Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect. Possibly from MTC.makemesearch


  • This topic is locked This topic is locked
23 replies to this topic

#1 hk101

hk101

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 08 April 2013 - 10:27 AM

Mod edit: moved to Virus, Trojan, Spyware, and Malware Removal Logs             ~~boopme

 

 

Sometimes when I click on google (non-ad) links, I get redirected to ad sites or suspicious sites instead. I know I have a google redirect virus. I think it all started when my Win 7 laptop contracted the medfos trojan. Security Essentials deleted the two files infected with this trojan. However, I am still getting redirect problems. Also, I had decreased pc performance after infection. My laptop sometimes freezes and beeps when I want to type/click. Even the mouse freezes. I think I got this fixed by having other antivirus software delete some files. I believe this may have something to do with the (removed?) tojan infection. Furthermore, I noticed some strange files popped up in the appdata folder: ntuser.dat, ntuser.dat.LOG1, ntuser.dat.LOG2, none of which I can delete.  

 

I think the Redirect is caused by MTC.makemesearch. I ran Kaspersky recovery disk (my pc still boots normally) and did a full scan. It came across a file that's password protected. It was named (******)[wildcard]MTC.ini or something like that. Any help on at least removing the redirect is appreciated.

 

Software I ran:

 

AdwCleaner

aswMBR

ATF-Cleaner

ComboFix (I had to resort since no software detects my issues. This was used after noticing decreased pc performance.)

Kaspersky recovery disk (Included full scan)

Malwarebytes

Microsoft Security Essentials

RogueKillerX64

Sophos Virus Removal Tool

SUPERAntiSpyware Free Edition

tdsskiller

 

I am willing to run scans again. I lost some logs.


Edited by boopme, 12 April 2013 - 05:47 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:40 PM

Posted 11 April 2013 - 09:45 PM

Hello, having run Combofix we need you to repost with that log here..........

 

Virus, Trojan, Spyware, and Malware Removal Logs            


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hk101

hk101
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 12 April 2013 - 02:52 PM

I ran ComboFix. After running and rebooting, I can't access the internet anymore with both wired and wireless connections. I cannot neither confirm nor deny that the infection is removed since I have no internet connection.

 

Here is the ComboFix log:

 

