Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NOD32 finds MBR sector 0. virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 Adaminator1

Adaminator1

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 30 January 2013 - 02:39 AM

Okay, so I've done a LOT of googling, and this place seems to know what's up and how to remove MBR sector viruses, so I figure I'll post for help.

I'm trying to remove a MBR virus-- Nod32 finds it as "MBR sector of the 0. physical disk - Win32/TrojanDownloader.Unruy.CJ trojan" and I can't remove it with that.

I tried running ComboFix, and that didn't help. I ran MBRCheck and it found "Known-bad MBR code detected (Whistler / Black Internet)!

Here are the logs from both things, as well as DDS. (Yes, this is an edit; I did further research and found the preperation guide. So there you go.)

Also a note: S is a partitioned drive from the main C drive.

________
DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385
Run by Adam at 21:05:16 on 2013-01-30
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.64.1033.18.4061.1555 [GMT 13:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\notepad.exe
C:\Program Files\XChat-WDK\xchat.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = localhost;127.0.0.1;<local>;*.local;127.0.0.1:9421;
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - LocalServer32 - <no file>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - 
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [NCsoft Launcher] C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe /Minimized
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Akamai NetSession Interface] "C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe"
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Adam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MULTIM~1.LNK - C:\Program Files (x86)\MMTaskbar\MultiMon.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A4FCDCC0-0F37-46FA-82FE-4AE29B46FB70} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A4FCDCC0-0F37-46FA-82FE-4AE29B46FB70}\3516E6465627370275962756C6563737 : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{A4FCDCC0-0F37-46FA-82FE-4AE29B46FB70}\35475616C64786C496E6B6 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [TNOD UP] "C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe" /i
x64-Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - component: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Hotspot Shield Helper (Please allow this installation): afurladvisor@anchorfree.com - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-22 55280]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-11-2 42248]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-7-29 168544]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-2-26 145448]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2011-10-27 77352]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-2 40712]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-18 115216]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;C:\Program Files (x86)\DU Meter\DUMetr64.sys [2011-7-21 19088]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-6-15 139616]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-1-11 121416]
S3 RDID1093;UM-1G;C:\Windows\System32\drivers\Rdwm1093.sys [2010-6-6 81920]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
.
=============== Created Last 30 ================
.
2013-01-30 06:58:15 -------- d-----w- C:\$RECYCLE.BIN
2013-01-29 13:20:34 98816 ----a-w- C:\Windows\sed.exe
2013-01-29 13:20:34 256000 ----a-w- C:\Windows\PEV.exe
2013-01-29 13:20:34 208896 ----a-w- C:\Windows\MBR.exe
2013-01-29 12:17:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-29 10:50:38 -------- d-----w- C:\Users\Adam\AppData\Local\{79648F1E-46DE-4A16-A24C-1D70537F6B31}
2013-01-29 06:03:29 -------- d-----w- C:\Program Files\PeerBlock
2013-01-28 22:50:03 -------- d-----w- C:\Users\Adam\AppData\Local\{3BC9FBF5-8E07-46A8-8E5F-D3D2BC75F51E}
2013-01-28 02:20:59 -------- d-----w- C:\Users\Adam\AppData\Local\{2181F695-6AAF-446E-BF0B-07790C4BE138}
2013-01-27 12:46:19 -------- d-----w- C:\Users\Adam\AppData\Roaming\SPORE
2013-01-27 02:00:19 -------- d-----w- C:\Users\Adam\AppData\Local\{5DA96787-B958-4982-8270-5461F97CF58C}
2013-01-26 13:09:52 -------- d-----w- C:\Users\Adam\AppData\Local\{2960A7B4-5C2A-4676-A397-DAA61FD12D12}
2013-01-26 01:09:21 -------- d-----w- C:\Users\Adam\AppData\Local\{BC37B0BB-E99F-40B9-94FE-B4F19A3DBDC8}
2013-01-25 09:44:02 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-01-25 09:43:56 -------- d-----w- C:\Users\Adam\AppData\Local\Procaster
2013-01-25 09:43:52 -------- d-----w- C:\Program Files (x86)\Livestream Procaster
2013-01-25 06:10:08 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2013-01-25 06:09:51 -------- d-----w- C:\Users\Adam\AppData\Local\Programs
2013-01-25 03:54:02 -------- d-----w- C:\Users\Adam\AppData\Local\{B8E31CEA-1C08-4699-A9BD-0AAE8E6B7207}
2013-01-24 03:52:57 -------- d-----w- C:\Users\Adam\AppData\Local\{2324BEFF-17B7-4182-8AD9-9169B97277B3}
2013-01-22 19:49:03 -------- d-----w- C:\Users\Adam\AppData\Local\{AE3475CE-CE6E-471A-9270-47DE6787F860}
2013-01-22 03:57:33 -------- d-----w- C:\Program Files (x86)\Diablo III
2013-01-22 03:41:11 -------- d-----w- C:\ProgramData\Battle.net
2013-01-22 03:22:03 -------- d-----w- C:\Users\Adam\AppData\Local\{6737EADD-E890-429D-9A82-1FD9DA49B4B5}
2013-01-21 14:32:03 -------- d-----w- C:\ProgramData\AMD
2013-01-21 14:32:00 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-01-21 14:31:53 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-01-21 14:31:39 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-01-21 14:31:39 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-01-21 02:06:40 -------- d-----w- C:\Users\Adam\AppData\Local\{0108BF07-DCBF-4953-AC52-4753A43C0B65}
2013-01-20 12:27:22 -------- d-----w- C:\Users\Adam\AppData\Local\{4093540E-4C1B-4492-8562-03704B32558A}
2013-01-20 06:42:24 -------- d-----w- C:\Users\Adam\AppData\Local\Macromedia
2013-01-20 00:26:44 -------- d-----w- C:\Users\Adam\AppData\Local\{D1CD5747-ABC1-4BA7-9309-6B3203B91FCF}
2013-01-19 23:07:53 -------- d-----w- C:\Program Files (x86)\Winter Wolves
2013-01-19 12:38:23 -------- d-----w- C:\Windows\SysWow64\xlive
2013-01-19 00:25:32 -------- d-----w- C:\Users\Adam\AppData\Local\{748AB441-4FE3-41EB-9D92-D9CF37E73F18}
2013-01-18 04:19:13 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2013-01-18 04:17:17 -------- d-----w- C:\ProgramData\Desura
2013-01-18 04:17:17 -------- d-----w- C:\Program Files (x86)\Desura
2013-01-18 03:20:45 -------- d-----w- C:\Users\Adam\AppData\Local\{1CE1E0FE-4A05-4FFF-8997-914FB05B7323}
2013-01-17 01:56:20 -------- d-----w- C:\Users\Adam\AppData\Local\{06FF9509-0E2A-4D0B-8EA9-DAB2B46CE2B6}
2013-01-16 10:53:17 -------- d-----w- C:\Users\Adam\AppData\Local\{80B67D15-D9A3-4703-A12B-CA4619C5D7C5}
2013-01-16 01:55:29 -------- d-----w- C:\Program Files (x86)\Twine
2013-01-15 22:52:48 -------- d-----w- C:\Users\Adam\AppData\Local\{94DDAFD8-EC03-4EFF-877A-AAE17E4380E0}
2013-01-15 01:28:10 -------- d-----w- C:\Users\Adam\AppData\Local\{FF927672-83B5-4E12-A2CF-9F3884C2BC3D}
2013-01-13 23:55:41 -------- d-----w- C:\Users\Adam\AppData\Local\{3BA82850-CC52-454A-90FA-88B13E3A23F9}
2013-01-13 06:33:10 -------- d-----w- C:\GOG Games
2013-01-13 06:18:14 -------- d-----w- C:\Users\Adam\AppData\Local\GOG.com
2013-01-13 06:17:55 -------- d-----w- C:\Program Files (x86)\GOG.com
2013-01-12 17:46:26 -------- d-----w- C:\Users\Adam\AppData\Local\{F9C69AA1-B64E-4FD2-B62B-A40C97F9A5A2}
2013-01-12 02:15:06 -------- d-----w- C:\Users\Adam\AppData\Local\{5AE438A2-4BA7-4EAE-B63E-C268BD5437D6}
2013-01-11 13:13:34 -------- d-----w- C:\Users\Adam\AppData\Local\{3A0518F2-D44C-421D-81E8-7CAF8BB20BAE}
2013-01-11 01:12:41 -------- d-----w- C:\Users\Adam\AppData\Local\{E3E4BE9A-FDE9-4E15-BE9A-0830ACC80103}
2013-01-10 14:42:21 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2013-01-10 14:42:20 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2013-01-10 14:42:20 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2013-01-10 14:42:20 -------- d-----w- C:\Program Files\MotioninJoy
2013-01-10 14:35:49 -------- d-----w- C:\Users\Adam\AppData\Roaming\MotioninJoy
2013-01-10 13:12:04 -------- d-----w- C:\Users\Adam\AppData\Local\{985567BC-01C7-4EDD-B3F5-C7949FC4FC3A}
2013-01-10 01:11:36 -------- d-----w- C:\Users\Adam\AppData\Local\{FF9E2DB9-B94C-4ADB-A0D4-0DFBC15ED32E}
2013-01-09 01:36:32 -------- d-----w- C:\Users\Adam\AppData\Local\{4C5D9317-49EE-462E-A1D0-644EFB460A3F}
2013-01-08 01:35:31 -------- d-----w- C:\Users\Adam\AppData\Local\{A28F5DC1-64B8-48E1-8A73-FECCB1974513}
2013-01-07 13:34:52 -------- d-----w- C:\Users\Adam\AppData\Local\{C34241BE-B153-48FC-A399-D33BEE07DB23}
2013-01-07 12:04:09 -------- d-----w- C:\Games
2013-01-07 12:03:12 -------- d-----w- C:\Users\Adam\AppData\Local\Black_Tree_Gaming
2013-01-07 12:02:58 -------- d-----w- C:\Program Files\Nexus Mod Manager
2013-01-07 01:34:15 -------- d-----w- C:\Users\Adam\AppData\Local\{DCC9C49C-3862-40D4-A998-0A048C805F75}
2013-01-06 14:06:06 -------- d-----w- C:\Program Files (x86)\GPU-Z
2013-01-05 00:51:27 -------- d-----w- C:\Users\Adam\AppData\Local\{3FC603E5-3451-4BEF-A219-0E9AA21A9A5E}
2013-01-04 13:42:19 -------- d-----w- C:\Users\Adam\AppData\Local\A_Collaboration_between_T
2013-01-04 12:36:40 -------- d-----w- C:\Users\Adam\AppData\Local\{2AFB9FC4-F64E-42F3-BAE6-7BEE34D66C20}
2013-01-04 06:18:19 -------- d-----w- C:\Program Files (x86)\Filfre
2013-01-04 00:36:10 -------- d-----w- C:\Users\Adam\AppData\Local\{1409A790-A762-4BDB-A4EC-B9B3B3CD83A2}
2013-01-02 22:47:31 -------- d-----w- C:\Users\Adam\AppData\Local\{8EA41B94-6F61-4FF8-98AD-A35813361190}
2013-01-01 21:52:33 -------- d-----w- C:\Users\Adam\AppData\Local\{F8D7C297-FD0B-4216-970D-9803C592EF31}
2012-12-31 21:52:29 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-31 21:51:40 -------- d-----w- C:\Users\Adam\AppData\Local\{56180E84-2A8F-4D94-A1F3-762976F31C68}
.
==================== Find3M  ====================
.
2013-01-29 05:29:09 1890 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-01-17 16:44:40 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 03:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-01 18:31:08 40712 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2012-11-01 18:25:26 42248 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
.
============= FINISH: 21:07:02.06 ===============
________________
MBRCheck:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A500
Logical Drives Mask: 0x0004001c

