Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i infected ?


  • This topic is locked This topic is locked
18 replies to this topic

#1 PillowTalk

PillowTalk

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 13 September 2012 - 09:30 AM

Hello
Right i will get straight to the point, My pc has been fine for a long time but the other day whilst browsing some new tab opened and a file scan screen popped up saying found 1500 viruses i tried to close it but it wouldn`t close the tab then my firefox Kept saying not responding,
So i pulled out the Ethernet cable out and restarted my pc.
Since then my pc has been so slow startup time was about 28 seconds now it`s more like 45-50seconds and even trying to open stuff on my pc it takes for ever and sluggish / I have scanned with kaspersky / eset online scanner / superantispyware all reported clean, But my pc isn`t normally like this Plus i do quite alot of online banking and haven`t since about 3 days ago i`m to paranoid to use this pc for that task.
Any help would be greatly appreciated indeed

Thank you very much for your time
Attached File  hijackthis.log   13.09KB   14 downloads

BC AdBot (Login to Remove)

 


#2 PillowTalk

PillowTalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 14 September 2012 - 07:41 AM

Anyone ?

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 14 September 2012 - 12:05 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, PillowTalk

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 14 September 2012 - 12:08 PM

Hello there,

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

On your next reply please post :
DDS log
aswMBR log
Checkup log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 PillowTalk

PillowTalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 14 September 2012 - 02:46 PM

Hello Conspire thank you for taking my case, Here is the logs that you require thank you for helping me

dds text:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Benjamin at 20:21:08 on 2012-09-14
.
============== Running Processes ===============
.
C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Benjamin\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No File
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [<NO NAME>]
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5C65D22-FA24-4E55-91E0-7930732CE3C2} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No File
mRun-x64: [(Default)]
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\jvlzwz9a.default-1344031003598\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Benjamin\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? DCamUSBVM;Lenovo Q350 USB PC Camera
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? MozillaMaintenance;Mozilla Maintenance Service
R? OS Selector;Acronis OS Selector activator
R? osppsvc;Office Software Protection Platform
R? Revoflt;Revoflt
R? ss_bbus;SAMSUNG USB Mobile Device (WDM)
R? ss_bmdfl;SAMSUNG USB Mobile Modem (Filter)
R? ss_bmdm;SAMSUNG USB Mobile Modem
R? SwitchBoard;SwitchBoard
R? TsUsbFlt;TsUsbFlt
R? vburnbus;Phantom Drive Bus Enumerator
R? WatAdminSvc;Windows Activation Technologies Service
S? !SASCORE;SAS Core Service
S? AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10
S? AdobeARMservice;Adobe Acrobat Update Service
S? BHDrvx64;BHDrvx64
S? ccSet_NIS;Norton Internet Security Settings Manager
S? DeepFrz;DeepFrz
S? DfDiskLow;DfDiskLow
S? DFServ;DFServ
S? DKRtWrt;DKRtWrt
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? fltsrv;Acronis Storage Filter Management
S? fsh;fsh
S? IDSVia64;IDSVia64
S? mv61xx;mv61xx
S? NBVol;Nero Backup Volume Filter Driver
S? NBVolUp;Nero Backup Volume Upper Filter Driver
S? NIS;Norton Internet Security
S? PCWinSoft;ScreenCamera Video Camera
S? PxHlpa64;PxHlpa64
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SbieDrv;SbieDrv
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SymNetS;Symantec Network Security WFP Driver
S? VMUSBArbService;VMware USB Arbitration Service
S? VMwareHostd;VMware Workstation Server
S? vsock;vSockets Driver
S? vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared)
S? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
.
=============== File Associations ===============
.
scrfile="%1" /S
.
=============== Created Last 30 ================
.
2012-09-13 14:46:31 776352 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\srtsp64.sys
2012-09-13 14:46:31 493216 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\symds64.sys
2012-09-13 14:46:31 432800 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\symnets.sys
2012-09-13 14:46:31 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\srtspx64.sys
2012-09-13 14:46:31 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\symelam.sys
2012-09-13 14:46:31 224416 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\ironx64.sys
2012-09-13 14:46:31 168096 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\ccsetx64.sys
2012-09-13 14:46:31 1132192 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\symefa64.sys
2012-09-13 14:46:28 -------- d-----w- C:\Windows\System32\drivers\NISx64\1401010.002
2012-09-13 14:43:36 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-09-13 14:43:36 -------- d-----w- C:\Program Files\Symantec
2012-09-13 14:43:36 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-09-13 14:42:39 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-09-13 14:42:37 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-09-13 12:14:37 388096 ----a-r- C:\Users\Benjamin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-13 12:14:37 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-09-13 10:15:54 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 10:15:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-13 10:15:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-12 19:51:45 16336550 ------w- C:\Persi0.sys
2012-09-12 14:56:31 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 14:56:31 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 14:56:30 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 14:56:30 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 14:56:29 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 14:56:29 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 14:56:29 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 06:37:14 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 22:03:01 -------- d-----w- C:\Windows\ehome
2012-09-05 15:17:17 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-09-04 23:40:25 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\Digiarty
2012-09-04 23:40:17 -------- d-----w- C:\Program Files (x86)\Digiarty
2012-09-04 22:39:38 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-09-04 21:33:55 -------- d-----w- C:\Program Files\Windows Firewall Control
2012-09-04 21:15:36 -------- d-----w- C:\ProgramData\Norton
2012-09-04 21:05:13 -------- d-----w- C:\ProgramData\NortonInstaller
2012-09-04 18:38:45 -------- d-----w- C:\Users\Benjamin\AppData\Local\VMware
2012-09-04 18:36:12 67224 ----a-w- C:\Windows\System32\vsocklib.dll
2012-09-04 18:36:12 63128 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2012-09-04 18:36:11 70256 ----a-w- C:\Windows\System32\drivers\vsock.sys
2012-09-04 18:36:08 67224 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2012-09-04 18:36:08 32920 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2012-09-04 18:35:48 357016 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2012-09-04 18:35:43 435864 ----a-w- C:\Windows\SysWow64\vmnat.exe
2012-09-04 18:35:43 30360 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2012-09-04 18:35:37 933528 ----a-w- C:\Windows\System32\vnetlib64.dll
2012-09-04 18:35:32 52376 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2012-09-04 18:34:45 -------- d-----w- C:\Program Files\Common Files\VMware
2012-09-04 18:34:30 -------- d-----w- C:\Program Files (x86)\VMware
2012-09-04 18:34:30 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2012-09-04 15:04:46 -------- d-----w- C:\Program Files (x86)\Remove Logo Now!
2012-09-04 10:37:38 38232 ----a-w- C:\Windows\System32\drivers\DfDiskLow.sys
2012-09-04 10:37:28 214744 ----a-w- C:\Windows\System32\drivers\DeepFrz.sys
2012-08-29 15:01:08 -------- d-----w- C:\Users\Benjamin\AppData\Local\NPE
2012-08-27 06:37:20 -------- d-----w- C:\Program Files (x86)\Faronics
2012-08-27 05:42:46 -------- d-----w- C:\Program Files (x86)\FinalWire
2012-08-27 04:30:21 -------- d-----w- C:\Program Files (x86)\Disktrix
2012-08-24 09:58:40 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\KC Softwares
2012-08-24 09:58:37 -------- d-----w- C:\Program Files (x86)\KC Softwares
2012-08-23 04:57:41 5120 ------w- C:\Windows\SysWow64\chkvdisk.exe
2012-08-23 04:57:41 107632 ------w- C:\Windows\System32\drivers\Shield.sys
2012-08-23 04:57:30 -------- d-----w- C:\Windows\SysWow64\configfix
2012-08-21 22:30:59 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\PowerISO
2012-08-21 22:30:04 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-08-21 22:30:03 -------- d-----w- C:\Program Files (x86)\PowerISO
2012-08-21 21:43:34 -------- d-----w- C:\Program Files (x86)\BurnAware Professional
2012-08-20 16:30:30 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
.
==================== Find3M ====================
.
2012-09-12 06:37:07 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-12 06:37:07 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-27 06:45:11 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 06:45:11 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-21 05:00:13 6656 ----a-w- C:\Windows\SysWow64\lpcio.dll
2012-08-15 14:16:52 62104 ----a-w- C:\Windows\System32\vmnetbridge.dll
2012-08-15 14:16:52 48792 ----a-w- C:\Windows\System32\vnetinst.dll
2012-08-15 14:16:52 45720 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2012-08-15 14:16:50 24216 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2012-08-15 14:16:50 20120 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2012-08-15 12:33:44 353280 ----a-w- C:\Windows\SysWow64\vmnc.dll
2012-08-01 16:10:24 37680 ----a-w- C:\Windows\System32\drivers\vmusb.sys
2012-07-30 13:16:48 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-07-30 13:16:20 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2012-07-30 13:16:20 330240 ----a-w- C:\Windows\MASetupCaller.dll
2012-07-30 13:16:20 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2012-07-28 02:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-07-28 01:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
2012-07-26 18:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-07-26 18:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-07-26 18:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-07-26 18:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
2012-07-26 18:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
2012-07-26 14:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-07-26 14:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-07-26 14:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-07-26 14:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
2012-07-26 14:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 14:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL
2012-07-17 13:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2012-07-06 11:29:52 85104 ----a-w- C:\Windows\System32\drivers\vmci.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-24 15:33:51 40464 ----a-w- C:\Windows\System32\drivers\VBURNBus.sys
2012-06-24 15:33:51 221720 ----a-w- C:\Windows\System32\drivers\vburn1000.sys
.
============= FINISH: 20:21:58.00 ===============