ComboFix 13-04-12.02 - Howard 04/12/2013  13:05:48.16.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4007.2703 [GMT -4:00]
Running from: c:\users\Howard\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Howard\AppData\Local\assembly\tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache64\services.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-12 to 2013-04-12  )))))))))))))))))))))))))))))))
.
.
2013-04-12 17:19 . 2013-04-12 17:21    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-04-12 17:19 . 2013-04-12 17:19    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-04-12 17:19 . 2013-04-12 17:19    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2013-04-12 17:19 . 2013-04-12 17:19    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-12 14:48 . 2013-03-15 06:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10875FEB-49CC-42D7-88AC-59476EAF6AAB}\mpengine.dll
2013-04-11 04:26 . 2013-04-11 04:26    --------    d-----w-    c:\users\Howard\AppData\Roaming\Oracle
2013-04-11 02:09 . 2013-04-11 02:09    --------    d-----w-    c:\users\Howard\AppData\Local\Microsoft_Corporation
2013-04-11 00:45 . 2013-03-15 06:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-06 16:05 . 2013-04-06 16:05    --------    d-----w-    c:\users\Howard\.thumbnails
2013-04-06 05:19 . 2013-04-06 05:19    --------    d-----w-    c:\users\Howard\AppData\Local\fontconfig
2013-04-06 05:19 . 2013-04-09 17:17    --------    d-----w-    c:\users\Howard\.gimp-2.8
2013-04-06 05:19 . 2013-04-06 05:19    --------    d-----w-    c:\users\Howard\AppData\Local\gegl-0.2
2013-04-05 23:19 . 2013-04-09 04:04    --------    d-----w-    c:\program files (x86)\Pando Networks
2013-04-04 23:20 . 2013-04-04 23:20    --------    d-----w-    c:\users\Howard\AppData\Roaming\NBOS
2013-04-04 22:43 . 2013-04-05 20:17    --------    d-----w-    c:\programdata\Tarma Installer
2013-04-04 22:43 . 2013-04-04 22:44    --------    d-----w-    c:\users\Howard\AppData\Roaming\ExpressFiles
2013-04-02 21:49 . 2013-04-02 21:49    --------    d-----w-    c:\users\Howard\AppData\Local\Adobe
2013-04-02 19:49 . 2013-04-04 02:42    --------    d-----w-    c:\users\Howard\.maptool
2013-04-01 22:18 . 2013-04-01 22:18    --------    d-----w-    c:\users\Howard\AppData\Local\TERA
2013-04-01 21:32 . 2013-04-02 05:00    --------    d-----w-    c:\programdata\HappyCloud
2013-04-01 20:42 . 2013-04-01 20:42    --------    d-----w-    c:\users\Howard\AppData\Roaming\Unity
2013-04-01 20:17 . 2013-04-01 20:17    --------    d-----w-    c:\users\Howard\AppData\Local\Unity
2013-03-28 20:19 . 2013-04-05 20:14    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-28 16:00 . 2013-03-28 16:02    --------    d-----w-    c:\users\Howard\AppData\Local\NVIDIA
2013-03-28 15:42 . 2012-05-15 11:13    144896    ----a-w-    c:\windows\system32\IntelOpenCL64.dll
2013-03-28 15:42 . 2012-05-15 10:20    104448    ----a-w-    c:\windows\SysWow64\IntelOpenCL32.dll
2013-03-28 05:04 . 2013-03-28 05:04    --------    d-----w-    c:\users\Howard\AppData\Local\The Lord of the Rings Online
2013-03-28 04:12 . 2013-04-05 22:40    --------    d-----w-    c:\users\Howard\AppData\Local\Turbine
2013-03-28 04:11 . 2013-04-05 23:12    --------    d-----w-    c:\users\Howard\AppData\Local\ApplicationHistory
2013-03-28 00:08 . 2013-03-28 00:39    --------    d-----w-    c:\users\Howard\AppData\Roaming\FreeFixer
2013-03-28 00:08 . 2013-03-28 00:35    --------    d-----w-    c:\users\Howard\AppData\Local\FreeFixer
2013-03-22 21:56 . 2013-03-22 21:56    208216    ----a-w-    c:\windows\system32\drivers\02597645.sys
2013-03-22 14:14 . 2013-03-22 14:14    279024    ----a-w-    c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-03-22 14:14 . 2013-03-22 14:14    515568    ----a-w-    c:\windows\system32\igfxsrvc.exe
2013-03-22 14:14 . 2013-03-22 14:14    442352    ----a-w-    c:\windows\system32\igfxpers.exe
2013-03-22 14:14 . 2013-03-22 14:14    254960    ----a-w-    c:\windows\system32\igfxext.exe
2013-03-22 14:14 . 2013-03-22 14:14    172016    ----a-w-    c:\windows\system32\igfxtray.exe
2013-03-22 14:14 . 2013-03-22 14:14    5905904    ----a-w-    c:\windows\system32\GfxUI.exe
2013-03-22 14:14 . 2013-03-22 14:14    399856    ----a-w-    c:\windows\system32\hkcmd.exe
2013-03-22 14:14 . 2013-03-22 14:14    185840    ----a-w-    c:\windows\system32\difx64.exe
2013-03-21 02:14 . 2013-03-21 02:15    --------    d-----w-    c:\program files (x86)\PDFCanvas
2013-03-20 23:47 . 2013-03-20 23:47    --------    d-----w-    c:\programdata\Sophos
2013-03-20 23:47 . 2013-03-20 23:47    73728    ----a-r-    c:\users\Howard\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-20 23:47 . 2013-03-20 23:47    73728    ----a-r-    c:\users\Howard\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-20 23:47 . 2013-03-20 23:47    73728    ----a-r-    c:\users\Howard\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-03-20 23:47 . 2013-03-20 23:47    --------    d-----w-    c:\program files (x86)\Sophos
2013-03-20 23:12 . 2012-11-28 17:05    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67107515-7D2A-4A66-B98D-C69EB64FDFE9}\gapaengine.dll
2013-03-20 18:37 . 2013-03-20 18:37    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-03-20 16:45 . 2013-03-20 16:45    --------    d-----w-    c:\program files (x86)\ESET
2013-03-20 16:33 . 2013-03-20 16:33    208216    ----a-w-    c:\windows\system32\drivers\18197339.sys
2013-03-20 01:08 . 2013-04-10 17:09    --------    d-----w-    c:\programdata\Hero Lab Starter Edition
2013-03-20 01:08 . 2013-03-20 01:09    --------    d-----w-    c:\program files (x86)\Hero Lab Starter Edition
2013-03-16 18:02 . 2013-04-10 01:34    --------    d-----w-    c:\users\Howard\AppData\Roaming\.technic
2013-03-16 17:12 . 2013-03-16 17:12    310688    ----a-w-    c:\windows\system32\javaws.exe
2013-03-16 17:12 . 2013-03-16 17:12    108448    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-16 17:12 . 2013-03-16 17:12    188832    ----a-w-    c:\windows\system32\javaw.exe
2013-03-16 17:12 . 2013-03-16 17:12    188320    ----a-w-    c:\windows\system32\java.exe
2013-03-16 17:12 . 2013-03-16 17:12    --------    d-----w-    c:\program files\Java
2013-03-16 17:11 . 2013-03-16 17:11    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-03-16 17:11 . 2013-03-16 17:11    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-16 17:10 . 2013-03-16 17:10    --------    d-----w-    c:\program files (x86)\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 17:21 . 2011-05-29 06:13    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2013-04-02 10:34 . 2011-05-29 06:23    282744    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-21 17:18 . 2012-03-30 01:35    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-21 17:18 . 2011-08-04 23:10    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-16 17:12 . 2012-03-31 15:51    1085344    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-16 17:12 . 2012-03-02 05:32    963488    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-16 17:10 . 2012-07-02 13:57    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-16 17:10 . 2011-12-23 05:28    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-15 05:53 . 2011-04-27 12:25    1118776    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2011-04-27 12:25    2864144    ----a-w-    c:\windows\system32\nvapi64.dll
2013-03-15 04:16 . 2010-12-05 10:12    3477280    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2010-12-05 10:13    6398240    ----a-w-    c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2010-12-05 10:13    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-03-15 04:16 . 2010-12-05 10:13    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2010-12-05 10:13    76064    ----a-w-    c:\windows\system32\nv3dappshextr.dll
2013-03-15 04:16 . 2010-12-05 10:13    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2010-12-05 10:13    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2010-12-05 10:13    1016096    ----a-w-    c:\windows\system32\nv3dappshext.dll
2013-03-13 16:24 . 2010-12-05 10:13    3065455    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-03-12 23:16 . 2011-05-31 07:17    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-12 19:10 . 2013-03-12 19:10    342528    ----a-w-    c:\windows\system32\drivers\IntcDAud.sys
2013-03-12 19:10 . 2013-03-12 19:10    16896    ----a-w-    c:\windows\system32\IntcDAuC.dll
2013-03-12 19:10 . 2013-03-12 19:10    116224    ----a-w-    c:\windows\system32\igfxCoIn_v3062.dll
2013-03-08 23:13 . 2010-11-28 13:11    12858368    ----a-w-    c:\windows\system32\igd10umd64.dll
2013-03-08 23:12 . 2013-03-08 23:12    11175424    ----a-w-    c:\windows\SysWow64\igd10umd32.dll
2013-03-08 23:10 . 2013-03-08 23:10    80384    ----a-w-    c:\windows\system32\igdde64.dll
2013-03-08 23:10 . 2013-03-08 23:10    5358016    ----a-w-    c:\windows\system32\drivers\igdkmd64.sys
2013-03-08 23:10 . 2013-03-08 23:10    12615680    ----a-w-    c:\windows\system32\igdumd64.dll
2013-03-08 23:10 . 2013-03-08 23:10    11049472    ----a-w-    c:\windows\SysWow64\igdumd32.dll
2013-03-08 23:10 . 2013-03-08 23:10    64512    ----a-w-    c:\windows\SysWow64\igdde32.dll
2013-03-08 23:09 . 2013-03-08 23:09    439808    ----a-w-    c:\windows\system32\igfxrfra.lrc