Kernel Drivers (total 207):
0x03651000 \SystemRoot\system32\ntoskrnl.exe
0x03608000 \SystemRoot\system32\hal.dll
0x00BCF000 \SystemRoot\system32\kdcom.dll
0x00C7B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CBF000 \SystemRoot\system32\PSHED.dll
0x00CD3000 \SystemRoot\system32\CLFS.SYS
0x00D31000 \SystemRoot\system32\CI.dll
0x00E34000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE7000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F3E000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F47000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F51000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F5E000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F91000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA6000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FBB000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FD0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FEA000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00FF3000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00C5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C6C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01090000 \SystemRoot\system32\drivers\fltmgr.sys
0x010DC000 \SystemRoot\system32\drivers\fileinfo.sys
0x010F0000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0122F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010FC000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0115A000 \SystemRoot\System32\Drivers\cng.sys
0x013EC000 \SystemRoot\System32\drivers\pcw.sys
0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0143A000 \SystemRoot\system32\drivers\ndis.sys
0x0152C000 \SystemRoot\system32\drivers\NETIO.SYS
0x0158C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x01000000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015B7000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x018A7000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x018F3000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x018F8000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
0x018FA000 \SystemRoot\System32\Drivers\spldr.sys
0x01902000 \SystemRoot\System32\drivers\rdyboost.sys
0x0193C000 \SystemRoot\System32\Drivers\mup.sys
0x0194E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01957000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01991000 \SystemRoot\system32\DRIVERS\disk.sys
0x019A7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01813000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0183D000 \SystemRoot\System32\Drivers\Null.SYS
0x01846000 \SystemRoot\System32\Drivers\Beep.SYS
0x0184D000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x01872000 \SystemRoot\System32\drivers\vga.sys
0x01880000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015C7000 \SystemRoot\System32\drivers\watchdog.sys
0x015D7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015E0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015E9000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015F2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01400000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01411000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0120A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0104A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C80000 \SystemRoot\system32\drivers\afd.sys
0x02D0A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D13000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D39000 \SystemRoot\system32\DRIVERS\hssdrv6.sys
0x02D4E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D5D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D78000 \SystemRoot\System32\drivers\truecrypt.sys
0x02DB9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02DCD000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C68000 \SystemRoot\System32\drivers\discache.sys
0x03A1E000 \SystemRoot\system32\drivers\csc.sys
0x03AA1000 \SystemRoot\System32\Drivers\dfsc.sys
0x03ABF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03AD0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03AF6000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04801000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03CF6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03C00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C6A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03C77000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03CCD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x053B4000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03E57000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x043B8000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x03E20000 \SystemRoot\system32\DRIVERS\tosrfec.sys
0x03E2A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03E2F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x043E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03CDE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03DEA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x053E6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03B55000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x043F6000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x03B65000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03E4D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x043F9000 \SystemRoot\system32\DRIVERS\ManyCam_x64.sys
0x03B7E000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x03B8F000 \SystemRoot\system32\DRIVERS\ks.sys
0x03DF7000 \SystemRoot\system32\drivers\ksthunk.sys
0x03BD2000 \SystemRoot\system32\DRIVERS\vrtaucbl.sys
0x044AD000 \SystemRoot\system32\DRIVERS\portcls.sys
0x044EA000 \SystemRoot\system32\DRIVERS\drmk.sys
0x0450C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04522000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04546000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04552000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04581000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0459C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045BD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045E2000 \SystemRoot\system32\DRIVERS\taphss6.sys
0x045F0000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x045FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04400000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04412000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0446C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04479000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x04481000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x094C7000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x09680000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x09951000 \SystemRoot\System32\drivers\Dxapi.sys
0x0995D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0996B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x09979000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x09985000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x09990000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00730000 \SystemRoot\System32\cdd.dll
0x099A3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x099C0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x099C2000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00850000 \SystemRoot\System32\ATMFD.DLL
0x09600000 \SystemRoot\system32\drivers\luafv.sys
0x09520000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x09623000 \SystemRoot\system32\drivers\WudfPf.sys
0x09400000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x09415000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0966D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x09468000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x026B3000 \SystemRoot\system32\drivers\HTTP.sys
0x0277B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02799000 \SystemRoot\System32\drivers\mpsdrv.sys
0x027B1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0264D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02670000 \SystemRoot\System32\Drivers\Sentinel64.sys
0x027DE000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x0288F000 \SystemRoot\system32\drivers\peauth.sys
0x02935000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02940000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x029DE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0620A000 \SystemRoot\System32\DRIVERS\srv.sys
0x062A2000 \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
0x0631B000 \??\C:\Program Files\PeerBlock\pbfilter.sys
0x063E1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x062AA000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06386000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x77250000 \Windows\System32\ntdll.dll
0x483D0000 \Windows\System32\smss.exe
0xFF570000 \Windows\System32\apisetschema.dll
0xFF5A0000 \Windows\System32\autochk.exe
0xFF540000 \Windows\System32\sechost.dll
0x77420000 \Windows\System32\normaliz.dll
0xFF410000 \Windows\System32\rpcrt4.dll
0x77150000 \Windows\System32\user32.dll
0xFF3C0000 \Windows\System32\ws2_32.dll
0xFF160000 \Windows\System32\iertutil.dll
0xFF090000 \Windows\System32\usp10.dll
0xFEF80000 \Windows\System32\msctf.dll
0xFEF10000 \Windows\System32\gdi32.dll
0xFEEE0000 \Windows\System32\imm32.dll
0xFEE40000 \Windows\System32\clbcatq.dll
0x77410000 \Windows\System32\psapi.dll
0xFEE20000 \Windows\System32\imagehlp.dll
0xFEC10000 \Windows\System32\ole32.dll
0xFEBC0000 \Windows\System32\Wldap32.dll
0xFEB20000 \Windows\System32\msvcrt.dll
0xFE940000 \Windows\System32\setupapi.dll
0xFE8C0000 \Windows\System32\difxapi.dll
0xFE7E0000 \Windows\System32\oleaut32.dll
0x77030000 \Windows\System32\kernel32.dll
0xFE7D0000 \Windows\System32\nsi.dll
0xFE650000 \Windows\System32\urlmon.dll
0xFE520000 \Windows\System32\wininet.dll
0xFD790000 \Windows\System32\shell32.dll
0xFD6B0000 \Windows\System32\advapi32.dll
0xFD630000 \Windows\System32\shlwapi.dll
0xFD620000 \Windows\System32\lpk.dll
0xFD580000 \Windows\System32\comdlg32.dll
0xFD540000 \Windows\System32\wintrust.dll
0xFD520000 \Windows\System32\devobj.dll
0xFD4E0000 \Windows\System32\cfgmgr32.dll
0xFD370000 \Windows\System32\crypt32.dll
0xFD2D0000 \Windows\System32\comctl32.dll
0xFD260000 \Windows\System32\KernelBase.dll
0xFD250000 \Windows\System32\msasn1.dll
0x754A0000 \Windows\SysWOW64\normaliz.dll