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-14 20:23:51
-----------------------------
20:23:51.749 OS Version: Windows x64 6.1.7601 Service Pack 1
20:23:51.749 Number of processors: 4 586 0xF0B
20:23:51.749 ComputerName: Desktop UserName:
20:23:53.929 Initialize success
20:25:04.362 AVAST engine defs: 12091400
20:25:10.762 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:25:10.762 Disk 0 Vendor: WDC_WD3200AAJS-22B4A0 01.03A01 Size: 305245MB BusType: 3
20:25:10.762 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
20:25:10.767 Disk 1 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3
20:25:10.782 Disk 0 MBR read successfully
20:25:10.782 Disk 0 MBR scan
20:25:10.787 Disk 0 Windows 7 default MBR code
20:25:10.792 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305245 MB offset 63
20:25:10.812 Disk 0 scanning C:\Windows\system32\drivers
20:25:22.447 Service scanning
20:25:50.457 Modules scanning
20:25:50.462 Disk 0 trace - called modules:
20:25:50.472 ntoskrnl.exe CLASSPNP.SYS disk.sys DfDiskLow.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:25:50.802 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f30790]
20:25:50.802 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8004c97a60]
20:25:50.807 5 DfDiskLow.sys[fffff88001a4d1c9] -> nt!IofCallDriver -> [0xfffffa80046f0e40]
20:25:50.812 7 ACPI.sys[fffff88000fa97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046fb680]
20:25:50.817 \Driver\atapi[0xfffffa80046e35c0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> DfDiskLow.sys[0xfffff88001a47318]
20:25:51.882 AVAST engine scan C:\Windows
20:25:54.102 AVAST engine scan C:\Windows\system32
20:28:45.265 AVAST engine scan C:\Windows\system32\drivers
20:29:15.290 AVAST engine scan C:\Users\Benjamin
20:33:42.047 AVAST engine scan C:\ProgramData
20:38:30.657 Scan finished successfully
20:39:42.380 Disk 0 MBR has been saved successfully to "C:\Users\Benjamin\Desktop\MBR.dat"
20:39:42.385 The log file has been saved successfully to "C:\Users\Benjamin\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Attached Files


Edited by PillowTalk, 14 September 2012 - 02:47 PM.


#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 14 September 2012 - 09:39 PM

Greetings,


Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 PillowTalk

PillowTalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 14 September 2012 - 11:05 PM

