Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Kelihos.sm infection


  • Please log in to reply
7 replies to this topic

#1 ausghostdog

ausghostdog

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 23 December 2012 - 08:35 AM

Hey,
Downloaded a program today that was pretty stupid of me today so, as after which I started having issues of system getting real sluggish cpu and ram useage would be normal but it would take forever to load anything at all. The process for the program would load and about four to five minutes later the program might load. After a few hours I cracked it and booted safe mode an ran Combofix. One of the items it picked up was something to do with a worm called Kelihos.sm

Quick edit

my system just slowed down again like it was doing before, were it took a very long time to load anything at all. Once I restart the system it worked fine again, so there is definitely there.


Edit once again

System done the slow down again. Had to restart, pretty sure I am still infected.
DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.4.1
Run by Ghostdog at 7:19:03 on 2012-12-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8191.6106 [GMT 10:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
F:\games\game\s\steam\Steam.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: NameServer = 124.254.72.68 124.254.72.70 192.168.0.1
TCP: Interfaces\{3306771C-E7FF-484B-A7B9-EBCEC7962A5F} : DHCPNameServer = 203.12.160.35 203.12.160.36 192.168.0.1
TCP: Interfaces\{EEE945E3-30A0-4779-A9FA-70A752364EF1} : NameServer = 8.8.8.8
TCP: Interfaces\{EEE945E3-30A0-4779-A9FA-70A752364EF1} : DHCPNameServer = 124.254.72.68 124.254.72.70 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll
x64-Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\dx6xzha8.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ghostdog\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ghostdog\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-24 08:53; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - ExtSQL: 2012-12-11 10:09; https-everywhere@eff.org; C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\dx6xzha8.default\extensions\https-everywhere@eff.org
FF - ExtSQL: 2012-12-19 17:23; antigameorigin@antigame.de; C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\dx6xzha8.default\extensions\antigameorigin@antigame.de.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-2 270912]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2010-2-24 191616]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 206448]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-11-21 165112]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-2-14 72216]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-4-27 301720]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-5-12 87040]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-9-30 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-9-30 16008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-6-25 1930240]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-30 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-30 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-18 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-18 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-18 30208]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-8-20 117080]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-30 1255736]
.
=============== Created Last 30 ================
.
2012-12-23 13:23:10 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-23 07:12:24 -------- d-----w- C:\Users\Ghostdog\AppData\Roaming\WAV To MP3
2012-12-22 22:41:53 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75E7B084-975D-423C-B5F2-04E3D51E96FD}\mpengine.dll
2012-12-22 22:41:29 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 22:41:29 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 22:41:27 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 22:41:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-19 06:05:59 -------- d-----w- C:\Users\Ghostdog\AppData\Local\PDF Writer
2012-12-19 06:02:47 227840 ----a-w- C:\Windows\SysWow64\bzFlRdr.dll
2012-12-19 06:02:47 139264 ----a-w- C:\Windows\SysWow64\bzpdfc.dll
2012-12-19 06:02:47 103424 ----a-w- C:\Windows\SysWow64\bzDCT.dll
2012-12-19 06:02:47 -------- d-----w- C:\Users\Ghostdog\AppData\Roaming\PDF Writer
2012-12-19 06:02:47 -------- d-----w- C:\ProgramData\PDF Writer
2012-12-19 06:02:47 -------- d-----w- C:\Program Files\Common Files\Bullzip
2012-12-19 06:02:44 218624 ----a-w- C:\Windows\System32\bzpdf.dll
2012-12-19 06:02:39 -------- d-----w- C:\Program Files\Bullzip
2012-12-18 06:55:46 -------- d-----w- C:\Users\Ghostdog\AppData\Local\ElevatedDiagnostics
2012-12-18 03:51:25 -------- d-----w- C:\Users\Ghostdog\AppData\Local\Rockstar Games
2012-12-16 04:39:51 -------- d-----w- C:\Users\Ghostdog\AppData\Local\Dxtory Software
2012-12-15 04:51:11 -------- d-----w- C:\Users\Ghostdog\AppData\Local\Electronic Arts
2012-12-11 23:58:29 -------- d-----w- C:\Windows\Migration
2012-12-11 23:39:48 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-12-09 14:33:55 -------- d-----w- C:\Users\Ghostdog\AppData\Local\Introversion
2012-12-09 14:32:43 -------- d-----w- C:\Windows\SysWow64\directx
2012-12-05 11:08:49 -------- d-----w- C:\Crash
2012-12-05 11:08:48 -------- d-----w- C:\Users\Ghostdog\AppData\Local\Sony Online Entertainment
2012-12-02 05:18:44 -------- d-----w- C:\Users\Ghostdog\AppData\Roaming\Bioshock2
2012-11-30 23:40:42 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2012-11-30 23:40:42 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-11-30 23:40:42 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2012-11-30 23:40:42 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-11-30 23:40:42 173568 ----a-w- C:\Windows\System32\xvid.ax
2012-11-30 23:40:42 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-11-30 23:40:41 -------- d-----w- C:\Program Files (x86)\Xvid
2012-11-30 23:38:00 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-11-30 23:38:00 53760 ----a-w- C:\Windows\System32\ff_acm.acm
2012-11-30 23:38:00 -------- d-----w- C:\Program Files\ffdshow
2012-11-30 23:24:10 -------- d-----w- C:\Users\Ghostdog\AppData\Local\Apple Computer
2012-11-30 23:24:09 -------- d-----w- C:\ProgramData\boost_interprocess
2012-11-30 23:24:07 -------- d-----w- C:\Users\Ghostdog\AppData\Local\Plex Media Server
2012-11-30 23:23:37 -------- d-----w- C:\Program Files (x86)\Plex
2012-11-28 23:03:33 -------- d-----w- C:\Users\Ghostdog\AppData\Local\DayZCommander
2012-11-28 12:48:48 -------- d-----w- C:\Users\Ghostdog\AppData\Roaming\Dwarfs
2012-11-28 12:47:31 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-11-27 11:38:52 -------- d-----w- C:\Users\Ghostdog\AppData\Roaming\TeamViewer
.
==================== Find3M ====================
.
2012-12-12 01:19:36 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 01:19:36 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-22 00:43:14 165112 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-23 22:54:34 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-10 11:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-10 11:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-10 11:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-10 11:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-10 11:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-10 11:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-10 11:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-10 11:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 07:07:04 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-08 07:07:03 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-10-08 07:07:03 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 03:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-29 09:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
.
============= FINISH: 7:20:00.17 ===============