2013-03-08 23:09 . 2013-03-08 23:09    439296    ----a-w-    c:\windows\system32\igfxrrus.lrc
2013-03-08 23:09 . 2013-03-08 23:09    439296    ----a-w-    c:\windows\system32\igfxrrom.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrsky.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrptg.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrplk.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrnld.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrita.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrhrv.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438272    ----a-w-    c:\windows\system32\igfxrhun.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437760    ----a-w-    c:\windows\system32\igfxrtrk.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437760    ----a-w-    c:\windows\system32\igfxrsve.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437760    ----a-w-    c:\windows\system32\igfxrslv.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437760    ----a-w-    c:\windows\system32\igfxrptb.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437760    ----a-w-    c:\windows\system32\igfxrnor.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437248    ----a-w-    c:\windows\system32\igfxrtha.lrc
2013-03-08 23:09 . 2013-03-08 23:09    435712    ----a-w-    c:\windows\system32\igfxrheb.lrc
2013-03-08 23:09 . 2013-03-08 23:09    432128    ----a-w-    c:\windows\system32\igfxrjpn.lrc
2013-03-08 23:09 . 2013-03-08 23:09    431104    ----a-w-    c:\windows\system32\igfxrkor.lrc
2013-03-08 23:09 . 2010-11-28 12:45    64000    ----a-w-    c:\windows\system32\igfxsrvc.dll
2013-03-08 23:09 . 2010-11-28 12:44    9007616    ----a-w-    c:\windows\system32\igfxress.dll
2013-03-08 23:09 . 2013-03-08 23:09    9728    ----a-w-    c:\windows\system32\IGFXDEVLib.dll
2013-03-08 23:09 . 2013-03-08 23:09    442880    ----a-w-    c:\windows\system32\igfxdev.dll
2013-03-08 23:09 . 2013-03-08 23:09    440320    ----a-w-    c:\windows\system32\igfxrell.lrc
2013-03-08 23:09 . 2013-03-08 23:09    439808    ----a-w-    c:\windows\system32\igfxresn.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrdeu.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438272    ----a-w-    c:\windows\system32\igfxrfin.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438272    ----a-w-    c:\windows\system32\igfxrcsy.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437248    ----a-w-    c:\windows\system32\igfxrdan.lrc
2013-03-08 23:09 . 2013-03-08 23:09    435712    ----a-w-    c:\windows\system32\igfxrara.lrc
2013-03-08 23:09 . 2013-03-08 23:09    429056    ----a-w-    c:\windows\system32\igfxrcht.lrc
2013-03-08 23:09 . 2013-03-08 23:09    428544    ----a-w-    c:\windows\system32\igfxrchs.lrc
2013-03-08 23:09 . 2013-03-08 23:09    410624    ----a-w-    c:\windows\system32\igfxTMM.dll
2013-03-08 23:09 . 2013-03-08 23:09    384512    ----a-w-    c:\windows\system32\igfxpph.dll
2013-03-08 23:09 . 2013-03-08 23:09    28672    ----a-w-    c:\windows\system32\igfxexps.dll
2013-03-08 23:09 . 2013-03-08 23:09    286208    ----a-w-    c:\windows\system32\igfxrenu.lrc
2013-03-08 23:09 . 2013-03-08 23:09    175104    ----a-w-    c:\windows\system32\gfxSrvc.dll
2013-03-08 23:09 . 2013-03-08 23:09    142336    ----a-w-    c:\windows\system32\igfxdo.dll
2013-03-08 23:09 . 2013-03-08 23:09    126976    ----a-w-    c:\windows\system32\igfxcpl.cpl
2013-03-08 23:09 . 2010-11-28 12:45    110592    ----a-w-    c:\windows\system32\hccutils.dll
2013-03-08 23:09 . 2013-03-08 23:09    330752    ----a-w-    c:\windows\SysWow64\igfxdv32.dll
2013-03-08 23:09 . 2013-03-08 23:09    25088    ----a-w-    c:\windows\SysWow64\igfxexps32.dll
2013-03-08 23:09 . 2013-03-08 23:09    10811904    ----a-w-    c:\windows\SysWow64\ig4icd32.dll
2013-03-08 23:08 . 2013-03-08 23:08    13030912    ----a-w-    c:\windows\system32\ig4icd64.dll
2013-03-08 23:06 . 2013-03-08 23:06    931840    ----a-w-    c:\windows\SysWow64\igfxcmrt32.dll
2013-03-08 23:06 . 2013-03-08 23:06    575488    ----a-w-    c:\windows\system32\igfx11cmrt64.dll
2013-03-08 23:06 . 2013-03-08 23:06    542720    ----a-w-    c:\windows\SysWow64\igfx11cmrt32.dll
2013-03-08 23:06 . 2013-03-08 23:06    3511296    ----a-w-    c:\windows\system32\igfxcmjit64.dll
2013-03-08 23:06 . 2013-03-08 23:06    3121152    ----a-w-    c:\windows\SysWow64\igfxcmjit32.dll
2013-03-08 23:06 . 2013-03-08 23:06    1040384    ----a-w-    c:\windows\system32\igfxcmrt64.dll
2013-03-06 10:38 . 2011-06-11 06:58    770384    ----a-w-    c:\windows\SysWow64\msvcr100.dll
2013-03-06 10:38 . 2011-06-11 06:58    421200    ----a-w-    c:\windows\SysWow64\msvcp100.dll
2013-02-28 18:16 . 2012-06-30 20:26    661600    ----a-w-    c:\windows\SysWow64\xsherlock.xem
2013-02-28 13:57 . 2013-03-12 23:09    1188864    ----a-w-    c:\windows\system32\wininet.dll
2013-02-28 13:57 . 2013-03-12 23:09    1493504    ----a-w-    c:\windows\system32\urlmon.dll
2013-02-28 13:57 . 2013-03-12 23:09    134144    ----a-w-    c:\windows\system32\url.dll
2013-02-28 13:57 . 2013-03-12 23:09    9061376    ----a-w-    c:\windows\system32\mshtml.dll
2013-02-28 13:57 . 2013-03-12 23:09    735744    ----a-w-    c:\windows\system32\msfeeds.dll
2013-02-28 13:57 . 2013-03-12 23:09    97792    ----a-w-    c:\windows\system32\mshtmled.dll
2013-02-28 13:57 . 2013-03-12 23:09    12296192    ----a-w-    c:\windows\system32\ieframe.dll
2013-02-28 13:57 . 2013-03-12 23:09    2458112    ----a-w-    c:\windows\system32\iertutil.dll
2013-02-28 13:57 . 2013-03-12 23:09    247808    ----a-w-    c:\windows\system32\ieui.dll
2013-02-28 13:57 . 2013-03-12 23:09    65024    ----a-w-    c:\windows\system32\jsproxy.dll
2013-02-28 13:37 . 2013-03-12 23:09    981504    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-02-28 12:03 . 2013-03-12 23:09    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2013-02-28 11:38 . 2013-03-12 23:09    1638912    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-02-12 05:45 . 2013-03-12 23:07    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 23:07    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 23:07    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-12 23:07    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Howard\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-26 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-26 298144]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-26 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-26 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-26 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-24 283136]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 dump_wmimmc;dump_wmimmc;d:\games\Lineage 2\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [2010-03-08 121800]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [2010-03-08 121800]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 sj;sj;d:\games\AeriaGames\EdenEternal\sjcs64.sys [2012-04-07 47224]
R3 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-11-28 548264]
R3 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-10-17 386920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-29 1255736]
R3 X6va005;X6va005;c:\users\Howard\AppData\Local\Temp\005846B.tmp [x]
R3 X6va006;X6va006;c:\users\Howard\AppData\Local\Temp\006BD92.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-11 279616]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-26 28832]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2012-11-08 249584]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2012-11-08 77040]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 342528]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-27 349800]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&CUI=UN39402187121317630&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - express-files Customized Web Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - ExtSQL: 2013-03-16 19:07; {0cf97b62-2e39-472f-a3be-7c99477e3800}; c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\extensions\{0cf97b62-2e39-472f-a3be-7c99477e3800}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-84835535.sys
AddRemove-Alganon2.7.0.2510 - c:\windows\Alganon\uninstall.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-Future Pinball_is1 - c:\games\Future Pinball\unins000.exe
AddRemove-HTC_WModemDriver - c:\program files (x86)\HTC\WModem_Installer\WModemDriver.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Howard\AppData\Local\Temp\005846B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Howard\AppData\Local\Temp\006BD92.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3284081118-1442337820-2178939503-1002\Software\SecuROM\License information*]
"datasecu"=hex:3c,5d,81,72,ee,86,a5,b4,2a,a8,bf,29,b9,02,a8,c6,c2,ca,b9,d5,59,
   e7,be,d4,58,c6,3a,c7,85,58,38,1f,08,b0,00,1b,5c,19,16,7e,e6,b8,97,48,41,39,\
"rkeysecu"=hex:33,e0,c3,8b,4c,6a,dd,4c,1c,07,24,63,51,38,5e,8e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-04-12  13:27:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-12 17:27
ComboFix2.txt  2013-04-03 22:24
ComboFix3.txt  2013-04-03 21:57
.
Pre-Run: 12,279,828,480 bytes free
Post-Run: 12,948,561,920 bytes free
.
- - End Of File - - C67FC536BB0369B14B6C35DC126A4FC0
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 PM