ComboFix 12-09-14.03 - Benjamin 15/09/2012 4:31.1.4 - x64
Running from: c:\users\Benjamin\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
c:\programdata\586ADD72B7.sys
c:\programdata\ntuser.dat
c:\users\Benjamin\AppData\Local\assembly\tmp
c:\users\Benjamin\AppData\Roaming\inst.exe
c:\users\Benjamin\AppData\Roaming\vso_ts_preview.xml
c:\users\Benjamin\Error.log
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\NeWTabs_v9.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 03:41 . 2012-09-15 03:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 03:24 . 2012-09-15 03:24 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-09-15 03:24 . 2012-09-15 03:24 -------- d-----w- c:\program files\Symantec
2012-09-15 03:24 . 2012-09-15 03:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-09-15 03:23 . 2012-09-15 03:23 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-09-15 03:23 . 2012-09-15 03:24 -------- d-----w- c:\programdata\Norton
2012-09-15 03:23 . 2012-09-15 03:23 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-09-15 03:23 . 2012-09-15 03:23 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-09-15 03:10 . 2012-09-15 03:10 -------- d-----w- C:\User Data
2012-09-15 03:10 . 2012-09-15 03:10 -------- d-----w- c:\program files (x86)\newtabs
2012-09-15 03:10 . 2012-09-15 03:10 -------- d-----w- c:\program files (x86)\DownloadXCtrl.com
2012-09-15 01:19 . 2012-07-11 16:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-09-15 01:18 . 2012-09-15 01:18 -------- d-----w- c:\windows\ELAMBKUP
2012-09-15 01:18 . 2012-08-13 17:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-09-15 01:18 . 2012-08-13 17:24 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2012-09-14 23:51 . 2012-08-21 13:44 41632 ----a-w- c:\windows\system32\CleanMFT64.exe
2012-09-14 23:51 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2012-09-14 23:51 . 2008-04-02 14:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2012-09-14 23:51 . 2008-04-02 14:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2012-09-14 23:51 . 2012-08-21 13:44 513696 ----a-w- c:\windows\SysWow64\msxml.dll
2012-09-14 23:51 . 2012-09-14 23:51 -------- d-----w- c:\program files (x86)\PC Tools
2012-09-14 23:51 . 2012-09-14 23:51 -------- d-----w- c:\programdata\PC Tools
2012-09-12 19:51 . 2012-09-12 19:51 16336550 ------w- C:\Persi0.sys
2012-09-12 14:56 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:56 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:56 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:56 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:56 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:56 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:56 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 06:37 . 2012-09-12 06:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 22:03 . 2012-09-09 22:03 -------- d-----w- c:\windows\ehome
2012-09-09 22:02 . 2012-09-09 22:02 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-09-09 22:02 . 2012-09-09 22:02 -------- d-----r- c:\users\Public\Recorded TV
2012-09-04 23:40 . 2012-09-04 23:40 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Digiarty
2012-09-04 23:40 . 2012-09-04 23:40 -------- d-----w- c:\program files (x86)\Digiarty
2012-09-04 18:38 . 2012-09-11 13:36 -------- d-----w- c:\users\Benjamin\AppData\Local\VMware
2012-09-04 18:36 . 2012-07-06 11:30 67224 ----a-w- c:\windows\system32\vsocklib.dll
2012-09-04 18:36 . 2012-07-06 11:29 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2012-09-04 18:36 . 2012-07-06 11:29 70256 ----a-w- c:\windows\system32\drivers\vsock.sys
2012-09-04 18:36 . 2012-08-15 14:18 67224 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-09-04 18:36 . 2012-08-15 14:16 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-09-04 18:35 . 2012-08-15 14:18 357016 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-09-04 18:35 . 2012-08-15 14:18 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-09-04 18:35 . 2012-08-15 14:17 435864 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-09-04 18:35 . 2012-08-15 14:18 933528 ----a-w- c:\windows\system32\vnetlib64.dll
2012-09-04 18:35 . 2012-08-01 16:10 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-09-04 18:34 . 2012-09-04 18:34 -------- d-----w- c:\program files\Common Files\VMware
2012-09-04 18:34 . 2012-09-15 03:44 -------- d-----w- c:\programdata\VMware
2012-09-04 18:34 . 2012-09-04 18:34 -------- d-----w- c:\program files (x86)\VMware
2012-09-04 18:34 . 2012-09-04 18:34 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-09-04 15:04 . 2012-09-04 15:04 -------- d-----w- c:\program files (x86)\Remove Logo Now!
2012-09-04 10:37 . 2012-09-04 10:37 38232 ----a-w- c:\windows\system32\drivers\DfDiskLow.sys
2012-09-04 10:37 . 2012-09-04 10:37 214744 ----a-w- c:\windows\system32\drivers\DeepFrz.sys
2012-08-29 15:01 . 2012-09-14 20:17 -------- d-----w- c:\users\Benjamin\AppData\Local\NPE
2012-08-27 06:37 . 2012-08-27 06:50 -------- d-----w- c:\program files (x86)\Faronics
2012-08-27 05:42 . 2012-08-27 05:42 -------- d-----w- c:\program files (x86)\FinalWire
2012-08-27 04:30 . 2012-08-27 04:30 -------- d-----w- c:\program files (x86)\Disktrix
2012-08-24 09:58 . 2012-08-24 09:58 -------- d-----w- c:\users\Benjamin\AppData\Roaming\KC Softwares
2012-08-24 09:58 . 2012-08-24 09:58 -------- d-----w- c:\program files (x86)\KC Softwares
2012-08-23 04:57 . 2012-05-11 15:55 107632 ------w- c:\windows\system32\drivers\Shield.sys
2012-08-23 04:57 . 2009-10-14 12:20 5120 ------w- c:\windows\SysWow64\chkvdisk.exe
2012-08-23 04:57 . 2012-08-23 04:57 -------- d-----w- c:\windows\SysWow64\configfix
2012-08-23 04:55 . 2012-08-23 04:55 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-08-21 22:30 . 2012-08-21 22:30 -------- d-----w- c:\users\Benjamin\AppData\Roaming\PowerISO
2012-08-21 22:30 . 2012-08-17 04:41 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-08-21 22:30 . 2012-08-21 22:30 -------- d-----w- c:\program files (x86)\PowerISO
2012-08-21 21:43 . 2012-08-21 21:43 -------- d-----w- c:\program files (x86)\BurnAware Professional
2012-08-17 03:45 . 2012-08-17 03:45 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 14:57 . 2010-10-13 06:27 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-12 06:37 . 2012-05-29 20:48 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-12 06:37 . 2010-11-02 01:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 06:45 . 2012-04-04 08:48 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 06:45 . 2011-05-13 05:06 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 05:00 . 2009-07-13 23:16 6656 ----a-w- c:\windows\SysWow64\lpcio.dll
2012-08-15 14:16 . 2012-08-15 14:16 62104 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-08-15 14:16 . 2012-08-15 14:16 48792 ----a-w- c:\windows\system32\vnetinst.dll
2012-08-15 14:16 . 2012-08-15 14:16 45720 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-08-15 14:16 . 2012-08-15 14:16 24216 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-08-15 14:16 . 2012-08-15 14:16 20120 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-08-15 12:33 . 2012-08-15 12:33 353280 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-08-13 15:49 . 2012-08-13 15:49 178008 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-02 14:09 . 2012-08-02 14:09 28504 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-08-01 16:10 . 2012-08-01 16:10 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
2012-07-30 13:16 . 2012-07-23 11:41 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-07-28 02:09 . 2012-07-28 02:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-07-28 01:54 . 2012-07-28 01:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-26 18:08 . 2012-07-26 18:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 18:08 . 2012-07-26 18:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 18:08 . 2012-07-26 18:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 18:08 . 2012-07-26 18:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 18:08 . 2012-07-26 18:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 14:22 . 2012-07-26 14:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 14:22 . 2012-07-26 14:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 14:22 . 2012-07-26 14:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-25 13:53 . 2012-07-25 13:53 29016 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-07-18 18:15 . 2012-08-15 14:21 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 14:14 . 2012-07-17 14:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL
2012-07-17 13:49 . 2012-07-17 13:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 13:37 . 2012-07-17 13:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-06 11:29 . 2012-07-06 11:29 85104 ----a-w- c:\windows\system32\drivers\vmci.sys