ComboFix 12-12-22.02 - Ghostdog 23/12/2012 23:09:15.4.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8191.6708 [GMT 10:00]
Running from: c:\users\Ghostdog\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20121201074318.094400
c:\programdata\boost_interprocess\20121201074318.094400\9334581e-7251-4ef7-a8ec-5bfe8e89ff68
c:\programdata\boost_interprocess\20121201074318.094400\plex_frame_mutex
c:\users\Ghostdog\VBoxManage.exe
c:\windows\iun6002.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\wupdate.exe
D:\install.exe
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-23 to 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 13:15 . 2012-12-23 13:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-23 13:15 . 2012-12-23 13:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-23 13:15 . 2012-12-23 13:15 -------- d-----w- c:\users\MSSQL$SQLEXPRESS\AppData\Local\temp
2012-12-23 13:15 . 2012-12-23 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-23 07:12 . 2012-12-23 07:12 -------- d-----w- c:\users\Ghostdog\AppData\Roaming\WAV To MP3
2012-12-22 22:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75E7B084-975D-423C-B5F2-04E3D51E96FD}\mpengine.dll
2012-12-22 22:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 22:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 22:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 22:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-19 06:05 . 2012-12-19 06:05 -------- d-----w- c:\users\Ghostdog\AppData\Local\PDF Writer
2012-12-19 06:02 . 2012-12-19 06:02 -------- d-----w- c:\users\Ghostdog\AppData\Roaming\PDF Writer
2012-12-19 06:02 . 2012-12-19 06:02 -------- d-----w- c:\programdata\PDF Writer
2012-12-19 06:02 . 2012-12-19 06:02 -------- d-----w- c:\program files\Common Files\Bullzip
2012-12-19 06:02 . 2012-12-05 06:14 139264 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2012-12-19 06:02 . 2008-10-30 06:14 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll
2012-12-19 06:02 . 2008-07-09 06:14 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll
2012-12-19 06:02 . 2012-12-05 06:14 218624 ----a-w- c:\windows\system32\bzpdf.dll
2012-12-19 06:02 . 2012-12-19 06:02 -------- d-----w- c:\program files\Bullzip
2012-12-18 06:55 . 2012-12-18 06:55 -------- d-----w- c:\users\Ghostdog\AppData\Local\ElevatedDiagnostics
2012-12-18 03:51 . 2012-12-18 03:51 -------- d-----w- c:\users\Ghostdog\AppData\Local\Rockstar Games
2012-12-16 04:39 . 2012-12-16 04:51 -------- d-----w- c:\users\Ghostdog\AppData\Local\Dxtory Software
2012-12-15 04:51 . 2012-12-15 04:51 -------- d-----w- c:\users\Ghostdog\AppData\Local\Electronic Arts
2012-12-11 23:58 . 2012-12-11 23:58 -------- d-----w- c:\windows\Migration
2012-12-11 23:39 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-12-09 14:33 . 2012-12-09 14:33 -------- d-----w- c:\users\Ghostdog\AppData\Local\Introversion
2012-12-06 13:02 . 2012-12-06 15:09 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-12-05 11:08 . 2012-12-05 11:08 -------- d-----w- C:\Crash
2012-12-05 11:08 . 2012-12-05 11:08 -------- d-----w- c:\users\Ghostdog\AppData\Local\Sony Online Entertainment
2012-12-05 03:29 . 2012-11-28 06:47 -------- d-----w- c:\users\Public\incomplete
2012-12-02 05:18 . 2012-12-08 09:17 -------- d-----w- c:\users\Ghostdog\AppData\Roaming\Bioshock2
2012-11-30 23:40 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-11-30 23:40 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-11-30 23:40 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-11-30 23:40 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-11-30 23:40 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-11-30 23:40 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-11-30 23:40 . 2012-11-30 23:40 -------- d-----w- c:\program files (x86)\Xvid
2012-11-30 23:38 . 2012-11-30 23:38 -------- d-----w- c:\program files\ffdshow
2012-11-30 23:38 . 2012-04-08 14:47 92160 ----a-w- c:\windows\system32\ff_vfw.dll
2012-11-30 23:38 . 2012-04-08 14:45 53760 ----a-w- c:\windows\system32\ff_acm.acm
2012-11-30 23:24 . 2012-11-30 23:24 -------- d-----w- c:\users\Ghostdog\AppData\Local\Apple Computer
2012-11-30 23:24 . 2012-12-23 13:15 -------- d-----w- c:\programdata\boost_interprocess
2012-11-30 23:24 . 2012-11-30 23:24 -------- d-----w- c:\users\Ghostdog\AppData\Roaming\Apple Computer
2012-11-30 23:24 . 2012-11-30 23:24 -------- d-----w- c:\users\Ghostdog\AppData\Local\Plex Media Server
2012-11-30 23:23 . 2012-11-30 23:23 -------- d-----w- c:\program files (x86)\Plex
2012-11-30 23:22 . 2012-11-30 23:22 -------- d-----w- c:\programdata\Apple