Posted 13 April 2013 - 07:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Try this and check your internet connectivity.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If that fails to restore you Internet try to restore you system to a date prior to your problem issue.

What are the system recovery options in Windows 7?
http://windows.microsoft.com/en-IN/windows7/What-are-the-system-recovery-options-in-Windows-7

<<<>>>

If all fails can you boot to safe mode with Internet connectivity.

How to boot to Safe Mode, Vista - Windows 7
http://www.computerhope.com/issues/chsafe.htm#03

#5 hk101

hk101
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 13 April 2013 - 09:42 AM

Ok. The flushing the dns fixed the internet. Yes, I'm on Windows 7. Even though ComboFix found and delected an infection, I am still getting redirects.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 PM

Posted 13 April 2013 - 10:39 AM

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#7 hk101

hk101
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 13 April 2013 - 11:09 AM

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.17.2
Run by Howard at 11:46:16 on 2013-04-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4007.2188 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Howard\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Howard\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: af0.Adblock.BHO: {90EFF544-3981-4d46-85C9-C0361D0931D6} -
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Akamai NetSession Interface] "C:\Users\Howard\AppData\Local\Akamai\netsession_win.exe"
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: $talisma_url$
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: Interfaces\{2BB001A6-C64C-4098-AB3A-DE6AD7C654AD} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2BB001A6-C64C-4098-AB3A-DE6AD7C654AD}\2375942554637353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2BB001A6-C64C-4098-AB3A-DE6AD7C654AD}\75F6E676 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2BB001A6-C64C-4098-AB3A-DE6AD7C654AD}\C4C43574B4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{61CB2FAE-9389-43B4-A865-C89847C0A79D} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&CUI=UN39402187121317630&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - express-files Customized Web Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Howard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-16 19:07; {0cf97b62-2e39-472f-a3be-7c99477e3800}; C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\extensions\{0cf97b62-2e39-472f-a3be-7c99477e3800}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-3-28 30496]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-11 279616]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-4-27 379520]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-16 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-27 2656280]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-11-25 28832]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-9-8 129024]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-3-28 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-12 342528]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-6 349800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-8-11 44032]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-11-25 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-11-25 298144]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-11-25 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-11-25 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-11-25 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-1-24 283136]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2011-5-29 121800]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2011-5-29 121800]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-5-31 15360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 sj;sj;D:\Games\AeriaGames\EdenEternal\sjcs64.sys [2012-4-7 47224]
S3 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-11-28 548264]
S3 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-10-16 386920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-29 1255736]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-12 17:29:13    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{942B794F-B89A-4CF5-9720-AD976408B5E4}\mpengine.dll
2013-04-12 17:21:51    --------    d-----w-    C:\$RECYCLE.BIN
2013-04-11 02:09:19    --------    d-----w-    C:\Users\Howard\AppData\Local\Microsoft_Corporation
2013-04-11 00:45:23    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-06 16:05:14    --------    d-----w-    C:\Users\Howard\.thumbnails
2013-04-06 05:19:07    --------    d-----w-    C:\Users\Howard\AppData\Local\fontconfig
2013-04-06 05:19:06    --------    d-----w-    C:\Users\Howard\AppData\Local\gegl-0.2
2013-04-06 05:19:06    --------    d-----w-    C:\Users\Howard\.gimp-2.8
2013-04-05 23:19:56    --------    d-----w-    C:\Program Files (x86)\Pando Networks
2013-04-04 23:20:34    --------    d-----w-    C:\Users\Howard\AppData\Roaming\NBOS
2013-04-04 22:43:58    --------    d-----w-    C:\ProgramData\Tarma Installer
2013-04-04 22:43:52    --------    d-----w-    C:\Users\Howard\AppData\Roaming\ExpressFiles
2013-04-03 21:49:06    98816    ----a-w-    C:\Windows\sed.exe
2013-04-03 21:49:06    256000    ----a-w-    C:\Windows\PEV.exe
2013-04-03 21:49:06    208896    ----a-w-    C:\Windows\MBR.exe
2013-04-02 21:49:23    --------    d-----w-    C:\Users\Howard\AppData\Local\Adobe
2013-04-02 19:49:54    --------    d-----w-    C:\Users\Howard\.maptool
2013-04-01 22:18:19    --------    d-----w-    C:\Users\Howard\AppData\Local\TERA
2013-04-01 21:32:58    --------    d-----w-    C:\ProgramData\HappyCloud
2013-04-01 20:42:35    --------    d-----w-    C:\Users\Howard\AppData\Roaming\Unity
2013-04-01 20:17:02    --------    d-----w-    C:\Users\Howard\AppData\Local\Unity
2013-03-28 20:19:15    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-28 16:00:47    --------    d-----w-    C:\Users\Howard\AppData\Local\NVIDIA
2013-03-28 15:42:57    144896    ----a-w-    C:\Windows\System32\IntelOpenCL64.dll
2013-03-28 15:42:53    104448    ----a-w-    C:\Windows\SysWow64\IntelOpenCL32.dll
2013-03-28 05:04:11    --------    d-----w-    C:\Users\Howard\AppData\Local\The Lord of the Rings Online
2013-03-28 04:12:03    --------    d-----w-    C:\Users\Howard\AppData\Local\Turbine
2013-03-28 04:11:47    --------    d-----w-    C:\Users\Howard\AppData\Local\ApplicationHistory
2013-03-28 00:08:16    --------    d-----w-    C:\Users\Howard\AppData\Roaming\FreeFixer
2013-03-28 00:08:16    --------    d-----w-    C:\Users\Howard\AppData\Local\FreeFixer
2013-03-22 21:56:28    208216    ----a-w-    C:\Windows\System32\drivers\02597645.sys
2013-03-22 14:14:30    279024    ----a-w-    C:\Windows\SysWow64\IntelCpHeciSvc.exe
2013-03-22 14:14:28    515568    ----a-w-    C:\Windows\System32\igfxsrvc.exe
2013-03-22 14:14:28    442352    ----a-w-    C:\Windows\System32\igfxpers.exe
2013-03-22 14:14:28    254960    ----a-w-    C:\Windows\System32\igfxext.exe
2013-03-22 14:14:28    172016    ----a-w-    C:\Windows\System32\igfxtray.exe
2013-03-22 14:14:26    5905904    ----a-w-    C:\Windows\System32\GfxUI.exe