Processes (total 117):
0 System Idle Process
4 System
376 C:\Windows\System32\smss.exe
532 csrss.exe
612 C:\Windows\System32\wininit.exe
628 csrss.exe
672 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\atiesrxx.exe
400 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\svchost.exe
632 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1188 C:\Program Files\Tablet\Pen\Pen_TouchService.exe
1304 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\atieclxx.exe
1412 C:\Windows\System32\wisptis.exe
1568 C:\Windows\System32\spoolsv.exe
1604 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\taskhost.exe
1824 C:\Windows\System32\dwm.exe
1836 C:\Windows\System32\wisptis.exe
1844 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1904 C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
1992 C:\Windows\explorer.exe
2040 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
1344 C:\Windows\SysWOW64\svchost.exe
1964 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2144 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2192 C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
2232 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
2272 C:\Windows\System32\svchost.exe
2320 C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
2396 C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
2464 C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2504 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2512 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
2548 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
2596 C:\Windows\SysWOW64\PnkBstrA.exe
2624 C:\Windows\SysWOW64\PnkBstrB.exe
2656 C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2724 C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
2896 C:\Program Files (x86)\Internet Download Manager\IDMan.exe
2916 C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
3036 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
3044 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
3064 C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe
1936 C:\Windows\System32\svchost.exe
2848 C:\Program Files (x86)\DU Meter\DUMeter.exe
3152 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
3184 C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
3256 C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
3264 C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
3304 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3368 C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe
3432 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
3508 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3580 C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe
3608 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3660 C:\Program Files (x86)\AIM\aim.exe
3868 C:\Program Files (x86)\Skype\Phone\Skype.exe
3204 C:\Windows\System32\SearchIndexer.exe
3228 C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
4188 C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
4376 C:\Windows\System32\svchost.exe
4996 C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
5276 C:\Program Files\Windows Media Player\wmpnetwk.exe
5316 C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
5348 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
5628 C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
6004 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3164 C:\Program Files\XChat-WDK\xchat.exe
4556 C:\Program Files (x86)\Enterbrain\RPGVX\RPGVX.exe
4232 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
2964 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
4796 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
4628 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
5096 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
6360 C:\Windows\System32\svchost.exe
6604 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
6448 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
6336 C:\Program Files (x86)\Steam\Steam.exe
4764 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
7096 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
7092 C:\Program Files\PeerBlock\peerblock.exe
6776 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
1496 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
5044 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
4488 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
6808 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
5948 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
6880 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
1944 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
5880 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
6332 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
5008 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
4084 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
3240 C:\Windows\System32\taskhost.exe
196 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
5428 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
2688 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
1876 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
4676 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
6480 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
5024 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
1012 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
5972 C:\Windows\System32\SearchProtocolHost.exe
5324 MpCmdRun.exe
4332 C:\Users\Adam\Downloads\MBRCheck (1).exe
464 C:\Windows\System32\SearchFilterHost.exe
1420 C:\Windows\System32\conhost.exe
5908 C:\Windows\System32\dllhost.exe
6592 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000057`58900000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK4055GSX, Rev: FG011M
PhysicalDrive1 Model Number: SeagatePortable, Rev: 0130

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 80A027BF6A8A45A2BCD8FACBBD50B96A6E390FFE
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!



_____________
Combofix

ComboFix 13-01-14.01 - Adam 30/01/2013 19:40:22.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.4061.2152 [GMT 13:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adam\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-30 )))))))))))))))))))))))))))))))
.
.
2013-01-30 06:56 . 2013-01-30 06:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-29 12:17 . 2013-01-29 12:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 06:03 . 2013-01-30 06:31 -------- d-----w- c:\program files\PeerBlock
2013-01-27 12:46 . 2013-01-27 12:47 -------- d-----w- c:\users\Adam\AppData\Roaming\SPORE
2013-01-25 09:44 . 2013-01-25 09:44 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-01-25 09:43 . 2013-01-25 09:43 -------- d-----w- c:\users\Adam\AppData\Local\Procaster
2013-01-25 09:43 . 2013-01-25 09:43 -------- d-----w- c:\program files (x86)\Livestream Procaster
2013-01-25 06:10 . 2013-01-25 06:10 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2013-01-25 06:09 . 2013-01-25 06:09 -------- d-----w- c:\users\Adam\AppData\Local\Programs
2013-01-22 03:57 . 2013-01-22 04:09 -------- d-----w- c:\program files (x86)\Diablo III
2013-01-22 03:41 . 2013-01-22 03:41 -------- d-----w- c:\programdata\Battle.net
2013-01-21 14:32 . 2013-01-21 14:32 -------- d-----w- c:\programdata\ATI
2013-01-21 14:32 . 2013-01-21 14:32 -------- d-----w- c:\programdata\AMD
2013-01-21 14:32 . 2013-01-21 14:32 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-21 14:31 . 2013-01-21 14:31 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-21 14:31 . 2013-01-21 14:31 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-01-21 14:31 . 2013-01-21 14:31 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-01-20 06:42 . 2013-01-20 06:42 -------- d-----w- c:\users\Adam\AppData\Local\Macromedia
2013-01-19 23:07 . 2013-01-19 23:07 -------- d-----w- c:\program files (x86)\Winter Wolves
2013-01-19 12:38 . 2013-01-19 12:38 -------- d-----w- c:\windows\SysWow64\xlive
2013-01-18 04:19 . 2013-01-18 04:19 -------- d-----w- c:\program files (x86)\Common Files\Desura
2013-01-18 04:17 . 2013-01-18 13:03 -------- d-----w- c:\program files (x86)\Desura
2013-01-18 04:17 . 2013-01-18 04:17 -------- d-----w- c:\programdata\Desura
2013-01-16 08:54 . 2013-01-16 08:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-16 01:55 . 2013-01-16 14:00 -------- d-----w- c:\program files (x86)\Twine
2013-01-13 06:33 . 2013-01-13 06:33 -------- d-----w- C:\GOG Games
2013-01-13 06:18 . 2013-01-13 07:21 -------- d-----w- c:\users\Adam\AppData\Local\GOG.com
2013-01-13 06:17 . 2013-01-13 06:17 -------- d-----w- c:\program files (x86)\GOG.com
2013-01-10 14:42 . 2011-12-07 06:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2013-01-10 14:42 . 2013-01-10 14:42 -------- d-----w- c:\program files\MotioninJoy
2013-01-10 14:42 . 2012-05-11 23:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2013-01-10 14:42 . 2011-12-07 06:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2013-01-10 14:35 . 2013-01-10 14:35 -------- d-----w- c:\users\Adam\AppData\Roaming\MotioninJoy
2013-01-07 12:04 . 2013-01-07 12:04 -------- d-----w- C:\Games
2013-01-07 12:03 . 2013-01-07 12:03 -------- d-----w- c:\users\Adam\AppData\Local\Black_Tree_Gaming
2013-01-07 12:02 . 2013-01-07 12:02 -------- d-----w- c:\program files\Nexus Mod Manager
2013-01-06 14:06 . 2013-01-06 14:06 -------- d-----w- c:\program files (x86)\GPU-Z
2013-01-04 13:42 . 2013-01-04 13:42 -------- d-----w- c:\users\Adam\AppData\Local\A_Collaboration_between_T
2013-01-04 06:18 . 2013-01-04 06:18 -------- d-----w- c:\program files (x86)\Filfre
2012-12-31 21:52 . 2013-01-17 16:44 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-31 21:52 . 2012-12-31 21:52 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 05:29 . 2010-11-30 09:43 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2013-01-17 16:44 . 2011-07-18 01:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 03:49 . 2010-11-20 09:58 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-01 18:31 . 2012-11-01 18:31 40712 ----a-w- c:\windows\system32\drivers\taphss6.sys
2012-11-01 18:25 . 2012-11-01 18:25 42248 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files (x86)\Ask.com\GenericAskToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-11-01 17:45 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-01-29 3179952]
"DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2009-03-13 1216931]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
"NCsoft Launcher"="c:\program files (x86)\NCsoft\Launcher\NCLauncher.exe" [2012-07-19 38744]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-18 3077528]
"Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-10-08 4441920]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-15 1354736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2011-09-22 1233856]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 641704]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-7-26 0]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-1-21 4142448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MultiMon Taskbar.lnk - c:\program files (x86)\MMTaskbar\MultiMon.exe [2010-8-25 294912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2013-01-18 131912]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS [2011-01-13 19088]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Adam\AppData\Local\Temp\GPU-Z.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-06-14 139616]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-11 121416]
R3 RDID1093;UM-1G;c:\windows\system32\Drivers\rdwm1093.sys [2009-09-17 81920]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 X6va003;X6va003;c:\users\Adam\AppData\Local\Temp\003B3B5.tmp [x]
R3 X6va005;X6va005;c:\users\Adam\AppData\Local\Temp\005BC3D.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-28 14784]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-11-01 42248]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe [2009-03-13 552052]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-02 527216]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-01 389488]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-16 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-16 369952]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-16 292128]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-30 2026304]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2011-10-26 77352]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-01 40712]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-09 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-31 16:44]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198372926-2012000570-1437861238-1001Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 01:17]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198372926-2012000570-1437861238-1001UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584]
"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>;*.local;127.0.0.1:9421;
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Hotspot Shield Helper (Please allow this installation): afurladvisor@anchorfree.com - c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Age of Empires 2 Gold by KZ_is1 - e:\age of empires\AoE2\unins000.exe
AddRemove-Champions Online - s:\cryptic studios\Uninstall Champions Online.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Dungeon Siege Legends of Aranna 1.0 - c:\program files (x86)\Microsoft Games\Dungeon Siege\UNINSTAL.EXE
AddRemove-EA Download Manager - c:\program files (x86)\Electronic Arts\EADownloadManager\EADMUninstall.exe
AddRemove-EVE - f:\eve online\Uninstall.exe
AddRemove-Fallout New Vegas_is1 - e:\games\Fallout New Vegas (Installed)\Fallout New Vegas\unins000.exe
AddRemove-Final Fantasy VII - s:\final fantasy vii\Uninst.isu
AddRemove-Metal Gear Solid 1.0 - f:\metal gear solid\Metal Gear Solid 1\Installed\UNINSTAL.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-RAR Key 5.5 Demo - c:\progra~2\Passware\demos\UNWISE.EXE
AddRemove-Steam App 104600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 11140 - e:\steam\steam.exe
AddRemove-Steam App 12210 - e:\steam\steam.exe
AddRemove-Steam App 18700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 20500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 211 - c:\program files\Steam\steam.exe
AddRemove-Steam App 215 - c:\program files\Steam\steam.exe
AddRemove-Steam App 218 - c:\program files\Steam\steam.exe
AddRemove-Steam App 22600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 24780 - e:\steam\steam.exe
AddRemove-Steam App 26500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 26800 - c:\program files\Steam\steam.exe
AddRemove-Steam App 26900 - c:\program files\Steam\steam.exe
AddRemove-Steam App 29180 - c:\program files\Steam\steam.exe
AddRemove-Steam App 31290 - e:\steam\steam.exe
AddRemove-Steam App 32370 - c:\program files\Steam\steam.exe
AddRemove-Steam App 34010 - e:\steam\steam.exe
AddRemove-Steam App 35140 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3720 - c:\program files\Steam\steam.exe
AddRemove-Steam App 38900 - c:\program files\Steam\steam.exe
AddRemove-Steam App 40700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 41100 - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-Steam App 49400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 49600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 55040 - c:\program files\Steam\steam.exe
AddRemove-Steam App 55110 - e:\steam\steam.exe
AddRemove-Steam App 57400 - e:\steam\steam.exe
AddRemove-Steam App 6100 - c:\program files\Steam\steam.exe
AddRemove-Steam App 629 - e:\steam\steam.exe
AddRemove-Steam App 63700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 70300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 8000 - e:\steam\steam.exe
AddRemove-Steam App 8980 - e:\steam\steam.exe
AddRemove-Steam App 93200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 94500 - e:\steam\steam.exe
AddRemove-Steam App 94510 - e:\steam\steam.exe
AddRemove-Steam App 94520 - e:\steam\steam.exe
AddRemove-Steam App 94530 - e:\steam\steam.exe
AddRemove-Steam App 96200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 9870 - e:\steam\steam.exe
AddRemove-Vue 9.5 xStream plugins 32bit - c:\program files (x86)\e-on software\Vue 9.5 xStream plugins\Uninstall.exe
AddRemove-Yawle_0.3b - c:\windows\iun6002.exe
AddRemove-{173F2B02-2AAA-414F-A2D8-44870BB98F7A} - c:\program files (x86)\InstallShield Installation Information\{173F2B02-2AAA-414F-A2D8-44870BB98F7A}\setup.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Adam\AppData\Local\Temp\003B3B5.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Adam\AppData\Local\Temp\005BC3D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3198372926-2012000570-1437861238-1001\Software\SecuROM\License information*]
"datasecu"=hex:51,95,0e,91,dc,83,7c,0d,96,c0,71,3a,ff,ea,d7,f1,c2,2a,bb,cd,f6,
8f,16,f8,26,d6,86,6d,e0,fb,c1,c2,26,36,44,53,04,63,dd,45,d7,f4,d3,d5,14,d5,\
"rkeysecu"=hex:6a,9f,c5,72,bf,cf,e5,41,05,1d,da,09,f8,a8,54,8c
.
[HKEY_USERS\S-1-5-21-3198372926-2012000570-1437861238-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):03,05,01,60,57,c2,81,ee,64,64,0f,4e,fa,d7,3d,4b,1d,e9,9c,05,ce,
ba,f8,bd,b6,bd,c9,a8,1b,0d,f8,ee,af,5d,8d,13,86,0f,4e,fc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3198372926-2012000570-1437861238-1001_Classes\Wow6432Node\CLSID\{90fd7c9f-9fa6-4301-8b92-f23b85ac8ee6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b2
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ad,9a,c1,a0,c1,d8,82,e5,41,6a,c5,83,e0,54,fc,1d,d1,4f,89,ea,c0,
af,df,76,20,46,92,82,10,50,56,eb,6e,35,a7,01,d3,96,b1,5b,04,54,96,31,2b,6c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7b,39,a3,86,09,3e,15,87,88,76,4d,8e,57,4b,58,3d,e2,f4,46,16,ad,
54,36,b8,eb,da,79,3b,ad,73,a6,43,49,a9,a9,49,a6,88,42,75,45,5d,3a,9a,f8,41,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ad,9a,c1,a0,c1,d8,82,e5,41,6a,c5,83,e0,54,fc,1d,d1,4f,89,ea,c0,
af,df,76,20,46,92,82,10,50,56,eb,6e,35,a7,01,d3,96,b1,5b,04,54,96,31,2b,6c,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7b,39,a3,86,09,3e,15,87,88,76,4d,8e,57,4b,58,3d,e2,f4,46,16,ad,
54,36,b8,eb,da,79,3b,ad,73,a6,43,49,a9,a9,49,a6,88,42,75,45,5d,3a,9a,f8,41,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\progra~2\DUMETE~1\DUMeter.exe
.
**************************************************************************
.
Completion time: 2013-01-30 20:08:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-30 07:08
ComboFix2.txt 2013-01-29 13:56
.
Pre-Run: 70,789,353,472 bytes free
Post-Run: 70,570,442,752 bytes free
.
- - End Of File - - 777D6878EAE59412D749A476810E4BDC