2012-07-04 22:16 . 2012-08-15 14:21 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 14:21 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 14:21 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 14:21 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 12:46 . 2012-08-15 14:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 04:55 . 2012-08-15 14:25 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 14:25 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 14:25 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 14:25 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 14:25 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 14:25 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 14:25 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 14:25 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 14:25 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 14:25 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 14:25 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 14:25 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 14:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 14:25 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 14:25 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 14:25 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 14:25 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 14:25 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 14:25 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-26 15:02 . 2012-06-26 15:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-06-26 15:02 . 2012-06-26 15:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-06-26 15:02 . 2012-06-26 15:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-06-26 15:02 . 2012-06-26 15:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-06-26 15:02 . 2012-06-26 15:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-06-26 15:02 . 2012-06-26 15:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-06-26 15:02 . 2012-06-26 15:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-06-26 15:02 . 2012-06-26 15:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-06-26 15:02 . 2012-06-26 15:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-06-26 15:02 . 2012-06-26 15:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-06-26 15:02 . 2012-06-26 15:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-06-26 15:02 . 2012-06-26 15:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-06-26 15:02 . 2012-06-26 15:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-06-26 15:02 . 2012-06-26 15:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-06-26 15:02 . 2012-06-26 15:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-06-26 15:02 . 2012-06-26 15:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-06-26 15:02 . 2012-06-26 15:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-06-26 15:02 . 2012-06-26 15:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-06-26 15:02 . 2012-06-26 15:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-06-26 15:02 . 2012-06-26 15:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-06-26 15:02 . 2012-06-26 15:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-06-26 15:02 . 2012-06-26 15:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-06-26 15:02 . 2012-06-26 15:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-06-26 15:02 . 2012-06-26 15:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-06-26 15:02 . 2012-06-26 15:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-06-24 15:33 . 2012-06-24 15:34 40464 ----a-w- c:\windows\system32\drivers\VBURNBus.sys
2012-06-24 15:33 . 2012-06-24 15:34 221720 ----a-w- c:\windows\system32\drivers\vburn1000.sys
2012-06-19 16:28 . 2012-06-19 16:28 458584 ----a-w- c:\windows\system32\drivers\kl1.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 765200]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-10 896912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-08-15 15680000]
R3 ck3pro;XECUTER CK3 PRO - USB Driver;c:\windows\system32\DRIVERS\ck3pro64.sys [2010-07-14 97280]
R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2005-09-19 142336]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2139536]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vburnbus;Phantom Drive Bus Enumerator;c:\windows\system32\DRIVERS\vburnbus.sys [2012-06-24 40464]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-13 1255736]
S0 DeepFrz;DeepFrz; [x]
S0 DfDiskLow;DfDiskLow; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-04-16 132704]
S0 fsh;fsh; [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1401000.018\SYMDS64.SYS [2012-07-27 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1401000.018\SYMEFA64.SYS [2012-08-07 1132192]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys [2012-08-10 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1401000.018\ccSetx64.sys [2012-08-06 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20120811.001\IDSVia64.sys [2012-08-10 512672]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1401000.018\Ironx64.SYS [2012-07-27 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1401000.018\SYMNETS.SYS [2012-07-22 432800]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 DFServ;DFServ;c:\program files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [2012-09-04 1092096]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe [2012-08-18 143928]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-05-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-07-25 29016]
S3 PCWinSoft;ScreenCamera Video Camera;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys [2011-07-25 241880]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:45]
.
2012-09-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2871378942-2181502166-1982673502-1000Core.job
- c:\users\Benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10 22:41]
.
2012-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2871378942-2181502166-1982673502-1000UA.job
- c:\users\Benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10 22:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=DDX&from=DDX&uid=WDC_WD3200AAJS-22B4A0_WD-WMAT1519001590015&ts=1347678606
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\jvlzwz9a.default-1344031003598\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO-{73455575-E40C-433C-9784-C78DC7761455} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO-{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
AddRemove-KProbe - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.1.0.24\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2CE73E4-C5ED-4FC4-7B7A-D9F3D461CC1A}*]
"hanjiaogmhddpeop"=hex:6b,61,65,64,6a,6e,6d,69,65,6e,6e,6d,6b,62,65,61,64,67,
6c,6c,6d,6d,00,00
"iahkchbbppjapigcln"=hex:6b,61,65,64,6a,6e,6d,69,65,6e,6e,6d,6b,62,65,61,64,67,
6c,6c,6d,6d,00,00
"fadjbdfmclhc"=hex:6b,61,69,69,70,69,68,68,6f,65,66,6b,6b,64,65,6a,67,62,68,61,
63,70,00,74
"fadjidkbeggh"=hex:6f,62,63,68,66,6b,61,69,66,61,68,66,63,6a,64,69,61,68,66,6f,
6b,70,69,6d,6f,6a,6c,66,6c,6a,61,70,6d,69,69,65,66,69,6f,6a,63,6e,65,6b,70,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE04.00.00.01MSWINDOWS"="F4BA718855ABDABF506ADEF36EDD97A7F785B0974B53EF5C7B1EE448682202D7D0A33A348423F616B4C3FCED8CBF914996A26C3E0C0FDE5898DAA954B53FF0AD9CD9C0B87CD7255AE6F83417353F0684447DA1D9519E2D2AD3D4F88E2486C2B0C9AC369FB772884457D73D60B492F0079580B4DDD9E44E1900AF7C8F012886DC0B1F304BB6936523BD5E380DDC637296DDC96B15693B5A7A34C8C6C723C9EDBC596AA76EFE4A28D910C4263985D3CB88B8A9F21DC5EC0DBACDAD4A79DF034BF2F078F98F991FDB5E0E706E4E85F2E4C8042658E739BA465C689F613B926299B4516A680C120AB3B9B77FDA8EBCC94755E179913AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B98088EDD5E5BE2F6E6676D66A36FC1273F4589B036F43F42890BD45ED9662AC60CA5BA399392FC2008B42E81CFA175EEF44A903D7F400DBDDE482AD1BF28F2025A892BF41468987586D4C8E2B58A573420A9DEEF6503943A24582BE5DFF00C9F02EA8C284F2D132EDC5AE13BDDADFE4C619CE989CA33902B24F5BD04154BF14B17AAD60CB822C7578AED2230F8204BBEC02FA9BBB6DA7DB48E36CD8EE058E36A1281054DE99DD5AFEF89B45DD60DDB4826449DAD541B1F30F67BC958664C65134FF8160EA007232AD07F4D4EED3297D9638E46F9F126F9AB5501A22BED6FBC0F8FF00FE23BDC576FD9719D88D8E0A697A819A93104C2D9E883555141E29DF5DC771BF75540B0DD591658E0FE540275D98C3E52D41FCD4C5DC159CE4B55C6DFAE0E7FDADF5826E7F9F77F511DC28DB52E0AAE4C5C7F36A2B1B4C31B6C79708C6CC1F748F651F868925406B0C0A992DDD27EF12AB3847D73C4E01D37BEA6B1D42F6033537E1A74191CE461443BB3B3A43FAD5E81B8AF3D9AA7B4C3AB4CD83853C5213494CD4A7AF441C6D7D3D3AE270A993D22EABF291FB21F7DE88196B143E6341AD2A7B397803C62FB062C440D36CC40373D868DBAE3A1A5EF14488FF126322F49372BF1E10F7291E85B9D3AE2C072C20B8473DED45C8A68239C13A183CA9DA18E62C3BAA7456197D71C7ED6EB3745E40A20586289735AC8123277A8F22D532A2DA718B98F5294EF76DFA5B184A152216C0F5F3C8E213DDC1BD510F1EDDD431C4F2BD38AE17C5B4AD411EFD43019E922C91F3581C0F525EC04DDFC44CA801FFD01E9A8BF0C9D4B0969F0BEBC13CBA14AA3770D3E1E95C978F273DED700CCDF8832B2485C9D223B440E13F5DCF8FD522C59101A71C936A4AE73145ED52990C02C37266A5ACC8AC748FD5F001A4E039991B3B5180D0A257377F492246107AABE0AC83DCB27F16D52925D12C650264757F55B8944FACA3F396ACB93E08C7D901F7983C12BA289F4"
"OOSE05.00.00.01PRO"="49D1FD4ABFA08F67233F6874877E457DC229121076C0505D2F782CC6DF7CC2D9EB3E42C0EDD3DFB5F429515FEC8EC04AD6D170CA2510FEFD484F844C4617F404E8A2070064CC8A7379ECE0CA7BA6972D337A4AAB10934C0EA718C45659823772B641249F762D4A0F0E8F1FBAC03C0590BE0D794620B61893DA453BA4F63F2868AB30752E9EAAA0A5F3EE98AB705C0C8FC34CDB21DEF78249541AB4EB24E0AC5C045CD9ADF78DD18C51B95DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB34525D575E7D6A3B98088EDD5E5BE2F6E66768CD1E08579F5E741DF01F27EB03EA595519BB8178910C43FD795CE18FBAFE6AA9303108F235B534750485BA630152C548AEDD61CA7D6FAE6234E6372C8AB59BB3523A8668B8C9A00E76EB78D78D800D1CCCE9F4A8D56752B5D3B08C140A9DFB731047FDE7BE003320BC933ED5241D59F521F69999A07F2AAADEC262EE6A46F547E6772F52BF0DE6D86F512B9BA8A4D4F0FCAE6FDAC61B3168803F77943C177883FD7F9C3F18FBBA5ACB8FA39C5EE4B21A58D05D5D196D6B0A07D655927849F5709BA78C77082C34B8B2CA4F81EF8326F24B2E8B45C87F5D1F6752432C7AE966CA2CCA0C7B344F587DA8941C25EA77687294ACE6E96B2E8FA9B50BD0D5825C42C1BE5CE8FDA5EDB5A3D5913796BF0DB58116C8A059FCAA9122AD73CF39B1D4897A085D36E347E0581F897C979944E3CF01558E2FD35B79F471308BD6B211DD3E8BE0684A48EAD858D33221F3A632EEF93FFC21494DC8F1CD783DECBF558CD5E78142A842F84357C91A6661486826777C84D936EE6FEBC3378AFDC1A8E6F26D8FDB4E5DFC796BB349BFDD33D53F2218A68ADD995F164F6DCDEBBBC973DEF5AAC59048DD9C015D977706769D20BD8BC0C57EA0A79FD060C434DAE6D7C6ECAF681C85198F88F9798277A0AF41EEABAB35310459D3F965F1F00F0490540CF01AD2AA97CAEF6C80864870B9B0CCCF04B00E3F2FE8A4FA4CBA71098C71B87282156C09170F8FB6E9AA8E0F6EC00690772AB54F8B4EB3F331D5944F0AE3956C69E20BD8C738111B3BF2D0014FCC4747E88FEDBF96B130F975BF009387660E2E23ACD7BB61BF2F9030505D7CE166FC4B6FB8C8F5425B5AE5AD5D2D8B051C5834617C525711C034D2369656B61EC1A73958E3AD5A743B0AD522F1E870F3CB423A0BC34A58757B81606FFD336DF238DE7121B15ADA8761A9294E2BD1013D6028C43853E66CA2520B7C33233FDF3EC6C997FDA85C664984B707E416DFFC3AE8FE18B76321C5214F59AD8C869850580E269257321AF2FC7EC5D7C823D92C3B18CD3F0A10469AED1D09C0390EB10809D24511C69A497856CCF848922C5C5682C5AF08E3D8F927770C4843AB"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
.
**************************************************************************
.
Completion time: 2012-09-15 04:56:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 03:56
.
Pre-Run: 236,614,991,872 bytes free
Post-Run: 238,195,167,232 bytes free
.
- - End Of File - - F70D86C3ABD6DDA98B7ADF48E114FEEC