2012-11-28 23:03 . 2012-11-28 23:03 -------- d-----w- c:\users\Ghostdog\AppData\Local\DayZCommander
2012-11-28 12:48 . 2012-11-28 12:53 -------- d-----w- c:\users\Ghostdog\AppData\Roaming\Dwarfs
2012-11-28 12:47 . 2012-11-28 12:47 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-11-27 11:38 . 2012-11-27 11:41 -------- d-----w- c:\users\Ghostdog\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 01:19 . 2012-04-05 02:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 01:19 . 2012-04-05 02:14 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 23:46 . 2011-09-30 11:47 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-22 00:43 . 2012-11-21 13:02 165112 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-10-25 01:28 . 2011-09-30 09:56 637272 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-23 22:54 . 2012-10-23 22:54 53248 ----a-r- c:\users\Ghostdog\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-10-23 22:54 . 2011-09-30 08:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-10-16 08:38 . 2012-11-30 23:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-30 23:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-30 23:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 11:23 . 2012-10-10 11:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-10 11:23 . 2012-10-10 11:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 11:23 . 2012-07-26 01:41 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 11:23 . 2012-10-10 11:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 11:23 . 2012-10-10 11:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 11:23 . 2012-10-10 11:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 11:23 . 2012-10-10 11:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 11:23 . 2012-10-10 11:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-10 11:23 . 2012-10-10 11:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-10 11:23 . 2012-10-10 11:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 11:23 . 2011-10-24 07:10 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 11:23 . 2012-02-09 12:43 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-10 11:23 . 2011-10-24 07:10 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 11:23 . 2012-10-10 11:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 11:23 . 2012-10-10 11:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 11:23 . 2012-10-10 11:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 11:23 . 2011-10-24 07:10 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 11:22 . 2012-10-10 11:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 11:22 . 2011-10-24 07:10 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 11:22 . 2011-10-24 07:10 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 11:22 . 2012-10-10 11:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 11:22 . 2012-10-10 11:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 11:22 . 2012-10-10 11:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 11:22 . 2012-10-10 11:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 11:22 . 2012-10-10 11:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-09 18:17 . 2012-11-18 10:40 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-18 10:40 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-18 10:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-18 10:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-08 07:07 . 2012-10-08 07:07 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-08 07:07 . 2012-10-08 07:07 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-08 07:07 . 2012-10-08 07:07 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-08 07:07 . 2012-10-08 07:07 188904 ----a-w- c:\windows\system32\java.exe
2012-10-08 07:07 . 2012-02-06 22:46 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 07:07 . 2012-02-06 22:46 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-04 16:40 . 2012-12-11 23:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-18 10:40 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-18 10:40 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-18 10:40 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-18 10:40 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-18 10:40 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-18 10:40 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-18 10:40 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-18 10:40 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-18 10:40 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-18 10:40 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-18 10:40 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:51 . 