__________________________________________________

Please help me get rid of this bleep of a virus!

Edited by Adaminator1, 30 January 2013 - 03:12 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:33 AM

Posted 30 January 2013 - 03:31 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Adaminator1

Adaminator1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 30 January 2013 - 03:57 AM

Security Check Log

Results of screen317's Security Check version 0.99.57
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 4.2
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 18
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.6.17) Firefox out of Date!
Google Chrome 24.0.1312.52
Google Chrome 24.0.1312.56
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

======
UPDATE: AdwCleaner[S1]!

___________________________

# AdwCleaner v2.109 - Logfile created 01/30/2013 at 21:58:28
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : Adam - TERMINATOR140
# Boot Mode : Normal
# Running from : C:\Users\Adam\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Deleted on reboot : C:\ProgramData\Ask
Deleted on reboot : C:\ProgramData\Trymedia
Deleted on reboot : C:\Users\Adam\AppData\Local\APN
Deleted on reboot : C:\Users\Adam\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\Conduit
Deleted on reboot : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\CT2438727
Deleted on reboot : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Deleted on reboot : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\extensions\toolbar@ask.com
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.17 (en-US)

File : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\prefs.js

C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\user.js ... Deleted !

Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2438727.CTID", "CT2438727");
Deleted : user_pref("CT2438727.CurrentServerDate", "16-12-2012");
Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Deleted : user_pref("CT2438727.EMailNotifierPollDate", "Thu Nov 24 2011 16:56:59 GMT+1300 (New Zealand Dayligh[...]
Deleted : user_pref("CT2438727.FirstServerDate", "6-7-2010");
Deleted : user_pref("CT2438727.FirstTime", true);
Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Deleted : user_pref("CT2438727.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2438727.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2438727.Initialize", true);
Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2438727.InstalledDate", "Tue Jul 06 2010 14:41:47 GMT+1200 (New Zealand Standard Time)"[...]
Deleted : user_pref("CT2438727.InvalidateCache", false);
Deleted : user_pref("CT2438727.IsGrouping", false);
Deleted : user_pref("CT2438727.IsMulticommunity", false);
Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Sun Dec 16 2012 11:43:57 GMT+1300 (New Zealand Day[...]
Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2438727.LastLogin_2.7.1.3", "Sun Dec 16 2012 11:43:58 GMT+1300 (New Zealand Daylight Ti[...]
Deleted : user_pref("CT2438727.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2438727.Locale", "en");
Deleted : user_pref("CT2438727.LoginCache", 4);
Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2438727.RadioIsPodcast", false);
Deleted : user_pref("CT2438727.RadioLastCheckTime", "Thu Nov 24 2011 16:57:00 GMT+1300 (New Zealand Daylight T[...]
Deleted : user_pref("CT2438727.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2438727.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2438727.RadioMediaID", "9157");
Deleted : user_pref("CT2438727.RadioMediaType", "Media Player");
Deleted : user_pref("CT2438727.RadioMenuSelectedID", "EBRadioMenu_CT24387279157");
Deleted : user_pref("CT2438727.RadioStationName", "The%20Breeze%20-%20Waikato");
Deleted : user_pref("CT2438727.RadioStationURL", "hxxp://www1.streaming.net.nz/meta/tvworks-breeze-ham.asx");
Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Sun Dec 16 2012 11:43:54 GMT+1300 (New Zealand D[...]
Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Sun Dec 16 2012 11:43:54 GMT+1300 (New Zealand Dayligh[...]
Deleted : user_pref("CT2438727.SettingsLastUpdate", "1348466954");
Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sun Dec 16 2012 11:43:54 GMT+1300 (New Zealand[...]
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2438727.UserID", "UN54979066958024053");
Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2438727.WeatherNetwork", "");
Deleted : user_pref("CT2438727.WeatherPollDate", "Thu Nov 24 2011 16:57:01 GMT+1300 (New Zealand Daylight Time[...]
Deleted : user_pref("CT2438727.WeatherUnit", "C");
Deleted : user_pref("CT2438727.alertChannelId", "832836");
Deleted : user_pref("CT2438727.clientLogIsEnabled", false);
Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2438727.myStuffEnabled", true);
Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Dec 16 2012 11:43:54 GMT+1300 (New Z[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Dec 16 2012 11:43:54 GMT+1300 (New Zeala[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{7c182e51-bcd2-4aa1-b25e-e6f8e2900084}");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Deleted : user_pref("extensions.asktb.apn_dbr", "cr_14.0.835.202");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "5J");
Deleted : user_pref("extensions.asktb.config-updated", true);
Deleted : user_pref("extensions.asktb.cr-o", "102869cr");
Deleted : user_pref("extensions.asktb.crumb", "2011.10.08+05.46.12-toolbar014iad-NZ-QXVja2xhbmQsTmV3IFplYWxhbm[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYNZ");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "NZXX0003");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "a216ab26-36ce-4781-93dd-a1cdf3ab324d");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1358664117703");
Deleted : user_pref("extensions.asktb.last-v", "3.13.1.100013");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Auckland,New Zealand");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Deleted : user_pref("extensions.asktb.o", "102869");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "8");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "9/10/2011 1:47:02 a.m.");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.13.1.100013");
Deleted : user_pref("extensions.asktb.version", "5.13.1.18107");
Deleted : user_pref("extensions.asktb.volume", "");