#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 15 September 2012 - 03:28 AM

Hi,

Did you perform any proper removal for Norton?

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

RegLockDel::
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2CE73E4-C5ED-4FC4-7B7A-D9F3D461CC1A}*]


In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 PillowTalk

PillowTalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 15 September 2012 - 08:52 AM

ComboFix 12-09-14.03 - Benjamin 15/09/2012 14:27:12.2.4 - x64
Running from: c:\users\Benjamin\Desktop\ComboFix.exe
Command switches used :: c:\users\Benjamin\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 13:36 . 2012-09-15 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 03:10 . 2012-09-15 03:10 -------- d-----w- C:\User Data
2012-09-15 03:10 . 2012-09-15 03:10 -------- d-----w- c:\program files (x86)\newtabs
2012-09-15 01:19 . 2012-07-11 16:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-09-15 01:18 . 2012-09-15 01:18 -------- d-----w- c:\windows\ELAMBKUP
2012-09-15 01:18 . 2012-08-13 17:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-09-15 01:18 . 2012-08-13 17:24 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2012-09-14 23:51 . 2012-08-21 13:44 41632 ----a-w- c:\windows\system32\CleanMFT64.exe
2012-09-14 23:51 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2012-09-14 23:51 . 2008-04-02 14:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2012-09-14 23:51 . 2008-04-02 14:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2012-09-14 23:51 . 2012-08-21 13:44 513696 ----a-w- c:\windows\SysWow64\msxml.dll
2012-09-14 23:51 . 2012-09-14 23:51 -------- d-----w- c:\program files (x86)\PC Tools
2012-09-14 23:51 . 2012-09-14 23:51 -------- d-----w- c:\programdata\PC Tools
2012-09-12 19:51 . 2012-09-12 19:51 16336550 ------w- C:\Persi0.sys
2012-09-12 14:56 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:56 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:56 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:56 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:56 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:56 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:56 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 06:37 . 2012-09-12 06:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 23:40 . 2012-09-04 23:40 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Digiarty
2012-09-04 23:40 . 2012-09-04 23:40 -------- d-----w- c:\program files (x86)\Digiarty
2012-09-04 18:38 . 2012-09-11 13:36 -------- d-----w- c:\users\Benjamin\AppData\Local\VMware
2012-09-04 18:36 . 2012-07-06 11:30 67224 ----a-w- c:\windows\system32\vsocklib.dll
2012-09-04 18:36 . 2012-07-06 11:29 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2012-09-04 18:36 . 2012-07-06 11:29 70256 ----a-w- c:\windows\system32\drivers\vsock.sys
2012-09-04 18:36 . 2012-08-15 14:18 67224 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-09-04 18:36 . 2012-08-15 14:16 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-09-04 18:35 . 2012-08-15 14:18 357016 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-09-04 18:35 . 2012-08-15 14:18 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-09-04 18:35 . 2012-08-15 14:17 435864 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-09-04 18:35 . 2012-08-15 14:18 933528 ----a-w- c:\windows\system32\vnetlib64.dll
2012-09-04 18:35 . 2012-08-01 16:10 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-09-04 18:34 . 2012-09-04 18:34 -------- d-----w- c:\program files\Common Files\VMware
2012-09-04 18:34 . 2012-09-15 13:37 -------- d-----w- c:\programdata\VMware
2012-09-04 18:34 . 2012-09-04 18:34 -------- d-----w- c:\program files (x86)\VMware
2012-09-04 18:34 . 2012-09-04 18:34 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-09-04 15:04 . 2012-09-04 15:04 -------- d-----w- c:\program files (x86)\Remove Logo Now!
2012-09-04 10:37 . 2012-09-04 10:37 38232 ----a-w- c:\windows\system32\drivers\DfDiskLow.sys
2012-09-04 10:37 . 2012-09-04 10:37 214744 ----a-w- c:\windows\system32\drivers\DeepFrz.sys
2012-08-29 15:01 . 2012-09-14 20:17 -------- d-----w- c:\users\Benjamin\AppData\Local\NPE
2012-08-27 06:37 . 2012-08-27 06:50 -------- d-----w- c:\program files (x86)\Faronics
2012-08-27 05:42 . 2012-08-27 05:42 -------- d-----w- c:\program files (x86)\FinalWire
2012-08-27 04:30 . 2012-08-27 04:30 -------- d-----w- c:\program files (x86)\Disktrix
2012-08-24 09:58 . 2012-08-24 09:58 -------- d-----w- c:\users\Benjamin\AppData\Roaming\KC Softwares
2012-08-24 09:58 . 2012-08-24 09:58 -------- d-----w- c:\program files (x86)\KC Softwares
2012-08-23 04:57 . 2012-05-11 15:55 107632 ------w- c:\windows\system32\drivers\Shield.sys
2012-08-23 04:57 . 2009-10-14 12:20 5120 ------w- c:\windows\SysWow64\chkvdisk.exe
2012-08-23 04:57 . 2012-08-23 04:57 -------- d-----w- c:\windows\SysWow64\configfix
2012-08-23 04:55 . 2012-08-23 04:55 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-08-21 22:30 . 2012-08-21 22:30 -------- d-----w- c:\users\Benjamin\AppData\Roaming\PowerISO
2012-08-21 22:30 . 2012-08-17 04:41 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-08-21 22:30 . 2012-08-21 22:30 -------- d-----w- c:\program files (x86)\PowerISO
2012-08-21 21:43 . 2012-08-21 21:43 -------- d-----w- c:\program files (x86)\BurnAware Professional
2012-08-17 03:45 . 2012-08-17 03:45 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 14:57 . 2010-10-13 06:27 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-12 06:37 . 2012-05-29 20:48 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-12 06:37 . 2010-11-02 01:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 06:45 . 2012-04-04 08:48 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 06:45 . 2011-05-13 05:06 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 05:00 . 2009-07-13 23:16 6656 ----a-w- c:\windows\SysWow64\lpcio.dll
2012-08-15 14:16 . 2012-08-15 14:16 62104 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-08-15 14:16 . 2012-08-15 14:16 48792 ----a-w- c:\windows\system32\vnetinst.dll
2012-08-15 14:16 . 2012-08-15 14:16 45720 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-08-15 14:16 . 2012-08-15 14:16 24216 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-08-15 14:16 . 2012-08-15 14:16 20120 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-08-15 12:33 . 2012-08-15 12:33 353280 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-08-13 15:49 . 2012-08-13 15:49 178008 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-02 14:09 . 2012-08-02 14:09 28504 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-08-01 16:10 . 2012-08-01 16:10 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
2012-07-30 13:16 . 2012-07-23 11:41 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-07-28 02:09 . 2012-07-28 02:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-07-28 01:54 . 2012-07-28 01:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-26 18:08 . 2012-07-26 18:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 18:08 . 2012-07-26 18:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 18:08 . 2012-07-26 18:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 18:08 . 2012-07-26 18:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 18:08 . 2012-07-26 18:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 14:22 . 2012-07-26 14:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 14:22 . 2012-07-26 14:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 14:22 . 2012-07-26 14:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-25 13:53 . 2012-07-25 13:53 29016 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-07-18 18:15 . 2012-08-15 14:21 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 14:14 . 2012-07-17 14:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL
2012-07-17 13:49 . 2012-07-17 13:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 13:37 . 2012-07-17 13:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-06 11:29 . 2012-07-06 11:29 85104 ----a-w- c:\windows\system32\drivers\vmci.sys
2012-07-04 22:16 . 2012-08-15 14:21 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 14:21 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 14:21 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 14:21 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 12:46 . 2012-08-15 14:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 04:55 . 2012-08-15 14:25 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 14:25 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 14:25 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 14:25 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 14:25 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 14:25 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 14:25 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 14:25 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 14:25 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 14:25 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 14:25 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 14:25 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 14:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 14:25 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 14:25 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 14:25 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 14:25 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 14:25 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 14:25 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-26 15:02 . 2012-06-26 15:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-06-26 15:02 . 2012-06-26 15:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-06-26 15:02 . 2012-06-26 15:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-06-26 15:02 . 2012-06-26 15:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-06-26 15:02 . 2012-06-26 15:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-06-26 15:02 . 2012-06-26 15:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-06-26 15:02 . 