2013-03-22 14:14:26    399856    ----a-w-    C:\Windows\System32\hkcmd.exe
2013-03-22 14:14:26    185840    ----a-w-    C:\Windows\System32\difx64.exe
2013-03-21 02:14:46    --------    d-----w-    C:\Program Files (x86)\PDFCanvas
2013-03-20 23:47:12    --------    d-----w-    C:\ProgramData\Sophos
2013-03-20 23:47:06    73728    ----a-r-    C:\Users\Howard\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-20 23:47:06    73728    ----a-r-    C:\Users\Howard\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-20 23:47:06    73728    ----a-r-    C:\Users\Howard\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-03-20 23:47:01    --------    d-----w-    C:\Program Files (x86)\Sophos
2013-03-20 23:12:14    972264    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67107515-7D2A-4A66-B98D-C69EB64FDFE9}\gapaengine.dll
2013-03-20 18:37:55    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2013-03-20 16:45:19    --------    d-----w-    C:\Program Files (x86)\ESET
2013-03-20 16:33:49    208216    ----a-w-    C:\Windows\System32\drivers\18197339.sys
2013-03-20 01:08:57    --------    d-----w-    C:\ProgramData\Hero Lab Starter Edition
2013-03-20 01:08:57    --------    d-----w-    C:\Program Files (x86)\Hero Lab Starter Edition
2013-03-16 18:02:14    --------    d-----w-    C:\Users\Howard\AppData\Roaming\.technic
2013-03-16 17:12:16    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-16 17:11:08    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-16 03:43:03    --------    d-----w-    C:\Users\Howard\AppData\Roaming\.techniclauncher
.
==================== Find3M  ====================
.
2013-04-12 17:21:38    45056    ----a-w-    C:\Windows\System32\acovcnt.exe
2013-04-02 10:34:28    282744    ------w-    C:\Windows\System32\MpSigStub.exe
2013-03-21 17:18:40    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-21 17:18:40    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-16 17:12:09    963488    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-03-16 17:12:09    1085344    ----a-w-    C:\Windows\System32\npdeployJava1.dll
2013-03-16 17:10:58    861088    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-03-16 17:10:58    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-15 04:16:18    3477280    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17    6398240    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10    877856    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10    76064    ----a-w-    C:\Windows\System32\nv3dappshextr.dll
2013-03-15 04:16:10    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10    2555680    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-03-15 04:16:10    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-03-15 04:16:10    1016096    ----a-w-    C:\Windows\System32\nv3dappshext.dll
2013-03-13 16:24:01    3065455    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-03-12 19:10:52    342528    ----a-w-    C:\Windows\System32\drivers\IntcDAud.sys
2013-03-12 19:10:52    16896    ----a-w-    C:\Windows\System32\IntcDAuC.dll
2013-03-12 19:10:24    116224    ----a-w-    C:\Windows\System32\igfxCoIn_v3062.dll
2013-03-08 23:13:20    12858368    ----a-w-    C:\Windows\System32\igd10umd64.dll
2013-03-08 23:12:10    11175424    ----a-w-    C:\Windows\SysWow64\igd10umd32.dll
2013-03-08 23:10:18    80384    ----a-w-    C:\Windows\System32\igdde64.dll
2013-03-08 23:10:18    5358016    ----a-w-    C:\Windows\System32\drivers\igdkmd64.sys
2013-03-08 23:10:18    12615680    ----a-w-    C:\Windows\System32\igdumd64.dll
2013-03-08 23:10:12    11049472    ----a-w-    C:\Windows\SysWow64\igdumd32.dll
2013-03-08 23:10:10    64512    ----a-w-    C:\Windows\SysWow64\igdde32.dll
2013-03-08 23:08:50    13030912    ----a-w-    C:\Windows\System32\ig4icd64.dll
2013-03-08 23:06:48    931840    ----a-w-    C:\Windows\SysWow64\igfxcmrt32.dll
2013-03-08 23:06:48    575488    ----a-w-    C:\Windows\System32\igfx11cmrt64.dll
2013-03-08 23:06:48    542720    ----a-w-    C:\Windows\SysWow64\igfx11cmrt32.dll
2013-03-08 23:06:48    3511296    ----a-w-    C:\Windows\System32\igfxcmjit64.dll
2013-03-08 23:06:48    3121152    ----a-w-    C:\Windows\SysWow64\igfxcmjit32.dll
2013-03-08 23:06:48    1040384    ----a-w-    C:\Windows\System32\igfxcmrt64.dll
2013-03-06 10:38:36    770384    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2013-03-06 10:38:36    421200    ----a-w-    C:\Windows\SysWow64\msvcp100.dll
2013-02-28 18:16:03    661600    ----a-w-    C:\Windows\SysWow64\xsherlock.xem
2013-02-28 13:57:26    1188864    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-28 13:37:29    981504    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-28 12:03:52    1638912    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-28 11:38:43    1638912    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-01-29 23:15:06    862664    ----a-w-    C:\Windows\SysWow64\msvcr110.dll
2013-01-29 23:15:06    828872    ----a-w-    C:\Windows\System32\msvcr110.dll
2013-01-29 23:15:06    661448    ----a-w-    C:\Windows\System32\msvcp110.dll
2013-01-29 23:15:06    534480    ----a-w-    C:\Windows\SysWow64\msvcp110.dll
2013-01-29 23:15:06    354264    ----a-w-    C:\Windows\System32\vccorlib110.dll
2013-01-29 23:15:06    251864    ----a-w-    C:\Windows\SysWow64\vccorlib110.dll
2013-01-29 23:15:04    50800    ----a-w-    C:\Windows\System32\drivers\point64.sys
2013-01-29 23:15:04    1795952    ----a-w-    C:\Windows\System32\WdfCoInstaller01011.dll
2013-01-24 15:32:08    2177648    ----a-w-    C:\Windows\System32\coin93.dll
2013-01-20 20:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 20:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-13 21:17:03    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02    2560    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42    10752    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31    2560    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18    10752    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07    3584    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22    1988096    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31    293376    ----a-w-    C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00    249856    ----a-w-    C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43    220160    ----a-w-    C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35    1504768    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28    1175552    ----a-w-    C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01    604160    ----a-w-    C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58    207872    ----a-w-    C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17    363008    ----a-w-    C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47    161792    ----a-w-    C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25    1080832    ----a-w-    C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39    333312    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21    296960    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04    245248    ----a-w-    C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33    648192    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
.
============= FINISH: 11:48:29.21 ===============