2012-04-28 11:29 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-10-24 07:10 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-10-24 07:10 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-11-03 22:07 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-10-24 07:10 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-10-24 07:10 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-10-24 07:10 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 03:15 . 2012-10-02 03:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-25 22:47 . 2012-11-18 10:39 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-18 10:39 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2012-10-25 206448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-08-20 224088]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-08-20 130904]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2012-04-26 301720]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R3 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2011-04-19 1930240]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-09-30 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-30 79360]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-09-30 16008]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-08-20 147288]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-08-20 117080]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-30 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-02 270912]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-09 87040]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-09-30 22408]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-08-20 166232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 01:19]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-414797894-1572374049-2178733287-1000Core.job
- c:\users\Ghostdog\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 08:57]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-414797894-1572374049-2178733287-1000UA.job
- c:\users\Ghostdog\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 08:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-10-06 2409272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 124.254.72.68 124.254.72.70 192.168.0.1
TCP: Interfaces\{EEE945E3-30A0-4779-A9FA-70A752364EF1}: NameServer = 8.8.8.8
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\dx6xzha8.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - ExtSQL: 2012-10-24 08:53; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - ExtSQL: 2012-12-11 10:09; https-everywhere@eff.org; c:\users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\dx6xzha8.default\extensions\https-everywhere@eff.org
FF - ExtSQL: 2012-12-19 17:23; antigameorigin@antigame.de; c:\users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\dx6xzha8.default\extensions\antigameorigin@antigame.de.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-BattlEye for A2 - f:\games\game\s\steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-DesertCombat - c:\windows\iun6002.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{FBE10329-4449-4614-B615-92AFF07D4F69}_is1 - f:\games\game\s\steam\steamapps\common\grand theft auto iv\Grand Theft Auto IV\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-414797894-1572374049-2178733287-1000\Software\SecuROM\License information*]
"datasecu"=hex:6f,2f,ce,43,91,26,9e,93,01,2f,66,de,48,50,2f,d9,13,b9,8c,56,67,
63,c8,b3,bc,0e,70,13,69,ed,c9,b9,6a,7f,9f,89,d6,61,92,f0,20,a9,28,33,b8,93,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_USERS\S-1-5-21-414797894-1572374049-2178733287-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):00,4d,6a,ba,29,09,db,55,9c,e5,41,7a,fc,a2,29,63,51,b0,7f,e6,b2,
61,c9,15,4c,79,70,45,e0,9f,53,88,08,53,4c,97,37,38,a1,63,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-414797894-1572374049-2178733287-1000_Classes\Wow6432Node\CLSID\{afaa56c3-1e88-44f4-b697-0a417a0be6c3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000065
"Therad"=dword:00000016
"MData"=hex(0):b6,ba,eb,e9,e4,f4,57,31,d0,9e,d3,8e,be,f8,8d,ee,4c,77,c5,88,66,
9c,97,98,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-RN7A-YPD2-GGNN-25GP-ED4X-GCFTC7H"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-23 23:17:57
ComboFix-quarantined-files.txt 2012-12-23 13:17
ComboFix2.txt 2012-05-15 05:52
.
Pre-Run: 28,585,095,168 bytes free
Post-Run: 28,512,714,752 bytes free
.
- - End Of File - - 4442008F5CBF54D2F02F8B644783E46C


