 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-05-11 02:47 . 2011-11-17 11:09 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-05-10 11:08 . 2012-05-10 11:08 249856 ------w- c:\windows\Setup1.exe
2012-05-10 11:07 . 2012-05-10 11:07 73216 ----a-w- c:\windows\ST6UNST.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 07:20 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files (x86)\Freecorder 6\tbcore3.dll" [2012-08-01 2711928]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Brandon\AppData\Roaming\Spotify\spotify.exe" [2012-07-21 7601880]
"Spotify Web Helper"="c:\users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-21 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-2-2 495104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 ALSysIO;ALSysIO;c:\users\Brandon\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dhdusb.NTamd64;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\DRIVERS\bcmusbdhdlh64.sys [2007-09-12 254984]
R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2012-02-05 25216]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-08 1038088]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-04-01 341856]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys [2007-05-03 244736]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-19 712704]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 rt70x64;Belkin Wireless G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7064.sys [2012-07-16 308224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\DRIVERS\0140_ION.sys [2008-09-22 301504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-03 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-14 270912]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-07-30 415072]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Process Blocker;Process Blocker;c:\program files\Process Blocker\Process Blocker.exe [2012-03-28 86888]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 23:39]
.
2012-08-04 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2011-10-25 17:26]
.
2012-08-01 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2011-10-25 17:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={6BBC1D8E-383A-4A6A-B46B-5A9F1082493A}&mid=92245389b58a47d0a1a3d16d5b375790-baba5c9453f06d93a89b1a8d1cc2f82d3ce3803a&lang=en&ds=st011&pr=sa&d=2012-04-23 08:32&v=11.0.0.9&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qup9b65i.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={6BBC1D8E-383A-4A6A-B46B-5A9F1082493A}&mid=92245389b58a47d0a1a3d16d5b375790-baba5c9453f06d93a89b1a8d1cc2f82d3ce3803a&lang=en&ds=st011&pr=sa&d=2012-04-23 08:32&v=11.1.0.12&sap=hp
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0D0DtA0B0EyCtA0AzzyCzytN0D0Tzu0CtBtCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1192671229
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0D0DtA0B0EyCtA0AzzyCzytN0D0Tzu0CtBtCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1192671229
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0D0DtA0B0EyCtA0AzzyCzytN0D0Tzu0CtBtCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1192671229&q=
FF - user.js: extensions.funmoods.id - 00241DD3BE63A869
FF - user.js: extensions.funmoods.instlDay - 15558
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.225:9:18
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
------- File Associations -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{4A538051-AFC8-45FF-B554-7B1E5148385B}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4}"=hex:51,66,7a,6c,4c,1d,38,12,42,0c,f3,
6e,c5,2c,db,04,fc,b0,f3,8c,6c,07,8f,d0
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,4a,f6,99,4a,69,cd,01
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:94,ce,e0,b9,58,d5,cc,01
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,01,40,1c,25,d1,47,4b,8f,cd,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,01,40,1c,25,d1,47,4b,8f,cd,9b,\
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Spotify.mp3"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-677207469-1431038801-2729487163-500\Software\SecuROM\License information*]
"datasecu"=hex:3c,b4,dd,7d,d9,a1,6e,30,54,55,28,37,a5,b5,64,3d,b6,1f,09,0a,21,
00,c1,01,97,06,78,3e,6d,8a,28,a5,eb,3c,08,ca,b1,be,ab,8a,b5,8f,1a,49,48,cc,\
"rkeysecu"=hex:b8,35,64,d8,a5,2e,74,f2,b3,2f,31,b8,ab,ab,d4,cd
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
.
**************************************************************************
.
Completion time: 2012-08-06 07:40:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 11:40
.
Pre-Run: 212,359,835,648 bytes free
Post-Run: 223,028,207,616 bytes free
.
- - End Of File - - 2291265986D9EDB8DCEB10392BADAE9B

Scans ran without a hitch so no problems there.

AVG is still spewing out things when it's not disabled, and SVChost is still hogging up all the bandwidth, also google has been doing annoying redirects almost every time I click a link.

#4 EndlessParadigm

EndlessParadigm
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 06 August 2012 - 08:28 AM

Actually I'm gonna take that back, it seems that SVChost at least for the time being has stopped it's bandwidth hogging and google is no longer redirecting.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 06 August 2012 - 12:44 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 08 August 2012 - 11:17 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 12 August 2012 - 12:07 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 15 August 2012 - 05:47 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users