Securty Check Log:

 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

AdwCleaner Log:

 

# AdwCleaner v2.200 - Logfile created 04/13/2013 at 11:57:09
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Howard - ASUS
# Boot Mode : Normal
# Running from : C:\Users\Howard\Desktop\Malware Scanners\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\prefs.js

C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\user.js ... Deleted !

Deleted : user_pref("CT3176921_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3176921&octid=CT317692[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "express-files Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3176921");
Deleted : user_pref("browser.search.defaultthis.engineName", "express-files Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "express-files Customized Web Search");
Deleted : user_pref("smartbar.machineId", "RJK/NYCKH6+3S/XRXT0OPHHLECRA6K3KATZS8PDLXUTLRPLHQY9DM/NQ5TE7XEGXRFM[...]

*************************

AdwCleaner[S7].txt - [333 octets] - [21/03/2013 12:13:26]
AdwCleaner[S8].txt - [2505 octets] - [13/04/2013 11:57:09]

########## EOF - C:\AdwCleaner[S8].txt - [2565 octets] ##########
 

Hmm, I haven't detected any problems so far. However, just to be sure, I'll post tomorrow on how things go (Edit) or sooner if I have problems.

 

 

 

~~~~~~EDIT~~~~~~~~

 

Okay. I am still getting Google redirects...Problem persists.


Edited by hk101, 13 April 2013 - 11:58 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 PM

Posted 13 April 2013 - 12:38 PM

Open notepad and copy/paste the text in the quote box below into it:
File::
C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\extensions\{0cf97b62-2e39-472f-a3be-7c99477e3800}.xpi

ClearJavaCache::

Firefox::
FF - ExtSQL: 2013-03-16 19:07; {0cf97b62-2e39-472f-a3be-7c99477e3800}; C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\extensions\{0cf97b62-2e39-472f-a3be-7c99477e3800}.xpi
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

p.s. You may be prompted to update ComboFix, please do.

#9 hk101

hk101
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 13 April 2013 - 01:24 PM

Ok, after running the script for ComboFix, I cannot access the internet anymore. I tried doing ipconfig/flushdns and ipconfig/renew but came with no success.

 

Here is the new ComboFix log:

 

ComboFix 13-04-12.02 - Howard 04/13/2013  13:48:32.17.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4007.2211 [GMT -4:00]
Running from: c:\users\Howard\Desktop\ComboFix.exe
Command switches used :: c:\users\Howard\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\extensions\{0cf97b62-2e39-472f-a3be-7c99477e3800}.xpi"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Howard\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-13 to 2013-04-13  )))))))))))))))))))))))))))))))
.
.
2013-04-13 17:59 . 2013-04-13 17:59    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-04-13 17:59 . 2013-04-13 17:59    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-04-13 17:59 . 2013-04-13 17:59    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2013-04-13 17:59 . 2013-04-13 17:59    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-13 16:10 . 2013-03-15 06:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E64EC5B-F709-40DE-A9C7-45FA65C9B356}\mpengine.dll
2013-04-12 17:29 . 2013-03-15 06:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-11 04:26 . 2013-04-11 04:26    --------    d-----w-    c:\users\Howard\AppData\Roaming\Oracle
2013-04-11 02:09 . 2013-04-11 02:09    --------    d-----w-    c:\users\Howard\AppData\Local\Microsoft_Corporation
2013-04-06 16:05 . 2013-04-06 16:05    --------    d-----w-    c:\users\Howard\.thumbnails
2013-04-06 05:19 . 2013-04-06 05:19    --------    d-----w-    c:\users\Howard\AppData\Local\fontconfig
2013-04-06 05:19 . 2013-04-09 17:17    --------    d-----w-    c:\users\Howard\.gimp-2.8
2013-04-06 05:19 . 2013-04-06 05:19    --------    d-----w-    c:\users\Howard\AppData\Local\gegl-0.2
2013-04-05 23:19 . 2013-04-09 04:04    --------    d-----w-    c:\program files (x86)\Pando Networks
2013-04-04 23:20 . 2013-04-04 23:20    --------    d-----w-    c:\users\Howard\AppData\Roaming\NBOS
2013-04-04 22:43 . 2013-04-04 22:44    --------    d-----w-    c:\users\Howard\AppData\Roaming\ExpressFiles
2013-04-02 21:49 . 2013-04-02 21:49    --------    d-----w-    c:\users\Howard\AppData\Local\Adobe
2013-04-02 19:49 . 2013-04-04 02:42    --------    d-----w-    c:\users\Howard\.maptool
2013-04-01 22:18 . 2013-04-01 22:18    --------    d-----w-    c:\users\Howard\AppData\Local\TERA
2013-04-01 21:32 . 2013-04-02 05:00    --------    d-----w-    c:\programdata\HappyCloud
2013-04-01 20:42 . 2013-04-01 20:42    --------    d-----w-    c:\users\Howard\AppData\Roaming\Unity
2013-04-01 20:17 . 2013-04-01 20:17    --------    d-----w-    c:\users\Howard\AppData\Local\Unity
2013-03-28 20:19 . 2013-04-05 20:14    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-28 16:00 . 2013-03-28 16:02    --------    d-----w-    c:\users\Howard\AppData\Local\NVIDIA
2013-03-28 15:42 . 2012-05-15 11:13    144896    ----a-w-    c:\windows\system32\IntelOpenCL64.dll
2013-03-28 15:42 . 2012-05-15 10:20    104448    ----a-w-    c:\windows\SysWow64\IntelOpenCL32.dll
2013-03-28 05:04 . 2013-03-28 05:04    --------    d-----w-    c:\users\Howard\AppData\Local\The Lord of the Rings Online
2013-03-28 04:12 . 2013-04-05 22:40    --------    d-----w-    c:\users\Howard\AppData\Local\Turbine
2013-03-28 04:11 . 2013-04-05 23:12    --------    d-----w-    c:\users\Howard\AppData\Local\ApplicationHistory
2013-03-28 00:08 . 2013-03-28 00:39    --------    d-----w-    c:\users\Howard\AppData\Roaming\FreeFixer
2013-03-28 00:08 . 2013-03-28 00:35    --------    d-----w-    c:\users\Howard\AppData\Local\FreeFixer
2013-03-22 21:56 . 2013-03-22 21:56    208216    ----a-w-    c:\windows\system32\drivers\02597645.sys
2013-03-22 14:14 . 2013-03-22 14:14    279024    ----a-w-    c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-03-22 14:14 . 2013-03-22 14:14    515568    ----a-w-    c:\windows\system32\igfxsrvc.exe
2013-03-22 14:14 . 2013-03-22 14:14    442352    ----a-w-    c:\windows\system32\igfxpers.exe
2013-03-22 14:14 . 2013-03-22 14:14    254960    ----a-w-    c:\windows\system32\igfxext.exe
2013-03-22 14:14 . 2013-03-22 14:14    172016    ----a-w-    c:\windows\system32\igfxtray.exe
2013-03-22 14:14 . 2013-03-22 14:14    5905904    ----a-w-    c:\windows\system32\GfxUI.exe
2013-03-22 14:14 . 2013-03-22 14:14    399856    ----a-w-    c:\windows\system32\hkcmd.exe
2013-03-22 14:14 . 2013-03-22 14:14    185840    ----a-w-    c:\windows\system32\difx64.exe
2013-03-21 02:14 . 2013-03-21 02:15    --------    d-----w-    c:\program files (x86)\PDFCanvas
2013-03-20 23:47 . 2013-03-20 23:47    --------    d-----w-    c:\programdata\Sophos
2013-03-20 23:47 . 2013-03-20 23:47    73728    ----a-r-    c:\users\Howard\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-20 23:47 . 2013-03-20 23:47    73728    ----a-r-    c:\users\Howard\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-20 23:47 . 2013-03-20 23:47    73728    ----a-r-    c:\users\Howard\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-03-20 23:47 . 2013-03-20 23:47    --------    d-----w-    c:\program files (x86)\Sophos
2013-03-20 23:12 . 2012-11-28 17:05    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67107515-7D2A-4A66-B98D-C69EB64FDFE9}\gapaengine.dll
2013-03-20 18:37 . 2013-03-20 18:37    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-03-20 16:45 . 2013-03-20 16:45    --------    d-----w-    c:\program files (x86)\ESET
2013-03-20 16:33 . 2013-03-20 16:33    208216    ----a-w-    c:\windows\system32\drivers\18197339.sys
2013-03-20 01:08 . 2013-04-10 17:09    --------    d-----w-    c:\programdata\Hero Lab Starter Edition