2012-06-26 15:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-06-26 15:02 . 2012-06-26 15:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-06-26 15:02 . 2012-06-26 15:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-06-26 15:02 . 2012-06-26 15:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-06-26 15:02 . 2012-06-26 15:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-06-26 15:02 . 2012-06-26 15:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-06-26 15:02 . 2012-06-26 15:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-06-26 15:02 . 2012-06-26 15:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-06-26 15:02 . 2012-06-26 15:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-06-26 15:02 . 2012-06-26 15:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-06-26 15:02 . 2012-06-26 15:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-06-26 15:02 . 2012-06-26 15:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-06-26 15:02 . 2012-06-26 15:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-06-26 15:02 . 2012-06-26 15:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-06-26 15:02 . 2012-06-26 15:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-06-26 15:02 . 2012-06-26 15:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-06-26 15:02 . 2012-06-26 15:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-06-26 15:02 . 2012-06-26 15:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-06-26 15:02 . 2012-06-26 15:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-06-24 15:33 . 2012-06-24 15:34 40464 ----a-w- c:\windows\system32\drivers\VBURNBus.sys
2012-06-24 15:33 . 2012-06-24 15:34 221720 ----a-w- c:\windows\system32\drivers\vburn1000.sys
2012-06-19 16:28 . 2012-06-19 16:28 458584 ----a-w- c:\windows\system32\drivers\kl1.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-15_03.45.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-09-15 13:25 44678 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-13 06:18 . 2012-09-15 13:25 44658 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2871378942-2181502166-1982673502-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-09-15 13:24 95992 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-09-15 13:37 . 2012-09-15 13:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-15 03:43 . 2012-09-15 03:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-15 13:37 . 2012-09-15 13:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-15 03:43 . 2012-09-15 03:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-13 06:48 . 2012-09-15 13:25 105344 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2011-12-09 12:14 . 2012-09-15 03:42 514328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-09 12:14 . 2012-09-15 13:36 514328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-09-15 13:24 7107791 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-09-15 03:18 7107791 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2012-09-15 03:15 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-09-15 13:22 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-12-09 12:14 . 2012-09-15 13:36 42828756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2871378942-2181502166-1982673502-1000-8192.dat
- 2011-12-09 12:14 . 2012-09-15 03:42 12701847 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2871378942-2181502166-1982673502-1000-12288.dat
+ 2011-12-09 12:14 . 2012-09-15 13:22 12701847 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2871378942-2181502166-1982673502-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 765200]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-10 896912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-08-15 15680000]
R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2005-09-19 142336]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2139536]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vburnbus;Phantom Drive Bus Enumerator;c:\windows\system32\DRIVERS\vburnbus.sys [2012-06-24 40464]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-13 1255736]
S0 DeepFrz;DeepFrz; [x]
S0 DfDiskLow;DfDiskLow; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-04-16 132704]
S0 fsh;fsh; [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DFServ;DFServ;c:\program files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [2012-09-04 1092096]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-05-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-07-25 29016]
S3 PCWinSoft;ScreenCamera Video Camera;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys [2011-07-25 241880]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:45]
.
2012-09-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2871378942-2181502166-1982673502-1000Core.job
- c:\users\Benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10 22:41]
.
2012-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2871378942-2181502166-1982673502-1000UA.job
- c:\users\Benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10 22:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=DDX&from=DDX&uid=WDC_WD3200AAJS-22B4A0_WD-WMAT1519001590015&ts=1347678606
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\jvlzwz9a.default-1344031003598\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2CE73E4-C5ED-4FC4-7B7A-D9F3D461CC1A}*]
"hanjiaogmhddpeop"=hex:6b,61,65,64,6a,6e,6d,69,65,6e,6e,6d,6b,62,65,61,64,67,
6c,6c,6d,6d,00,00
"iahkchbbppjapigcln"=hex:6b,61,65,64,6a,6e,6d,69,65,6e,6e,6d,6b,62,65,61,64,67,
6c,6c,6d,6d,00,00
"fadjbdfmclhc"=hex:6b,61,69,69,70,69,68,68,6f,65,66,6b,6b,64,65,6a,67,62,68,61,
63,70,00,74
"fadjidkbeggh"=hex:6f,62,63,68,66,6b,61,69,66,61,68,66,63,6a,64,69,61,68,66,6f,
6b,70,69,6d,6f,6a,6c,66,6c,6a,61,70,6d,69,69,65,66,69,6f,6a,63,6e,65,6b,70,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE04.00.00.01MSWINDOWS"="F4BA718855ABDABF506ADEF36EDD97A7F785B0974B53EF5C7B1EE448682202D7D0A33A348423F616B4C3FCED8CBF914996A26C3E0C0FDE5898DAA954B53FF0AD9CD9C0B87CD7255AE6F83417353F0684447DA1D9519E2D2AD3D4F88E2486C2B0C9AC369FB772884457D73D60B492F0079580B4DDD9E44E1900AF7C8F012886DC0B1F304BB6936523BD5E380DDC637296DDC96B15693B5A7A34C8C6C723C9EDBC596AA76EFE4A28D910C4263985D3CB88B8A9F21DC5EC0DBACDAD4A79DF034BF2F078F98F991FDB5E0E706E4E85F2E4C8042658E739BA465C689F613B926299B4516A680C120AB3B9B77FDA8EBCC94755E179913AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B98088EDD5E5BE2F6E6676D66A36FC1273F4589B036F43F42890BD45ED9662AC60CA5BA399392FC2008B42E81CFA175EEF44A903D7F400DBDDE482AD1BF28F2025A892BF41468987586D4C8E2B58A573420A9DEEF6503943A24582BE5DFF00C9F02EA8C284F2D132EDC5AE13BDDADFE4C619CE989CA33902B24F5BD04154BF14B17AAD60CB822C7578AED2230F8204BBEC02FA9BBB6DA7DB48E36CD8EE058E36A1281054DE99DD5AFEF89B45DD60DDB4826449DAD541B1F30F67BC958664C65134FF8160EA007232AD07F4D4EED3297D9638E46F9F126F9AB5501A22BED6FBC0F8FF00FE23BDC576FD9719D88D8E0A697A819A93104C2D9E883555141E29DF5DC771BF75540B0DD591658E0FE540275D98C3E52D41FCD4C5DC159CE4B55C6DFAE0E7FDADF5826E7F9F77F511DC28DB52E0AAE4C5C7F36A2B1B4C31B6C79708C6CC1F748F651F868925406B0C0A992DDD27EF12AB3847D73C4E01D37BEA6B1D42F6033537E1A74191CE461443BB3B3A43FAD5E81B8AF3D9AA7B4C3AB4CD83853C5213494CD4A7AF441C6D7D3D3AE270A993D22EABF291FB21F7DE88196B143E6341AD2A7B397803C62FB062C440D36CC40373D868DBAE3A1A5EF14488FF126322F49372BF1E10F7291E85B9D3AE2C072C20B8473DED45C8A68239C13A183CA9DA18E62C3BAA7456197D71C7ED6EB3745E40A20586289735AC8123277A8F22D532A2DA718B98F5294EF76DFA5B184A152216C0F5F3C8E213DDC1BD510F1EDDD431C4F2BD38AE17C5B4AD411EFD43019E922C91F3581C0F525EC04DDFC44CA801FFD01E9A8BF0C9D4B0969F0BEBC13CBA14AA3770D3E1E95C978F273DED700CCDF8832B2485C9D223B440E13F5DCF8FD522C59101A71C936A4AE73145ED52990C02C37266A5ACC8AC748FD5F001A4E039991B3B5180D0A257377F492246107AABE0AC83DCB27F16D52925D12C650264757F55B8944FACA3F396ACB93E08C7D901F7983C12BA289F4"
"OOSE05.00.00.01PRO"="49D1FD4ABFA08F67233F6874877E457DC229121076C0505D2F782CC6DF7CC2D9EB3E42C0EDD3DFB5F429515FEC8EC04AD6D170CA2510FEFD484F844C4617F404E8A2070064CC8A7379ECE0CA7BA6972D337A4AAB10934C0EA718C45659823772B641249F762D4A0F0E8F1FBAC03C0590BE0D794620B61893DA453BA4F63F2868AB30752E9EAAA0A5F3EE98AB705C0C8FC34CDB21DEF78249541AB4EB24E0AC5C045CD9ADF78DD18C51B95DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB34525D575E7D6A3B98088EDD5E5BE2F6E66768CD1E08579F5E741DF01F27EB03EA595519BB8178910C43FD795CE18FBAFE6AA9303108F235B534750485BA630152C548AEDD61CA7D6FAE6234E6372C8AB59BB3523A8668B8C9A00E76EB78D78D800D1CCCE9F4A8D56752B5D3B08C140A9DFB731047FDE7BE003320BC933ED5241D59F521F69999A07F2AAADEC262EE6A46F547E6772F52BF0DE6D86F512B9BA8A4D4F0FCAE6FDAC61B3168803F77943C177883FD7F9C3F18FBBA5ACB8FA39C5EE4B21A58D05D5D196D6B0A07D655927849F5709BA78C77082C34B8B2CA4F81EF8326F24B2E8B45C87F5D1F6752432C7AE966CA2CCA0C7B344F587DA8941C25EA77687294ACE6E96B2E8FA9B50BD0D5825C42C1BE5CE8FDA5EDB5A3D5913796BF0DB58116C8A059FCAA9122AD73CF39B1D4897A085D36E347E0581F897C979944E3CF01558E2FD35B79F471308BD6B211DD3E8BE0684A48EAD858D33221F3A632EEF93FFC21494DC8F1CD783DECBF558CD5E78142A842F84357C91A6661486826777C84D936EE6FEBC3378AFDC1A8E6F26D8FDB4E5DFC796BB349BFDD33D53F2218A68ADD995F164F6DCDEBBBC973DEF5AAC59048DD9C015D977706769D20BD8BC0C57EA0A79FD060C434DAE6D7C6ECAF681C85198F88F9798277A0AF41EEABAB35310459D3F965F1F00F0490540CF01AD2AA97CAEF6C80864870B9B0CCCF04B00E3F2FE8A4FA4CBA71098C71B87282156C09170F8FB6E9AA8E0F6EC00690772AB54F8B4EB3F331D5944F0AE3956C69E20BD8C738111B3BF2D0014FCC4747E88FEDBF96B130F975BF009387660E2E23ACD7BB61BF2F9030505D7CE166FC4B6FB8C8F5425B5AE5AD5D2D8B051C5834617C525711C034D2369656B61EC1A73958E3AD5A743B0AD522F1E870F3CB423A0BC34A58757B81606FFD336DF238DE7121B15ADA8761A9294E2BD1013D6028C43853E66CA2520B7C33233FDF3EC6C997FDA85C664984B707E416DFFC3AE8FE18B76321C5214F59AD8C869850580E269257321AF2FC7EC5D7C823D92C3B18CD3F0A10469AED1D09C0390EB10809D24511C69A497856CCF848922C5C5682C5AF08E3D8F927770C4843AB"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2012-09-15 14:42:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 13:42
ComboFix2.txt 2012-09-15 03:56
.
Pre-Run: 239,145,127,936 bytes free
Post-Run: 239,045,406,720 bytes free
.
- - End Of File - - FFD8D36AAF1098301F78E1440900BFE2