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [16658 octets] - [30/01/2013 21:58:28]

########## EOF - C:\AdwCleaner[S1].txt - [16719 octets] ##########




____________________________________________________________________

RKreport[1]!


RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Adam [Admin rights]
Mode : Scan -- Date : 01/30/2013 22:04:33
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK4055GSX ATA Device +++++
--- User ---
[MBR] 2eb5dc6f7b726d38af89f1026d0870d4
[BSP] 1a96e02e3a1cd3fb717e7d218623eb1b : Whistler/Sinowal MBR Code!
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 356268 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 732710912 | Size: 23783 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01302013_02d2204.txt >>
RKreport[1]_S_01302013_02d2204.txt


__________
Final Update For THIS post: I did a quick rescan with Nod32, and it finds the error still there. What do I do now?

Edited by Adaminator1, 30 January 2013 - 04:10 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:33 AM

Posted 30 January 2013 - 12:59 PM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Adaminator1

Adaminator1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 30 January 2013 - 06:15 PM

I can't post my TDSSKiller logs, so I'll throw them up on Pastebin instead. I can't even attatch them, so you'll just have to make do. Reason: Too long for a single post.

http://pastebin.com/sGdpaiv7
_______________________________________________________

aswMBR logs

NOTE: This seemed to hit a block with the scan, so I saved the logs and restarted it. Posting to see if this is enough info.

===

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-31 10:54:13
-----------------------------
10:54:13.639 OS Version: Windows x64 6.1.7600
10:54:13.640 Number of processors: 2 586 0x1706
10:54:13.641 ComputerName: TERMINATOR140 UserName: Adam
10:54:20.511 Initialize success
10:58:43.953 AVAST engine defs: 13013000
10:59:04.137 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:59:04.139 Disk 0 Vendor: TOSHIBA_MK4055GSX FG011M Size: 381554MB BusType: 11
10:59:04.160 Disk 0 MBR read successfully
10:59:04.163 Disk 0 MBR scan
10:59:04.168 Disk 0 Windows 7 default MBR code
10:59:04.197 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:59:04.216 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 356268 MB offset 3074048
10:59:04.245 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 23783 MB offset 732710912
10:59:04.291 Disk 0 scanning C:\Windows\system32\drivers
10:59:21.841 Service scanning
11:00:10.122 Modules scanning
11:00:10.144 Disk 0 trace - called modules:
11:00:10.199 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:00:10.216 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c05420]
11:00:10.224 3 CLASSPNP.SYS[fffff8800191843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004b11060]
11:00:12.577 AVAST engine scan C:\Windows
11:00:20.690 AVAST engine scan C:\Windows\system32
11:04:21.889 AVAST engine scan C:\Windows\system32\drivers
11:04:41.835 AVAST engine scan C:\Users\Adam
11:49:40.994 AVAST engine scan C:\ProgramData
12:06:50.668 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
12:06:50.684 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"

Edited by Adaminator1, 30 January 2013 - 06:33 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:33 AM

Posted 30 January 2013 - 09:37 PM

how are things now?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Adaminator1

Adaminator1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 30 January 2013 - 09:40 PM

how are things now?


Nod32 is no longer reporting an MBR virus. I think it might be gone.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:33 AM

Posted 30 January 2013 - 09:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Adaminator1

Adaminator1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 31 January 2013 - 12:27 AM

There were no problems running ComboFix. Here are the logs.