2013-03-20 01:08 . 2013-03-20 01:09    --------    d-----w-    c:\program files (x86)\Hero Lab Starter Edition
2013-03-16 18:02 . 2013-04-10 01:34    --------    d-----w-    c:\users\Howard\AppData\Roaming\.technic
2013-03-16 17:12 . 2013-03-16 17:12    310688    ----a-w-    c:\windows\system32\javaws.exe
2013-03-16 17:12 . 2013-03-16 17:12    108448    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-16 17:12 . 2013-03-16 17:12    188832    ----a-w-    c:\windows\system32\javaw.exe
2013-03-16 17:12 . 2013-03-16 17:12    188320    ----a-w-    c:\windows\system32\java.exe
2013-03-16 17:12 . 2013-03-16 17:12    --------    d-----w-    c:\program files\Java
2013-03-16 17:11 . 2013-03-16 17:11    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-03-16 17:11 . 2013-03-16 17:11    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-16 17:10 . 2013-03-16 17:10    --------    d-----w-    c:\program files (x86)\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-13 15:59 . 2011-05-29 06:13    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2013-04-02 10:34 . 2011-05-29 06:23    282744    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-21 17:18 . 2012-03-30 01:35    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-21 17:18 . 2011-08-04 23:10    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-16 17:12 . 2012-03-31 15:51    1085344    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-16 17:12 . 2012-03-02 05:32    963488    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-16 17:10 . 2012-07-02 13:57    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-16 17:10 . 2011-12-23 05:28    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-15 05:53 . 2011-04-27 12:25    1118776    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2011-04-27 12:25    2864144    ----a-w-    c:\windows\system32\nvapi64.dll
2013-03-15 04:16 . 2010-12-05 10:12    3477280    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2010-12-05 10:13    6398240    ----a-w-    c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2010-12-05 10:13    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-03-15 04:16 . 2010-12-05 10:13    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2010-12-05 10:13    76064    ----a-w-    c:\windows\system32\nv3dappshextr.dll
2013-03-15 04:16 . 2010-12-05 10:13    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2010-12-05 10:13    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2010-12-05 10:13    1016096    ----a-w-    c:\windows\system32\nv3dappshext.dll
2013-03-13 16:24 . 2010-12-05 10:13    3065455    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-03-12 23:16 . 2011-05-31 07:17    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-12 19:10 . 2013-03-12 19:10    342528    ----a-w-    c:\windows\system32\drivers\IntcDAud.sys
2013-03-12 19:10 . 2013-03-12 19:10    16896    ----a-w-    c:\windows\system32\IntcDAuC.dll
2013-03-12 19:10 . 2013-03-12 19:10    116224    ----a-w-    c:\windows\system32\igfxCoIn_v3062.dll
2013-03-08 23:13 . 2010-11-28 13:11    12858368    ----a-w-    c:\windows\system32\igd10umd64.dll
2013-03-08 23:12 . 2013-03-08 23:12    11175424    ----a-w-    c:\windows\SysWow64\igd10umd32.dll
2013-03-08 23:10 . 2013-03-08 23:10    80384    ----a-w-    c:\windows\system32\igdde64.dll
2013-03-08 23:10 . 2013-03-08 23:10    5358016    ----a-w-    c:\windows\system32\drivers\igdkmd64.sys
2013-03-08 23:10 . 2013-03-08 23:10    12615680    ----a-w-    c:\windows\system32\igdumd64.dll
2013-03-08 23:10 . 2013-03-08 23:10    11049472    ----a-w-    c:\windows\SysWow64\igdumd32.dll
2013-03-08 23:10 . 2013-03-08 23:10    64512    ----a-w-    c:\windows\SysWow64\igdde32.dll
2013-03-08 23:09 . 2013-03-08 23:09    439808    ----a-w-    c:\windows\system32\igfxrfra.lrc
2013-03-08 23:09 . 2013-03-08 23:09    439296    ----a-w-    c:\windows\system32\igfxrrus.lrc
2013-03-08 23:09 . 2013-03-08 23:09    439296    ----a-w-    c:\windows\system32\igfxrrom.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrsky.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrptg.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrplk.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrnld.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrita.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrhrv.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438272    ----a-w-    c:\windows\system32\igfxrhun.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437760    ----a-w-    c:\windows\system32\igfxrtrk.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437760    ----a-w-    c:\windows\system32\igfxrsve.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437760    ----a-w-    c:\windows\system32\igfxrslv.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437760    ----a-w-    c:\windows\system32\igfxrptb.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437760    ----a-w-    c:\windows\system32\igfxrnor.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437248    ----a-w-    c:\windows\system32\igfxrtha.lrc
2013-03-08 23:09 . 2013-03-08 23:09    435712    ----a-w-    c:\windows\system32\igfxrheb.lrc
2013-03-08 23:09 . 2013-03-08 23:09    432128    ----a-w-    c:\windows\system32\igfxrjpn.lrc
2013-03-08 23:09 . 2013-03-08 23:09    431104    ----a-w-    c:\windows\system32\igfxrkor.lrc
2013-03-08 23:09 . 2010-11-28 12:45    64000    ----a-w-    c:\windows\system32\igfxsrvc.dll
2013-03-08 23:09 . 2010-11-28 12:44    9007616    ----a-w-    c:\windows\system32\igfxress.dll
2013-03-08 23:09 . 2013-03-08 23:09    9728    ----a-w-    c:\windows\system32\IGFXDEVLib.dll
2013-03-08 23:09 . 2013-03-08 23:09    442880    ----a-w-    c:\windows\system32\igfxdev.dll
2013-03-08 23:09 . 2013-03-08 23:09    440320    ----a-w-    c:\windows\system32\igfxrell.lrc
2013-03-08 23:09 . 2013-03-08 23:09    439808    ----a-w-    c:\windows\system32\igfxresn.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438784    ----a-w-    c:\windows\system32\igfxrdeu.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438272    ----a-w-    c:\windows\system32\igfxrfin.lrc
2013-03-08 23:09 . 2013-03-08 23:09    438272    ----a-w-    c:\windows\system32\igfxrcsy.lrc
2013-03-08 23:09 . 2013-03-08 23:09    437248    ----a-w-    c:\windows\system32\igfxrdan.lrc
2013-03-08 23:09 . 2013-03-08 23:09    435712    ----a-w-    c:\windows\system32\igfxrara.lrc
2013-03-08 23:09 . 2013-03-08 23:09    429056    ----a-w-    c:\windows\system32\igfxrcht.lrc
2013-03-08 23:09 . 2013-03-08 23:09    428544    ----a-w-    c:\windows\system32\igfxrchs.lrc
2013-03-08 23:09 . 2013-03-08 23:09    410624    ----a-w-    c:\windows\system32\igfxTMM.dll
2013-03-08 23:09 . 2013-03-08 23:09    384512    ----a-w-    c:\windows\system32\igfxpph.dll
2013-03-08 23:09 . 2013-03-08 23:09    28672    ----a-w-    c:\windows\system32\igfxexps.dll
2013-03-08 23:09 . 2013-03-08 23:09    286208    ----a-w-    c:\windows\system32\igfxrenu.lrc
2013-03-08 23:09 . 2013-03-08 23:09    175104    ----a-w-    c:\windows\system32\gfxSrvc.dll
2013-03-08 23:09 . 2013-03-08 23:09    142336    ----a-w-    c:\windows\system32\igfxdo.dll
2013-03-08 23:09 . 2013-03-08 23:09    126976    ----a-w-    c:\windows\system32\igfxcpl.cpl
2013-03-08 23:09 . 2010-11-28 12:45    110592    ----a-w-    c:\windows\system32\hccutils.dll
2013-03-08 23:09 . 2013-03-08 23:09    330752    ----a-w-    c:\windows\SysWow64\igfxdv32.dll
2013-03-08 23:09 . 2013-03-08 23:09    25088    ----a-w-    c:\windows\SysWow64\igfxexps32.dll
2013-03-08 23:09 . 2013-03-08 23:09    10811904    ----a-w-    c:\windows\SysWow64\ig4icd32.dll
2013-03-08 23:08 . 2013-03-08 23:08    13030912    ----a-w-    c:\windows\system32\ig4icd64.dll
2013-03-08 23:06 . 2013-03-08 23:06    931840    ----a-w-    c:\windows\SysWow64\igfxcmrt32.dll
2013-03-08 23:06 . 2013-03-08 23:06    575488    ----a-w-    c:\windows\system32\igfx11cmrt64.dll