Hello Conspire i did remove norton and i`m sorry i did the last scan wrong, Hopefully this one is correct. Thank you once again

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 15 September 2012 - 09:05 AM

Apparently, Norton wasn't removed nicely and we will have to run the uninstall tool when we're done.

I'm changing the script a little bit. Please run it again.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

RegLockDel::
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2CE73E4-C5ED-4FC4-7B7A-D9F3D461CC1A}]


In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 PillowTalk

PillowTalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 15 September 2012 - 01:08 PM

ComboFix 12-09-14.03 - Benjamin 15/09/2012 18:38:24.4.4 - x64
Running from: c:\users\Benjamin\Desktop\ComboFix.exe
Command switches used :: c:\users\Benjamin\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 17:46 . 2012-09-15 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 17:01 . 2012-09-15 17:14 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-09-15 16:58 . 2012-07-25 13:53 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-09-15 13:57 . 2012-09-15 13:57 0 ----a-w- c:\users\Benjamin\AppData\Local\jv16PT_temp.tmp
2012-09-15 13:56 . 2012-09-15 13:57 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2012
2012-09-15 03:10 . 2012-09-15 03:10 -------- d-----w- C:\User Data
2012-09-15 03:10 . 2012-09-15 03:10 -------- d-----w- c:\program files (x86)\newtabs
2012-09-15 01:19 . 2012-07-11 16:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-09-15 01:18 . 2012-09-15 01:18 -------- d-----w- c:\windows\ELAMBKUP
2012-09-15 01:18 . 2012-08-13 17:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-09-15 01:18 . 2012-08-13 17:24 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2012-09-14 23:51 . 2012-08-21 13:44 41632 ----a-w- c:\windows\system32\CleanMFT64.exe
2012-09-14 23:51 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2012-09-14 23:51 . 2008-04-02 14:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2012-09-14 23:51 . 2008-04-02 14:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2012-09-14 23:51 . 2012-08-21 13:44 513696 ----a-w- c:\windows\SysWow64\msxml.dll
2012-09-14 23:51 . 2012-09-14 23:51 -------- d-----w- c:\program files (x86)\PC Tools
2012-09-14 23:51 . 2012-09-14 23:51 -------- d-----w- c:\programdata\PC Tools
2012-09-12 19:51 . 2012-09-12 19:51 16336550 ------w- C:\Persi0.sys
2012-09-12 14:56 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:56 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:56 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:56 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:56 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:56 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:56 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 06:37 . 2012-09-12 06:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 23:40 . 2012-09-04 23:40 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Digiarty
2012-09-04 23:40 . 2012-09-04 23:40 -------- d-----w- c:\program files (x86)\Digiarty
2012-09-04 18:38 . 2012-09-11 13:36 -------- d-----w- c:\users\Benjamin\AppData\Local\VMware
2012-09-04 18:36 . 2012-07-06 11:30 67224 ----a-w- c:\windows\system32\vsocklib.dll
2012-09-04 18:36 . 2012-07-06 11:29 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2012-09-04 18:36 . 2012-07-06 11:29 70256 ----a-w- c:\windows\system32\drivers\vsock.sys
2012-09-04 18:36 . 2012-08-15 14:18 67224 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-09-04 18:36 . 2012-08-15 14:16 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-09-04 18:35 . 2012-08-15 14:18 357016 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-09-04 18:35 . 2012-08-15 14:18 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-09-04 18:35 . 2012-08-15 14:17 435864 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-09-04 18:35 . 2012-08-15 14:18 933528 ----a-w- c:\windows\system32\vnetlib64.dll
2012-09-04 18:35 . 2012-08-01 16:10 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-09-04 18:34 . 2012-09-04 18:34 -------- d-----w- c:\program files\Common Files\VMware
2012-09-04 18:34 . 2012-09-15 17:48 -------- d-----w- c:\programdata\VMware
2012-09-04 18:34 . 2012-09-04 18:34 -------- d-----w- c:\program files (x86)\VMware
2012-09-04 18:34 . 2012-09-04 18:34 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-09-04 15:04 . 2012-09-04 15:04 -------- d-----w- c:\program files (x86)\Remove Logo Now!
2012-09-04 10:37 . 2012-09-04 10:37 38232 ----a-w- c:\windows\system32\drivers\DfDiskLow.sys
2012-09-04 10:37 . 2012-09-04 10:37 214744 ----a-w- c:\windows\system32\drivers\DeepFrz.sys
2012-08-29 15:01 . 2012-09-14 20:17 -------- d-----w- c:\users\Benjamin\AppData\Local\NPE
2012-08-27 06:37 . 2012-08-27 06:50 -------- d-----w- c:\program files (x86)\Faronics
2012-08-27 05:42 . 2012-08-27 05:42 -------- d-----w- c:\program files (x86)\FinalWire
2012-08-27 04:30 . 2012-08-27 04:30 -------- d-----w- c:\program files (x86)\Disktrix
2012-08-24 09:58 . 2012-08-24 09:58 -------- d-----w- c:\users\Benjamin\AppData\Roaming\KC Softwares
2012-08-24 09:58 . 2012-08-24 09:58 -------- d-----w- c:\program files (x86)\KC Softwares
2012-08-23 04:57 . 2012-05-11 15:55 107632 ------w- c:\windows\system32\drivers\Shield.sys
2012-08-23 04:57 . 2009-10-14 12:20 5120 ------w- c:\windows\SysWow64\chkvdisk.exe
2012-08-23 04:57 . 2012-08-23 04:57 -------- d-----w- c:\windows\SysWow64\configfix
2012-08-23 04:55 . 2012-08-23 04:55 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-08-21 22:30 . 2012-08-21 22:30 -------- d-----w- c:\users\Benjamin\AppData\Roaming\PowerISO
2012-08-21 22:30 . 2012-08-17 04:41 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-08-21 22:30 . 2012-08-21 22:30 -------- d-----w- c:\program files (x86)\PowerISO
2012-08-21 21:43 . 2012-08-21 21:43 -------- d-----w- c:\program files (x86)\BurnAware Professional
2012-08-17 03:45 . 2012-08-17 03:45 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 14:57 . 2010-10-13 06:27 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-12 06:37 . 2012-05-29 20:48 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-12 06:37 . 2010-11-02 01:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 06:45 . 2012-04-04 08:48 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 06:45 . 2011-05-13 05:06 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 05:00 . 2009-07-13 23:16 6656 ----a-w- c:\windows\SysWow64\lpcio.dll
2012-08-15 14:16 . 2012-08-15 14:16 62104 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-08-15 14:16 . 2012-08-15 14:16 48792 ----a-w- c:\windows\system32\vnetinst.dll
2012-08-15 14:16 . 2012-08-15 14:16 45720 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-08-15 14:16 . 2012-08-15 14:16 24216 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-08-15 14:16 . 2012-08-15 14:16 20120 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-08-15 12:33 . 2012-08-15 12:33 353280 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-08-13 15:49 . 2012-08-13 15:49 178008 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-02 14:09 . 2012-08-02 14:09 28504 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-08-01 16:10 . 2012-08-01 16:10 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
2012-07-30 13:16 . 2012-07-23 11:41 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-07-28 02:09 . 2012-07-28 02:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-07-28 01:54 . 2012-07-28 01:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-26 18:08 . 2012-07-26 18:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 18:08 . 2012-07-26 18:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 18:08 . 2012-07-26 18:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 18:08 . 2012-07-26 18:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 18:08 . 2012-07-26 18:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 14:22 . 2012-07-26 14:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 14:22 . 2012-07-26 14:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 14:22 . 2012-07-26 14:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-18 18:15 . 2012-08-15 14:21 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 14:14 . 2012-07-17 14:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL
2012-07-17 13:49 . 2012-07-17 13:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 13:37 . 2012-07-17 13:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-06 11:29 . 2012-07-06 11:29 85104 ----a-w- c:\windows\system32\drivers\vmci.sys
2012-07-04 22:16 . 2012-08-15 14:21 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 14:21 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 14:21 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 14:21 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 12:46 . 2012-08-15 14:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 04:55 . 2012-08-15 14:25 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 14:25 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 14:25 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 14:25 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 14:25 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 14:25 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 14:25 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 14:25 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 14:25 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 14:25 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 14:25 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 14:25 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 14:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 14:25 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 14:25 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 14:25 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 14:25 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 14:25 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 14:25 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-26 15:02 . 2012-06-26 15:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-06-26 15:02 . 2012-06-26 15:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-06-26 15:02 . 2012-06-26 15:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-06-26 15:02 . 2012-06-26 15:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-06-26 15:02 . 2012-06-26 15:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-06-26 15:02 . 2012-06-26 15:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-06-26 15:02 . 2012-06-26 15:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-06-26 15:02 . 2012-06-26 15:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-06-26 15:02 . 2012-06-26 15:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-06-26 15:02 . 2012-06-26 15:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-06-26 15:02 . 2012-06-26 15:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-06-26 15:02 . 2012-06-26 15:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-06-26 15:02 . 2012-06-26 15:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-06-26 15:02 . 2012-06-26 15:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-06-26 15:02 . 2012-06-26 15:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-06-26 15:02 . 2012-06-26 15:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-06-26 15:02 . 2012-06-26 15:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-06-26 15:02 . 2012-06-26 15:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-06-26 15:02 . 2012-06-26 15:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-06-26 15:02 . 2012-06-26 15:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-06-26 15:02 . 2012-06-26 15:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-06-26 15:02 . 2012-06-26 15:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-06-26 15:02 . 2012-06-26 15:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-06-26 15:02 . 2012-06-26 15:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-06-26 15:02 . 2012-06-26 15:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-06-24 15:33 . 2012-06-24 15:34 40464 ----a-w- c:\windows\system32\drivers\VBURNBus.sys