That is what Combofix found, main one I am worried about is \boost_interprocess as this is associated with kelihos.sm

Edited by ausghostdog, 23 December 2012 - 04:32 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 25 December 2012 - 10:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your logs are clean.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#3 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 December 2012 - 05:53 PM

First attempt at using ESET scanner I got unexpected error 2002, on stage 2 of 4 during the update. I am trying again to update the program.

Ok second attempt at updating the program has worked, it's now scanning my system.

ESETScan
C:\Users\Ghostdog\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\37ada79d-6ca9b67b a variant of Java/Exploit.CVE-2011-3544.AQ trojan deleted - quarantined
C:\Users\Ghostdog\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\5e8dfdae-61b68e2f multiple threats deleted - quarantined


Checkup.txt
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.0
Java™ 6 Update 29
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Mozilla Thunderbird (17.0.)
Google Chrome 17.0.963.79
Google Chrome 17.0.963.83
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````


AdwCleaner[R1]
# AdwCleaner v2.103 - Logfile created 12/28/2012 at 16:47:16
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Ghostdog - GHOSTDOG-PC
# Boot Mode : Normal
# Running from : C:\Users\Ghostdog\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\dx6xzha8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v17.0.963.83

File : C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.51.1087.0

File : C:\Users\Ghostdog\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1249 octets] - [28/12/2012 16:47:16]

########## EOF - C:\AdwCleaner[R1].txt - [1309 octets] ##########


Edited by ausghostdog, 28 December 2012 - 01:49 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 28 December 2012 - 09:52 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29
Java™ 7 Update 4


Java 7 update 10 introduces important new security controls
You can read about it here.
http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please post the log and let me know what problem persists.

#5 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 28 December 2012 - 04:42 PM

# AdwCleaner v2.103 - Logfile created 12/29/2012 at 07:35:59
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Ghostdog - GHOSTDOG-PC
# Boot Mode : Normal
# Running from : C:\Users\Ghostdog\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\dx6xzha8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v17.0.963.83

File : C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.51.1087.0

File : C:\Users\Ghostdog\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1378 octets] - [28/12/2012 16:47:16]
AdwCleaner[S1].txt - [1315 octets] - [29/12/2012 07:35:59]

########## EOF - C:\AdwCleaner[S1].txt - [1375 octets] ##########


Thanks for all this.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 29 December 2012 - 08:14 AM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#7 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 29 December 2012 - 04:31 PM

I get an error of, windows can not find combo fix?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 30 December 2012 - 08:30 AM

Try this.

Just rename ComboFix.exe to UNINSTALL.exe and double click it. It's case insensitive.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users