ComboFix 13-01-30.04 - Adam 31/01/2013 17:55:22.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.4061.2621 [GMT 13:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adam\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 05:14 . 2013-01-31 05:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-30 21:50 . 2013-01-30 21:50 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-30 10:15 . 2013-01-30 10:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-30 10:14 . 2013-01-30 10:13 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-30 10:14 . 2013-01-30 10:13 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-30 10:13 . 2013-01-30 10:13 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-29 12:17 . 2013-01-29 12:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 06:03 . 2013-01-31 04:54 -------- d-----w- c:\program files\PeerBlock
2013-01-27 12:46 . 2013-01-27 12:47 -------- d-----w- c:\users\Adam\AppData\Roaming\SPORE
2013-01-25 09:44 . 2013-01-25 09:44 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-01-25 09:43 . 2013-01-25 09:43 -------- d-----w- c:\users\Adam\AppData\Local\Procaster
2013-01-25 09:43 . 2013-01-25 09:43 -------- d-----w- c:\program files (x86)\Livestream Procaster
2013-01-25 06:10 . 2013-01-25 06:10 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2013-01-25 06:09 . 2013-01-25 06:09 -------- d-----w- c:\users\Adam\AppData\Local\Programs
2013-01-22 03:57 . 2013-01-22 04:09 -------- d-----w- c:\program files (x86)\Diablo III
2013-01-22 03:41 . 2013-01-22 03:41 -------- d-----w- c:\programdata\Battle.net
2013-01-21 14:32 . 2013-01-21 14:32 -------- d-----w- c:\programdata\ATI
2013-01-21 14:32 . 2013-01-21 14:32 -------- d-----w- c:\programdata\AMD
2013-01-21 14:32 . 2013-01-21 14:32 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-21 14:31 . 2013-01-21 14:31 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-21 14:31 . 2013-01-21 14:31 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-01-21 14:31 . 2013-01-21 14:31 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-01-20 06:42 . 2013-01-20 06:42 -------- d-----w- c:\users\Adam\AppData\Local\Macromedia
2013-01-19 23:07 . 2013-01-19 23:07 -------- d-----w- c:\program files (x86)\Winter Wolves
2013-01-19 12:38 . 2013-01-19 12:38 -------- d-----w- c:\windows\SysWow64\xlive
2013-01-18 04:19 . 2013-01-18 04:19 -------- d-----w- c:\program files (x86)\Common Files\Desura
2013-01-18 04:17 . 2013-01-18 13:03 -------- d-----w- c:\program files (x86)\Desura
2013-01-18 04:17 . 2013-01-18 04:17 -------- d-----w- c:\programdata\Desura
2013-01-16 08:54 . 2013-01-16 08:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-16 01:55 . 2013-01-16 14:00 -------- d-----w- c:\program files (x86)\Twine
2013-01-13 06:33 . 2013-01-13 06:33 -------- d-----w- C:\GOG Games
2013-01-13 06:18 . 2013-01-13 07:21 -------- d-----w- c:\users\Adam\AppData\Local\GOG.com
2013-01-13 06:17 . 2013-01-13 06:17 -------- d-----w- c:\program files (x86)\GOG.com
2013-01-10 14:42 . 2011-12-07 06:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2013-01-10 14:42 . 2013-01-10 14:42 -------- d-----w- c:\program files\MotioninJoy
2013-01-10 14:42 . 2012-05-11 23:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2013-01-10 14:42 . 2011-12-07 06:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2013-01-10 14:35 . 2013-01-10 14:35 -------- d-----w- c:\users\Adam\AppData\Roaming\MotioninJoy
2013-01-07 12:04 . 2013-01-07 12:04 -------- d-----w- C:\Games
2013-01-07 12:03 . 2013-01-07 12:03 -------- d-----w- c:\users\Adam\AppData\Local\Black_Tree_Gaming
2013-01-07 12:02 . 2013-01-07 12:02 -------- d-----w- c:\program files\Nexus Mod Manager
2013-01-06 14:06 . 2013-01-06 14:06 -------- d-----w- c:\program files (x86)\GPU-Z
2013-01-04 13:42 . 2013-01-04 13:42 -------- d-----w- c:\users\Adam\AppData\Local\A_Collaboration_between_T
2013-01-04 06:18 . 2013-01-04 06:18 -------- d-----w- c:\program files (x86)\Filfre
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 05:29 . 2010-11-30 09:43 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2013-01-17 16:44 . 2012-12-31 21:52 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 16:44 . 2011-07-18 01:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 03:49 . 2010-11-20 09:58 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-01-29 3179952]
"DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2009-03-13 1216931]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
"NCsoft Launcher"="c:\program files (x86)\NCsoft\Launcher\NCLauncher.exe" [2012-07-19 38744]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-18 3077528]
"Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-10-08 4441920]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-15 1354736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-7-26 0]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-1-21 4142448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MultiMon Taskbar.lnk - c:\program files (x86)\MMTaskbar\MultiMon.exe [2010-8-25 294912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2013-01-18 131912]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS [2011-01-13 19088]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Adam\AppData\Local\Temp\GPU-Z.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-06-14 139616]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-11 121416]
R3 RDID1093;UM-1G;c:\windows\system32\Drivers\rdwm1093.sys [2009-09-17 81920]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 X6va003;X6va003;c:\users\Adam\AppData\Local\Temp\003B3B5.tmp [x]
R3 X6va005;X6va005;c:\users\Adam\AppData\Local\Temp\005BC3D.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-28 14784]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-11-01 42248]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe [2009-03-13 552052]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-02 527216]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-01 389488]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-16 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-16 369952]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-16 292128]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2011-10-26 77352]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-01 40712]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-31 16:44]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198372926-2012000570-1437861238-1001Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 01:17]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198372926-2012000570-1437861238-1001UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584]
"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>;*.local;127.0.0.1:9421;
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-47446112.sys
SafeBoot-86343310.sys
AddRemove-Age of Empires 2 Gold by KZ_is1 - e:\age of empires\AoE2\unins000.exe
AddRemove-Champions Online - s:\cryptic studios\Uninstall Champions Online.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Dungeon Siege Legends of Aranna 1.0 - c:\program files (x86)\Microsoft Games\Dungeon Siege\UNINSTAL.EXE
AddRemove-EA Download Manager - c:\program files (x86)\Electronic Arts\EADownloadManager\EADMUninstall.exe
AddRemove-EVE - f:\eve online\Uninstall.exe
AddRemove-Fallout New Vegas_is1 - e:\games\Fallout New Vegas (Installed)\Fallout New Vegas\unins000.exe
AddRemove-Final Fantasy VII - s:\final fantasy vii\Uninst.isu
AddRemove-Metal Gear Solid 1.0 - f:\metal gear solid\Metal Gear Solid 1\Installed\UNINSTAL.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-RAR Key 5.5 Demo - c:\progra~2\Passware\demos\UNWISE.EXE
AddRemove-Steam App 104600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 11140 - e:\steam\steam.exe
AddRemove-Steam App 12210 - e:\steam\steam.exe
AddRemove-Steam App 18700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 20500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 211 - c:\program files\Steam\steam.exe
AddRemove-Steam App 215 - c:\program files\Steam\steam.exe
AddRemove-Steam App 218 - c:\program files\Steam\steam.exe
AddRemove-Steam App 22600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 24780 - e:\steam\steam.exe
AddRemove-Steam App 26500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 26800 - c:\program files\Steam\steam.exe
AddRemove-Steam App 26900 - c:\program files\Steam\steam.exe
AddRemove-Steam App 29180 - c:\program files\Steam\steam.exe
AddRemove-Steam App 31290 - e:\steam\steam.exe
AddRemove-Steam App 32370 - c:\program files\Steam\steam.exe
AddRemove-Steam App 34010 - e:\steam\steam.exe
AddRemove-Steam App 35140 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3720 - c:\program files\Steam\steam.exe
AddRemove-Steam App 38900 - c:\program files\Steam\steam.exe
AddRemove-Steam App 40700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 41100 - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-Steam App 49400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 49600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 55040 - c:\program files\Steam\steam.exe
AddRemove-Steam App 55110 - e:\steam\steam.exe
AddRemove-Steam App 57400 - e:\steam\steam.exe
AddRemove-Steam App 6100 - c:\program files\Steam\steam.exe
AddRemove-Steam App 629 - e:\steam\steam.exe
AddRemove-Steam App 63700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 70300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 8000 - e:\steam\steam.exe
AddRemove-Steam App 8980 - e:\steam\steam.exe
AddRemove-Steam App 93200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 94500 - e:\steam\steam.exe
AddRemove-Steam App 94510 - e:\steam\steam.exe
AddRemove-Steam App 94520 - e:\steam\steam.exe
AddRemove-Steam App 94530 - e:\steam\steam.exe
AddRemove-Steam App 96200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 9870 - e:\steam\steam.exe
AddRemove-Vue 9.5 xStream plugins 32bit - c:\program files (x86)\e-on software\Vue 9.5 xStream plugins\Uninstall.exe
AddRemove-Yawle_0.3b - c:\windows\iun6002.exe
AddRemove-{173F2B02-2AAA-414F-A2D8-44870BB98F7A} - c:\program files (x86)\InstallShield Installation Information\{173F2B02-2AAA-414F-A2D8-44870BB98F7A}\setup.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Adam\AppData\Local\Temp\003B3B5.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Adam\AppData\Local\Temp\005BC3D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3198372926-2012000570-1437861238-1001\Software\SecuROM\License information*]
"datasecu"=hex:51,95,0e,91,dc,83,7c,0d,96,c0,71,3a,ff,ea,d7,f1,c2,2a,bb,cd,f6,
8f,16,f8,26,d6,86,6d,e0,fb,c1,c2,26,36,44,53,04,63,dd,45,d7,f4,d3,d5,14,d5,\
"rkeysecu"=hex:6a,9f,c5,72,bf,cf,e5,41,05,1d,da,09,f8,a8,54,8c
.
[HKEY_USERS\S-1-5-21-3198372926-2012000570-1437861238-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):03,05,01,60,57,c2,81,ee,64,64,0f,4e,fa,d7,3d,4b,1d,e9,9c,05,ce,
ba,f8,bd,b6,bd,c9,a8,1b,0d,f8,ee,af,5d,8d,13,86,0f,4e,fc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3198372926-2012000570-1437861238-1001_Classes\Wow6432Node\CLSID\{90fd7c9f-9fa6-4301-8b92-f23b85ac8ee6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b2
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ad,9a,c1,a0,c1,d8,82,e5,41,6a,c5,83,e0,54,fc,1d,d1,4f,89,ea,c0,
af,df,76,20,46,92,82,10,50,56,eb,6e,35,a7,01,d3,96,b1,5b,04,54,96,31,2b,6c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7b,39,a3,86,09,3e,15,87,88,76,4d,8e,57,4b,58,3d,e2,f4,46,16,ad,
54,36,b8,eb,da,79,3b,ad,73,a6,43,49,a9,a9,49,a6,88,42,75,45,5d,3a,9a,f8,41,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ad,9a,c1,a0,c1,d8,82,e5,41,6a,c5,83,e0,54,fc,1d,d1,4f,89,ea,c0,
af,df,76,20,46,92,82,10,50,56,eb,6e,35,a7,01,d3,96,b1,5b,04,54,96,31,2b,6c,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7b,39,a3,86,09,3e,15,87,88,76,4d,8e,57,4b,58,3d,e2,f4,46,16,ad,
54,36,b8,eb,da,79,3b,ad,73,a6,43,49,a9,a9,49,a6,88,42,75,45,5d,3a,9a,f8,41,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\progra~2\DUMETE~1\DUMeter.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2013-01-31 18:24:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-31 05:24
ComboFix2.txt 2013-01-30 07:08
ComboFix3.txt 2013-01-29 13:56
.
Pre-Run: 66,592,673,792 bytes free
Post-Run: 66,607,230,976 bytes free
.
- - End Of File - - 0E57F5D10DF7D26433A741F11DC3C28C



__________________________

The computer is running fine so far!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:33 AM

Posted 31 January 2013 - 12:53 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Adaminator1

Adaminator1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 31 January 2013 - 03:11 AM

These are the ComboFix logs:

ComboFix 13-01-30.04 - Adam 31/01/2013 20:45:22.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.4061.2452 [GMT 13:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
Command switches used :: c:\users\Adam\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adam\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 08:01 . 2013-01-31 08:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-30 21:50 . 2013-01-30 21:50 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-30 10:15 . 2013-01-30 10:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-30 10:14 . 2013-01-30 10:13 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-30 10:14 . 2013-01-30 10:13 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-30 10:13 . 2013-01-30 10:13 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-29 12:17 . 2013-01-29 12:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 06:03 . 2013-01-31 04:54 -------- d-----w- c:\program files\PeerBlock
2013-01-27 12:46 . 2013-01-27 12:47 -------- d-----w- c:\users\Adam\AppData\Roaming\SPORE
2013-01-25 09:44 . 2013-01-25 09:44 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-01-25 09:43 . 2013-01-25 09:43 -------- d-----w- c:\users\Adam\AppData\Local\Procaster
2013-01-25 09:43 . 2013-01-25 09:43 -------- d-----w- c:\program files (x86)\Livestream Procaster
2013-01-25 06:10 . 2013-01-25 06:10 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2013-01-25 06:09 . 2013-01-25 06:09 -------- d-----w- c:\users\Adam\AppData\Local\Programs
2013-01-22 03:57 . 2013-01-22 04:09 -------- d-----w- c:\program files (x86)\Diablo III
2013-01-22 03:41 . 2013-01-22 03:41 -------- d-----w- c:\programdata\Battle.net
2013-01-21 14:32 . 2013-01-21 14:32 -------- d-----w- c:\programdata\ATI
2013-01-21 14:32 . 2013-01-21 14:32 -------- d-----w- c:\programdata\AMD
2013-01-21 14:32 . 2013-01-21 14:32 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-21 14:31 . 2013-01-21 14:31 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-21 14:31 . 2013-01-21 14:31 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-01-21 14:31 . 2013-01-21 14:31 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-01-20 06:42 . 2013-01-20 06:42 -------- d-----w- c:\users\Adam\AppData\Local\Macromedia
2013-01-19 23:07 . 2013-01-19 23:07 -------- d-----w- c:\program files (x86)\Winter Wolves
2013-01-19 12:38 . 2013-01-19 12:38 -------- d-----w- c:\windows\SysWow64\xlive
2013-01-18 04:19 . 2013-01-18 04:19 -------- d-----w- c:\program files (x86)\Common Files\Desura
2013-01-18 04:17 . 2013-01-18 13:03 -------- d-----w- c:\program files (x86)\Desura
2013-01-18 04:17 . 2013-01-18 04:17 -------- d-----w- c:\programdata\Desura
2013-01-16 08:54 . 2013-01-16 08:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-16 01:55 . 2013-01-16 14:00 -------- d-----w- c:\program files (x86)\Twine
2013-01-13 06:33 . 2013-01-13 06:33 -------- d-----w- C:\GOG Games
2013-01-13 06:18 . 2013-01-13 07:21 -------- d-----w- c:\users\Adam\AppData\Local\GOG.com
2013-01-13 06:17 . 2013-01-13 06:17 -------- d-----w- c:\program files (x86)\GOG.com
2013-01-10 14:42 . 2011-12-07 06:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2013-01-10 14:42 . 2013-01-10 14:42 -------- d-----w- c:\program files\MotioninJoy
2013-01-10 14:42 . 2012-05-11 23:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2013-01-10 14:42 . 2011-12-07 06:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2013-01-10 14:35 . 2013-01-10 14:35 -------- d-----w- c:\users\Adam\AppData\Roaming\MotioninJoy
2013-01-07 12:04 . 2013-01-07 12:04 -------- d-----w- C:\Games
2013-01-07 12:03 . 2013-01-07 12:03 -------- d-----w- c:\users\Adam\AppData\Local\Black_Tree_Gaming
2013-01-07 12:02 . 2013-01-07 12:02 -------- d-----w- c:\program files\Nexus Mod Manager
2013-01-06 14:06 . 2013-01-06 14:06 -------- d-----w- c:\program files (x86)\GPU-Z
2013-01-04 13:42 . 2013-01-04 13:42 -------- d-----w- c:\users\Adam\AppData\Local\A_Collaboration_between_T
2013-01-04 06:18 . 2013-01-04 06:18 -------- d-----w- c:\program files (x86)\Filfre
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 05:29 . 2010-11-30 09:43 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2013-01-17 16:44 . 2012-12-31 21:52 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 16:44 . 2011-07-18 01:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 03:49 . 2010-11-20 09:58 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-01-29 3179952]
"DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2009-03-13 1216931]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
"NCsoft Launcher"="c:\program files (x86)\NCsoft\Launcher\NCLauncher.exe" [2012-07-19 38744]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-18 3077528]
"Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-10-08 4441920]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-15 1354736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-7-26 0]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-1-21 4142448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MultiMon Taskbar.lnk - c:\program files (x86)\MMTaskbar\MultiMon.exe [2010-8-25 294912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2013-01-18 131912]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS [2011-01-13 19088]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Adam\AppData\Local\Temp\GPU-Z.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-06-14 139616]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-11 121416]
R3 RDID1093;UM-1G;c:\windows\system32\Drivers\rdwm1093.sys [2009-09-17 81920]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 X6va003;X6va003;c:\users\Adam\AppData\Local\Temp\003B3B5.tmp [x]
R3 X6va005;X6va005;c:\users\Adam\AppData\Local\Temp\005BC3D.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-28 14784]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-11-01 42248]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe [2009-03-13 552052]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-02 527216]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-01 389488]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-16 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-16 369952]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-16 292128]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2011-10-26 77352]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-01 40712]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-31 16:44]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198372926-2012000570-1437861238-1001Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 01:17]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198372926-2012000570-1437861238-1001UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584]
"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>;*.local;127.0.0.1:9421;
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4tzdesjv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Age of Empires 2 Gold by KZ_is1 - e:\age of empires\AoE2\unins000.exe
AddRemove-Champions Online - s:\cryptic studios\Uninstall Champions Online.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Dungeon Siege Legends of Aranna 1.0 - c:\program files (x86)\Microsoft Games\Dungeon Siege\UNINSTAL.EXE
AddRemove-EA Download Manager - c:\program files (x86)\Electronic Arts\EADownloadManager\EADMUninstall.exe
AddRemove-EVE - f:\eve online\Uninstall.exe
AddRemove-Fallout New Vegas_is1 - e:\games\Fallout New Vegas (Installed)\Fallout New Vegas\unins000.exe
AddRemove-Final Fantasy VII - s:\final fantasy vii\Uninst.isu
AddRemove-Metal Gear Solid 1.0 - f:\metal gear solid\Metal Gear Solid 1\Installed\UNINSTAL.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-RAR Key 5.5 Demo - c:\progra~2\Passware\demos\UNWISE.EXE
AddRemove-Steam App 104600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 11140 - e:\steam\steam.exe
AddRemove-Steam App 12210 - e:\steam\steam.exe
AddRemove-Steam App 18700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 20500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 211 - c:\program files\Steam\steam.exe
AddRemove-Steam App 215 - c:\program files\Steam\steam.exe
AddRemove-Steam App 218 - c:\program files\Steam\steam.exe
AddRemove-Steam App 22600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 24780 - e:\steam\steam.exe
AddRemove-Steam App 26500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 26800 - c:\program files\Steam\steam.exe
AddRemove-Steam App 26900 - c:\program files\Steam\steam.exe
AddRemove-Steam App 29180 - c:\program files\Steam\steam.exe
AddRemove-Steam App 31290 - e:\steam\steam.exe
AddRemove-Steam App 32370 - c:\program files\Steam\steam.exe
AddRemove-Steam App 34010 - e:\steam\steam.exe
AddRemove-Steam App 35140 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3720 - c:\program files\Steam\steam.exe
AddRemove-Steam App 38900 - c:\program files\Steam\steam.exe
AddRemove-Steam App 40700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 41100 - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-Steam App 49400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 49600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 55040 - c:\program files\Steam\steam.exe
AddRemove-Steam App 55110 - e:\steam\steam.exe
AddRemove-Steam App 57400 - e:\steam\steam.exe
AddRemove-Steam App 6100 - c:\program files\Steam\steam.exe
AddRemove-Steam App 629 - e:\steam\steam.exe
AddRemove-Steam App 63700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 70300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 8000 - e:\steam\steam.exe
AddRemove-Steam App 8980 - e:\steam\steam.exe
AddRemove-Steam App 93200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 94500 - e:\steam\steam.exe
AddRemove-Steam App 94510 - e:\steam\steam.exe
AddRemove-Steam App 94520 - e:\steam\steam.exe
AddRemove-Steam App 94530 - e:\steam\steam.exe
AddRemove-Steam App 96200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 9870 - e:\steam\steam.exe
AddRemove-Vue 9.5 xStream plugins 32bit - c:\program files (x86)\e-on software\Vue 9.5 xStream plugins\Uninstall.exe
AddRemove-Yawle_0.3b - c:\windows\iun6002.exe
AddRemove-{173F2B02-2AAA-414F-A2D8-44870BB98F7A} - c:\program files (x86)\InstallShield Installation Information\{173F2B02-2AAA-414F-A2D8-44870BB98F7A}\setup.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Adam\AppData\Local\Temp\003B3B5.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Adam\AppData\Local\Temp\005BC3D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3198372926-2012000570-1437861238-1001\Software\SecuROM\License information*]
"datasecu"=hex:51,95,0e,91,dc,83,7c,0d,96,c0,71,3a,ff,ea,d7,f1,c2,2a,bb,cd,f6,
8f,16,f8,26,d6,86,6d,e0,fb,c1,c2,26,36,44,53,04,63,dd,45,d7,f4,d3,d5,14,d5,\
"rkeysecu"=hex:6a,9f,c5,72,bf,cf,e5,41,05,1d,da,09,f8,a8,54,8c
.
[HKEY_USERS\S-1-5-21-3198372926-2012000570-1437861238-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):03,05,01,60,57,c2,81,ee,64,64,0f,4e,fa,d7,3d,4b,1d,e9,9c,05,ce,
ba,f8,bd,b6,bd,c9,a8,1b,0d,f8,ee,af,5d,8d,13,86,0f,4e,fc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3198372926-2012000570-1437861238-1001_Classes\Wow6432Node\CLSID\{90fd7c9f-9fa6-4301-8b92-f23b85ac8ee6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b2
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ad,9a,c1,a0,c1,d8,82,e5,41,6a,c5,83,e0,54,fc,1d,d1,4f,89,ea,c0,
af,df,76,20,46,92,82,10,50,56,eb,6e,35,a7,01,d3,96,b1,5b,04,54,96,31,2b,6c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7b,39,a3,86,09,3e,15,87,88,76,4d,8e,57,4b,58,3d,e2,f4,46,16,ad,
54,36,b8,eb,da,79,3b,ad,73,a6,43,49,a9,a9,49,a6,88,42,75,45,5d,3a,9a,f8,41,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ad,9a,c1,a0,c1,d8,82,e5,41,6a,c5,83,e0,54,fc,1d,d1,4f,89,ea,c0,
af,df,76,20,46,92,82,10,50,56,eb,6e,35,a7,01,d3,96,b1,5b,04,54,96,31,2b,6c,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7b,39,a3,86,09,3e,15,87,88,76,4d,8e,57,4b,58,3d,e2,f4,46,16,ad,
54,36,b8,eb,da,79,3b,ad,73,a6,43,49,a9,a9,49,a6,88,42,75,45,5d,3a,9a,f8,41,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\progra~2\DUMETE~1\DUMeter.exe
c:\users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2013-01-31 21:10:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-31 08:10
ComboFix2.txt 2013-01-31 05:24
ComboFix3.txt 2013-01-30 07:08
ComboFix4.txt 2013-01-29 13:56
.
Pre-Run: 66,613,784,576 bytes free
Post-Run: 66,318,233,600 bytes free
.
- - End Of File - - 57E198D3DF4518A76C47552B22A6ACA8