2012-06-24 15:33 . 2012-06-24 15:34 221720 ----a-w- c:\windows\system32\drivers\vburn1000.sys
2012-06-19 16:28 . 2012-06-19 16:28 458584 ----a-w- c:\windows\system32\drivers\kl1.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-15_16.39.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-09-15 17:19 44758 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-13 06:18 . 2012-09-15 17:19 45076 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2871378942-2181502166-1982673502-1000_UserData.bin
+ 2012-05-25 18:38 . 2012-05-25 18:38 25432 c:\windows\system32\drivers\klkbdflt.sys
+ 2010-12-09 19:53 . 2012-09-15 16:51 3124 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-12-09 19:53 . 2012-09-15 13:43 3124 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-12-03 13:06 . 2012-09-15 16:41 1618 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2010-12-03 13:06 . 2012-09-15 13:39 1618 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2012-09-15 16:39 . 2012-09-15 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-15 17:48 . 2012-09-15 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-15 17:48 . 2012-09-15 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-15 16:39 . 2012-09-15 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-13 06:48 . 2012-09-15 16:54 106168 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2011-12-09 12:14 . 2012-09-15 16:38 514328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-09 12:14 . 2012-09-15 17:47 514328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 765200]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-10 896912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-08-15 15680000]
R3 ck3pro;XECUTER CK3 PRO - USB Driver;c:\windows\system32\DRIVERS\ck3pro64.sys [2010-07-14 97280]
R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2005-09-19 142336]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-05-25 25432]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-07-25 25944]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2139536]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vburnbus;Phantom Drive Bus Enumerator;c:\windows\system32\DRIVERS\vburnbus.sys [2012-06-24 40464]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-13 1255736]
S0 DeepFrz;DeepFrz; [x]
S0 DfDiskLow;DfDiskLow; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-04-16 132704]
S0 fsh;fsh; [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 DFServ;DFServ;c:\program files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [2012-09-04 1092096]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 PCWinSoft;ScreenCamera Video Camera;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys [2011-07-25 241880]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:45]
.
2012-09-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2871378942-2181502166-1982673502-1000Core.job
- c:\users\Benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10 22:41]
.
2012-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2871378942-2181502166-1982673502-1000UA.job
- c:\users\Benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10 22:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=DDX&from=DDX&uid=WDC_WD3200AAJS-22B4A0_WD-WMAT1519001590015&ts=1347678606
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\jvlzwz9a.default-1344031003598\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2871378942-2181502166-1982673502-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2CE73E4-C5ED-4FC4-7B7A-D9F3D461CC1A}*]
"hanjiaogmhddpeop"=hex:6b,61,65,64,6a,6e,6d,69,65,6e,6e,6d,6b,62,65,61,64,67,
6c,6c,6d,6d,00,00
"iahkchbbppjapigcln"=hex:6b,61,65,64,6a,6e,6d,69,65,6e,6e,6d,6b,62,65,61,64,67,
6c,6c,6d,6d,00,00
"fadjbdfmclhc"=hex:6b,61,69,69,70,69,68,68,6f,65,66,6b,6b,64,65,6a,67,62,68,61,
63,70,00,74
"fadjidkbeggh"=hex:6f,62,63,68,66,6b,61,69,66,61,68,66,63,6a,64,69,61,68,66,6f,
6b,70,69,6d,6f,6a,6c,66,6c,6a,61,70,6d,69,69,65,66,69,6f,6a,63,6e,65,6b,70,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE04.00.00.01MSWINDOWS"="F4BA718855ABDABF506ADEF36EDD97A7F785B0974B53EF5C7B1EE448682202D7D0A33A348423F616B4C3FCED8CBF914996A26C3E0C0FDE5898DAA954B53FF0AD9CD9C0B87CD7255AE6F83417353F0684447DA1D9519E2D2AD3D4F88E2486C2B0C9AC369FB772884457D73D60B492F0079580B4DDD9E44E1900AF7C8F012886DC0B1F304BB6936523BD5E380DDC637296DDC96B15693B5A7A34C8C6C723C9EDBC596AA76EFE4A28D910C4263985D3CB88B8A9F21DC5EC0DBACDAD4A79DF034BF2F078F98F991FDB5E0E706E4E85F2E4C8042658E739BA465C689F613B926299B4516A680C120AB3B9B77FDA8EBCC94755E179913AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B98088EDD5E5BE2F6E6676D66A36FC1273F4589B036F43F42890BD45ED9662AC60CA5BA399392FC2008B42E81CFA175EEF44A903D7F400DBDDE482AD1BF28F2025A892BF41468987586D4C8E2B58A573420A9DEEF6503943A24582BE5DFF00C9F02EA8C284F2D132EDC5AE13BDDADFE4C619CE989CA33902B24F5BD04154BF14B17AAD60CB822C7578AED2230F8204BBEC02FA9BBB6DA7DB48E36CD8EE058E36A1281054DE99DD5AFEF89B45DD60DDB4826449DAD541B1F30F67BC958664C65134FF8160EA007232AD07F4D4EED3297D9638E46F9F126F9AB5501A22BED6FBC0F8FF00FE23BDC576FD9719D88D8E0A697A819A93104C2D9E883555141E29DF5DC771BF75540B0DD591658E0FE540275D98C3E52D41FCD4C5DC159CE4B55C6DFAE0E7FDADF5826E7F9F77F511DC28DB52E0AAE4C5C7F36A2B1B4C31B6C79708C6CC1F748F651F868925406B0C0A992DDD27EF12AB3847D73C4E01D37BEA6B1D42F6033537E1A74191CE461443BB3B3A43FAD5E81B8AF3D9AA7B4C3AB4CD83853C5213494CD4A7AF441C6D7D3D3AE270A993D22EABF291FB21F7DE88196B143E6341AD2A7B397803C62FB062C440D36CC40373D868DBAE3A1A5EF14488FF126322F49372BF1E10F7291E85B9D3AE2C072C20B8473DED45C8A68239C13A183CA9DA18E62C3BAA7456197D71C7ED6EB3745E40A20586289735AC8123277A8F22D532A2DA718B98F5294EF76DFA5B184A152216C0F5F3C8E213DDC1BD510F1EDDD431C4F2BD38AE17C5B4AD411EFD43019E922C91F3581C0F525EC04DDFC44CA801FFD01E9A8BF0C9D4B0969F0BEBC13CBA14AA3770D3E1E95C978F273DED700CCDF8832B2485C9D223B440E13F5DCF8FD522C59101A71C936A4AE73145ED52990C02C37266A5ACC8AC748FD5F001A4E039991B3B5180D0A257377F492246107AABE0AC83DCB27F16D52925D12C650264757F55B8944FACA3F396ACB93E08C7D901F7983C12BA289F4"
"OOSE05.00.00.01PRO"="49D1FD4ABFA08F67233F6874877E457DC229121076C0505D2F782CC6DF7CC2D9EB3E42C0EDD3DFB5F429515FEC8EC04AD6D170CA2510FEFD484F844C4617F404E8A2070064CC8A7379ECE0CA7BA6972D337A4AAB10934C0EA718C45659823772B641249F762D4A0F0E8F1FBAC03C0590BE0D794620B61893DA453BA4F63F2868AB30752E9EAAA0A5F3EE98AB705C0C8FC34CDB21DEF78249541AB4EB24E0AC5C045CD9ADF78DD18C51B95DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB34525D575E7D6A3B98088EDD5E5BE2F6E66768CD1E08579F5E741DF01F27EB03EA595519BB8178910C43FD795CE18FBAFE6AA9303108F235B534750485BA630152C548AEDD61CA7D6FAE6234E6372C8AB59BB3523A8668B8C9A00E76EB78D78D800D1CCCE9F4A8D56752B5D3B08C140A9DFB731047FDE7BE003320BC933ED5241D59F521F69999A07F2AAADEC262EE6A46F547E6772F52BF0DE6D86F512B9BA8A4D4F0FCAE6FDAC61B3168803F77943C177883FD7F9C3F18FBBA5ACB8FA39C5EE4B21A58D05D5D196D6B0A07D655927849F5709BA78C77082C34B8B2CA4F81EF8326F24B2E8B45C87F5D1F6752432C7AE966CA2CCA0C7B344F587DA8941C25EA77687294ACE6E96B2E8FA9B50BD0D5825C42C1BE5CE8FDA5EDB5A3D5913796BF0DB58116C8A059FCAA9122AD73CF39B1D4897A085D36E347E0581F897C979944E3CF01558E2FD35B79F471308BD6B211DD3E8BE0684A48EAD858D33221F3A632EEF93FFC21494DC8F1CD783DECBF558CD5E78142A842F84357C91A6661486826777C84D936EE6FEBC3378AFDC1A8E6F26D8FDB4E5DFC796BB349BFDD33D53F2218A68ADD995F164F6DCDEBBBC973DEF5AAC59048DD9C015D977706769D20BD8BC0C57EA0A79FD060C434DAE6D7C6ECAF681C85198F88F9798277A0AF41EEABAB35310459D3F965F1F00F0490540CF01AD2AA97CAEF6C80864870B9B0CCCF04B00E3F2FE8A4FA4CBA71098C71B87282156C09170F8FB6E9AA8E0F6EC00690772AB54F8B4EB3F331D5944F0AE3956C69E20BD8C738111B3BF2D0014FCC4747E88FEDBF96B130F975BF009387660E2E23ACD7BB61BF2F9030505D7CE166FC4B6FB8C8F5425B5AE5AD5D2D8B051C5834617C525711C034D2369656B61EC1A73958E3AD5A743B0AD522F1E870F3CB423A0BC34A58757B81606FFD336DF238DE7121B15ADA8761A9294E2BD1013D6028C43853E66CA2520B7C33233FDF3EC6C997FDA85C664984B707E416DFFC3AE8FE18B76321C5214F59AD8C869850580E269257321AF2FC7EC5D7C823D92C3B18CD3F0A10469AED1D09C0390EB10809D24511C69A497856CCF848922C5C5682C5AF08E3D8F927770C4843AB"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2012-09-15 18:59:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 17:59
ComboFix2.txt 2012-09-15 16:50
ComboFix3.txt 2012-09-15 13:42
ComboFix4.txt 2012-09-15 03:56
.
Pre-Run: 239,787,384,832 bytes free
Post-Run: 239,692,095,488 bytes free
.
- - End Of File - - DFB9B75D8BA544EAF1D32B30BA829721

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 15 September 2012 - 10:44 PM

We will need to repair some of your system files.

Windows Repair Tool

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check
Posted Image


Once that is done then go to step 3 and allow it to run SFC
Posted Image

On the the Start Repairs tab. Click the Advanced Mode and click Start

Posted Image

Please ensure that items seen in the image below are ticked as well as the Repair MSI (Windows Installer) & Set Windows Services to Default Setup.

Click on box next to the Restart System when Finished. Then click on Start

Posted Image
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 15 September 2012 - 10:45 PM

Also post a new DDS log after running the repair tool.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 PillowTalk

PillowTalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 16 September 2012 - 04:11 PM

Conspire.. i ahve lost all usb functions on my pc im having to use another pc to write this i tried to use the kaspersky uninstaller after that combo fix becuase i didn`t want kaspersky and now i have no usb keyboard or mouse working

#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 17 September 2012 - 03:56 AM

Did you try to unplug and plug it again?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users