2013-03-08 23:06 . 2013-03-08 23:06    542720    ----a-w-    c:\windows\SysWow64\igfx11cmrt32.dll
2013-03-08 23:06 . 2013-03-08 23:06    3511296    ----a-w-    c:\windows\system32\igfxcmjit64.dll
2013-03-08 23:06 . 2013-03-08 23:06    3121152    ----a-w-    c:\windows\SysWow64\igfxcmjit32.dll
2013-03-08 23:06 . 2013-03-08 23:06    1040384    ----a-w-    c:\windows\system32\igfxcmrt64.dll
2013-03-06 10:38 . 2011-06-11 06:58    770384    ----a-w-    c:\windows\SysWow64\msvcr100.dll
2013-03-06 10:38 . 2011-06-11 06:58    421200    ----a-w-    c:\windows\SysWow64\msvcp100.dll
2013-02-28 18:16 . 2012-06-30 20:26    661600    ----a-w-    c:\windows\SysWow64\xsherlock.xem
2013-02-28 13:57 . 2013-03-12 23:09    1188864    ----a-w-    c:\windows\system32\wininet.dll
2013-02-28 13:57 . 2013-03-12 23:09    1493504    ----a-w-    c:\windows\system32\urlmon.dll
2013-02-28 13:57 . 2013-03-12 23:09    134144    ----a-w-    c:\windows\system32\url.dll
2013-02-28 13:57 . 2013-03-12 23:09    9061376    ----a-w-    c:\windows\system32\mshtml.dll
2013-02-28 13:57 . 2013-03-12 23:09    735744    ----a-w-    c:\windows\system32\msfeeds.dll
2013-02-28 13:57 . 2013-03-12 23:09    97792    ----a-w-    c:\windows\system32\mshtmled.dll
2013-02-28 13:57 . 2013-03-12 23:09    12296192    ----a-w-    c:\windows\system32\ieframe.dll
2013-02-28 13:57 . 2013-03-12 23:09    2458112    ----a-w-    c:\windows\system32\iertutil.dll
2013-02-28 13:57 . 2013-03-12 23:09    247808    ----a-w-    c:\windows\system32\ieui.dll
2013-02-28 13:57 . 2013-03-12 23:09    65024    ----a-w-    c:\windows\system32\jsproxy.dll
2013-02-28 13:37 . 2013-03-12 23:09    981504    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-02-28 12:03 . 2013-03-12 23:09    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2013-02-28 11:38 . 2013-03-12 23:09    1638912    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-02-12 05:45 . 2013-03-12 23:07    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 23:07    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 23:07    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-12 23:07    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Howard\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-26 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-26 298144]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-26 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-26 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-26 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-24 283136]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 dump_wmimmc;dump_wmimmc;d:\games\Lineage 2\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [2010-03-08 121800]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [2010-03-08 121800]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 sj;sj;d:\games\AeriaGames\EdenEternal\sjcs64.sys [2012-04-07 47224]
R3 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-11-28 548264]
R3 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-10-17 386920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-29 1255736]
R3 X6va005;X6va005;c:\users\Howard\AppData\Local\Temp\005846B.tmp [x]
R3 X6va006;X6va006;c:\users\Howard\AppData\Local\Temp\006BD92.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-11 279616]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-26 28832]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2012-11-08 249584]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2012-11-08 77040]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 342528]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-27 349800]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - ExtSQL: 2013-03-16 19:07; {0cf97b62-2e39-472f-a3be-7c99477e3800}; c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\extensions\{0cf97b62-2e39-472f-a3be-7c99477e3800}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Alganon2.7.0.2510 - c:\windows\Alganon\uninstall.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-Future Pinball_is1 - c:\games\Future Pinball\unins000.exe
AddRemove-HTC_WModemDriver - c:\program files (x86)\HTC\WModem_Installer\WModemDriver.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Howard\AppData\Local\Temp\005846B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Howard\AppData\Local\Temp\006BD92.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3284081118-1442337820-2178939503-1002\Software\SecuROM\License information*]
"datasecu"=hex:3c,5d,81,72,ee,86,a5,b4,2a,a8,bf,29,b9,02,a8,c6,c2,ca,b9,d5,59,
   e7,be,d4,58,c6,3a,c7,85,58,38,1f,08,b0,00,1b,5c,19,16,7e,e6,b8,97,48,41,39,\
"rkeysecu"=hex:33,e0,c3,8b,4c,6a,dd,4c,1c,07,24,63,51,38,5e,8e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-13  14:03:16
ComboFix-quarantined-files.txt  2013-04-13 18:03
ComboFix2.txt  2013-04-12 17:27
ComboFix3.txt  2013-04-03 22:24
ComboFix4.txt  2013-04-03 21:57
.
Pre-Run: 13,111,771,136 bytes free
Post-Run: 13,919,203,328 bytes free
.
- - End Of File - - F739ADDE7A3688C68033219D719AAD01
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 PM

Posted 14 April 2013 - 07:39 AM


Did you include a space in your intructions.
Try this.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

#11 hk101

hk101
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 14 April 2013 - 04:02 PM

Yeah, I flushed the dns and got the internet working again.

 

EDIT: I am still having redirects...(Just got redirected to suit-search.ne and hxxp://js.kidsplaysite.com)


Edited by thisisu, 16 April 2013 - 07:34 PM.
break links


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 PM

Posted 15 April 2013 - 08:07 AM

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop, DO NOT ATTACH THE LOG.

#13 hk101

hk101
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 15 April 2013 - 09:19 AM

RogueKiller Log:

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Howard [Admin rights]
Mode : Scan -- Date : 04/15/2013 10:19:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 98b2113ef826f5b18be4789def9be224
[BSP] 3d08166b18bfc7a96b227f534e974f6f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289251328 | Size: 335703 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04152013_02d1019.txt >>
RKreport[1]_S_04152013_02d1019.txt


 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 PM

Posted 15 April 2013 - 12:48 PM

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these item below and uncheck the rest: (if found)

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


Now click Delete on the right hand column under Options

Post back the report which should be located on your desktop.
===

Boot the computer to safe mode.

How to boot to Safe Mode, Vista - Windows 7
http://www.computerhope.com/issues/chsafe.htm#03

Delete the file in bold.
C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\dtj9zbld.default\extensions\{0cf97b62-2e39-472f-a3be-7c99477e3800}.xpi

Restart the computer normally.

Run the Combofix one more time and post the log.
You may be asked to update, please do.

How is it now?

#15 hk101

hk101
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2013 - 03:10 PM

After running Delete, I get a notification telling me to reboot my computer to turn on User Acount Control. (I do not want UAC, I want it disabled as before.) I will run ComboFix, log will be in next post.

 

Rogue Killer Report Log:

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Howard [Admin rights]
Mode : Remove -- Date : 04/16/2013 16:07:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 98b2113ef826f5b18be4789def9be224
[BSP] 3d08166b18bfc7a96b227f534e974f6f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289251328 | Size: 335703 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_04162013_02d1607.txt >>
RKreport[1]_S_04152013_02d1019.txt ; RKreport[2]_S_04162013_02d1605.txt ; RKreport[3]_D_04162013_02d1607.txt


 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users