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:33 AM

Posted 31 January 2013 - 03:20 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Adaminator1

Adaminator1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 31 January 2013 - 03:24 AM

Err, I already did that?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:33 AM

Posted 31 January 2013 - 03:38 AM

Hello

Opps sorry wronge speech


I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Adaminator1

Adaminator1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 31 January 2013 - 03:54 AM

7-Zip 9.20
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe CMaps CS4
Adobe Color Common Settings
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Default Language CS3
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5.5
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS5
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Premiere Pro CS5.5
Adobe Reader 9.3
Adobe Setup
Adobe Story
Adobe Type Support
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Adventure Game Studio 3.2.1
Adventure Maker v4.4.0 (build1)
Age of Empires 2 Gold by KZ
Age of Empires Online
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
Allok 3GP PSP MP4 iPod Video Converter 4.8.0310
Alpha Protocol
AmpliTube Metal
And Yet It Moves
Antares Autotune VST v5.09
Apple Application Support
Apple Software Update
ASIO4ALL
Atmorex Fluids version 1.1
Atom Zombie Smasher
µTorrent
Audacity 1.2.6
Audacity 1.3.12 (Unicode)
Auto Gordian Knot 2.55
AviSynth 2.5
Back to the Future: Ep 1 - It's About Time
Back to the Future: Ep 2 - Get Tannen!
Back to the Future: Ep 3 - Citizen Brown
Back to the Future: Ep 4 - Double Visions
Back to the Future: Ep 5 - OUTATIME
Bamboo Dock
Batman: Arkham Asylum GOTY Edition
Batman: Arkham City™
Beat Hazard
BIT.TRIP BEAT
BitTorrent
Borderlands
Borderlands 2
Braid
CamStudio
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Pro Control Center
Cave Story+
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Celtx (2.9)
Champions Online
Cheat Engine 6.1
CityEngine
Cogs
Combined Community Codec Pack 2012-12-30
Command & Conquer 3
Command & Conquer The First Decade
Command & Conquer™ 3: Kane's Wrath
Command & Conquer™ Red Alert™ 3 Uprising
Costume Quest
Crayon Physics Deluxe
Crazy Taxi
Curse Client
D3DX10
dBpoweramp [Arrange Audio] Codec
dBpoweramp [Audio Info] Codec
dBpoweramp [Channel Split] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [Length Split] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp [Tag From Filename] Codec
dBpoweramp DSP Effects
dBpoweramp Music Converter
Desura
Devil May Cry 4
Dragon Age: Origins
Driver Genius Professional Edition
DU Meter
Dual-Core Optimizer
Dungeon Siege Legends of Aranna
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.0.6.1 (18/12/2010)
EA Download Manager
EA Download Manager UI
East West EWQLSO Gold Edition
Edirol HQ Orchestral VSTi v1.03
Edirol Super Quartet v1.52 TALiO
Eets
erLT
EVE Online (remove only)
Evil Genius
Fable III
FaceGen Modeller 3.1
Fallout New Vegas
Faster Than Light
FFCoder 1.3.0.3
FileZilla Server
Filfre 1.01
Final Draft
FINAL FANTASY XIV
FL Studio 10
FL Studio 9
FLAC 1.2.1b (remove only)
Flexible Survival
foobar2000 v1.0
Fraps (remove only)
FTL version 1.02.6
GameStudio / A7
Genesys USB Mass Storage Device
Ghostbusters: The Video Game
GOG.com Downloader version 3.3.5
GoldWave v5.55
Google Chrome
Google Earth
Grand Theft Auto IV
GSMULTI V3.0
GTA San Andreas
Hammerfight
Heileen 3 New Horizons version 1.1b
HF pAppLoc version 0.8
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotspot Shield 2.76
IL Download Manager
Inform 7
Inno Setup version 5.2.3
Internet Download Manager 5.18.8.0
Java 7 Update 11
Java Auto Updater
Java™ 6 Update 18
JDownloader
K-Lite Codec Pack 5.6.1 (Full)
Knoll Light Factory 2.5
Lagarith Lossless Codec (1.3.20)
LAME v3.98.3 for Audacity
League of Legends
LightWave 10.0
LightWave 3D 9.5 64bit 64bit 64bit
LightWave 3D 9.6 64bit
Livestream Procaster
Mabinogi
Machinarium
Magic ISO Maker v5.5 (build 0281)
Magic: The Gathering - Duels of the Planeswalkers
Malwarebytes Anti-Malware version 1.70.0.1100
ManyCam 2.6.60 (remove only)
Maxwell 2
Maxwell Plugin for Lightwave
Medal of Honor ™
Messenger Companion
Metal Gear Solid
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mIRC
Mirror's Edge™
MKVtoolnix 4.3.0
Monkey's Audio
Mozilla Firefox (3.6.17)
MSI Afterburner 2.1.0
MSVCRT
MultiMon TaskBar 2.1
MUSHclient (remove only)
Native Instruments Controller Editor
Native Instruments Guitar Rig 4
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig Mobile I/O
Native Instruments Guitar Rig Session I/O
Native Instruments Massive
Native Instruments Rig Kontrol 3
Native Instruments Service Center
Native Instruments Traktor 2
NCsoft Launcher
Nexon Game Manager
NVIDIA PhysX
ObjectDock Plus 2
OCTGN
OnLive
OpenAL
Osmos
Ozone 3 64bit
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PDF Settings CS5
Photoshop Camera Raw
piaip AppLocale
Pixel Bender Toolkit
PoiZone
Portal 2 - The Final Hours
Portal 2 Authoring Tools - Beta
PowerISO
PunkBuster Services
PxMergeModule
Quest 4.1.5
QuickTime
RAD Video Tools
Rags Suite
RapidShare Manager
Rapture3D 2.3.26 Game
RAR Key Demo
RAR Password Cracker 4.12
Real Alternative 2.0.2
RealFlow 5
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Red Faction: Armageddon
Red Faction: Guerrilla
reFX Slayer Demo 2.6.0
Revenge of the Titans
RGSS-RTP Standard
Rhythm Zone
RocketDock 1.3.5
Rockstar Games Social Club
Rosetta Stone V3
RPG Maker VX
RPG Maker VX RTP
S4 League_EU
Samsung Kies
Sawer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Sentinel Protection Installer 7.6.1
Shaun White Skateboarding
Sherlock Holmes: The Awakened - Remastered
ShockWave 1.1
Sid Meier's Civilization V
SimCity 4 Deluxe
Skype Toolbars
Skype™ 6.1
Sleeping Dogs™
Songsmith
Sonic Adventure DX
Sonic Adventure™ 2
Source SDK
Source SDK Base
Source SDK Base 2007
Space Channel 5: Part 2
SpaceChem
SPORE™
StageLight version 1.0 (Build 3344)
Star Wars: Knights of the Old Republic
Stardock Software
Steam
Steel Storm: Burning Retribution
Suite Shared Configuration CS4
Super Crate Box
Super Street Fighter IV: Arcade Edition
SwapXT 1.0
Team Fortress 2
TechPowerUp GPU-Z
Terragen
Terraria
The Elder Scrolls V: Skyrim
Tomb Raider: Anniversary
Tony Hawk's Underground 2
Torchlight II
Toxic Biohazard
TreeSize Free V2.7
TreeSize Professional 5.3.1
Tribler (remove only)
Trillian
TrueCrypt
Twine 1.3.5 (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Office 2007 (KB934391)
Update for Outlook 2007 Junk Email Filter (kb977719)
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.4
VobSub v2.23 (Remove Only)
VOCALOID2 Editor V2.0.2.4J
VOCALOID2 Expression DB (Standard)
VOCALOID2 Voice DB (Miku)
VOCALOID2 VSTi V2.0.2.0
Vue 10 xStream 32bit
Vue 9.5 xStream 64bit
Vue 9.5 xStream plugins 32bit
Vue 9.5 xStream plugins 64bit
VVVVVV
WBFS Manager 3.0
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
World of Warcraft
Worms Reloaded
XChat 2 (remove only)
Xfire (remove only)
YAWLE 0.5b
ZBrush 3.5 R3


I want to ask why you want to know what applications are on my computer?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users