Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit removal help!!!!


  • This topic is locked This topic is locked
16 replies to this topic

#1 Guieto1983

Guieto1983

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 17 April 2013 - 10:17 AM

I have noticed recent activity on my pc involving slower pc performance.  I have ran multiple scans including Spybot, aswMBR, Combofix, Catchme, GMER, and others.  I have detected NTLDLL changes with catchme.  Can you please send me an email or help whenever possible.  
 
Derek

Edited by nasdaq, 17 April 2013 - 01:19 PM.
email address removed. Never post you E-mail address in a forum unless you want to be spammed.


BC AdBot (Login to Remove)

 


#2 Guieto1983

Guieto1983
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 17 April 2013 - 10:06 PM

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

 

This was a recent scan from catchme.exe, and it said it couldn't run deep disk scan; unable to find c:\



#3 Guieto1983

Guieto1983
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 19 April 2013 - 09:57 PM

I'm currently using Windows 7 Home Premium; a AMD Athlon Quad-Core Processor with 4 Gb RAM, 1TB Samsung ATA Hardrive, Gigabyte Motherboard, Nvidia GeForce GT 240 video card, and any other information can be supplied if anyone is willing to help.  Thank you very much!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 20 April 2013 - 08:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • Please paste the logs in your next reply DO NOT ATTACH THEM.
    ===

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

    Let me know what problem persists.
  • [/list]


#5 Guieto1983

Guieto1983
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 20 April 2013 - 06:26 PM

ComboFix 13-04-20.02 - Owner 04/20/2013  19:11:01.6.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2433 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-20 to 2013-04-20  )))))))))))))))))))))))))))))))
.
.
2013-04-20 18:07 . 2013-04-20 18:09 -------- d-----w- c:\users\Owner\AppData\Roaming\WSOP-USA.com
2013-04-20 18:07 . 2013-04-20 18:08 -------- d-----w- c:\program files (x86)\WSOP-USA.com
2013-04-20 18:07 . 2013-04-20 18:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 18:07 . 2013-04-20 18:07 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-20 04:05 . 2013-04-20 04:05 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-20 04:05 . 2013-04-20 04:05 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-20 04:05 . 2013-04-20 04:05 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-04-20 04:05 . 2013-04-20 04:05 -------- d-----w- c:\program files (x86)\PeanutGallery
2013-04-19 18:07 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3065C6C-3163-46BE-9B02-2A48B4490600}\mpengine.dll
2013-04-17 12:58 . 2013-04-17 12:58 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2013-04-17 12:56 . 2013-04-17 12:56 -------- d-----w- c:\program files (x86)\EMET
2013-04-14 22:14 . 2013-04-14 22:14 -------- d-----w- c:\program files (x86)\Maxis
2013-04-14 06:55 . 2013-04-14 06:55 -------- d-----w- c:\program files (x86)\Google
2013-04-13 16:26 . 2013-04-13 16:26 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-04-13 08:54 . 2013-04-13 08:54 -------- d-----w- c:\program files (x86)\softendo.com
2013-04-13 08:52 . 2013-04-18 23:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Rovio
2013-04-13 04:35 . 2013-04-13 04:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Pogo
2013-04-13 04:35 . 2013-04-13 04:35 -------- d-----w- c:\programdata\Pogo
2013-04-13 04:32 . 2013-04-13 04:32 -------- d-----w- c:\program files (x86)\Foxy Games
2013-04-13 04:32 . 2013-04-13 04:32 -------- d-----w- C:\Downloads
2013-04-13 04:30 . 2013-04-18 23:48 -------- d-----w- c:\program files (x86)\Rovio
2013-04-12 02:46 . 2013-04-12 02:48 -------- d-----w- C:\Games
2013-04-12 02:41 . 2013-04-12 02:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-12 02:40 . 2013-04-12 02:40 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-12 02:40 . 2013-04-12 02:40 -------- d-----w- c:\program files (x86)\Java
2013-04-12 02:34 . 2013-04-12 02:48 -------- d--h--w- c:\windows\msdownld.tmp
2013-04-09 21:10 . 2013-04-09 21:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-04-09 21:10 . 2013-04-09 21:10 -------- d-----w- c:\users\Default
2013-04-09 18:43 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 18:43 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-09 18:43 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-09 18:43 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-09 18:43 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-09 18:43 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-09 18:43 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-09 18:43 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-09 18:43 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-09 00:54 . 2013-04-17 12:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-08 21:21 . 2013-04-17 12:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-04-08 04:07 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-04-08 04:07 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-04-08 04:07 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-04-08 04:07 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-04-08 04:07 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-04-08 04:06 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-08 04:06 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-08 04:06 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-08 04:06 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-08 04:06 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-04-08 04:06 . 2013-04-08 04:06 -------- d-----w- c:\program files\AVAST Software
2013-04-08 04:03 . 2013-04-08 04:06 -------- d-----w- c:\programdata\AVAST Software
2013-04-07 01:12 . 2013-04-07 01:18 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
2013-04-06 14:30 . 2013-04-06 14:30 -------- d-----w- c:\programdata\Sophos
2013-04-06 09:48 . 2013-04-06 09:48 -------- d-----w- c:\programdata\Symantec
2013-04-06 09:48 . 2013-04-06 09:48 -------- d-----w- c:\windows\system32\drivers\NSSx64
2013-04-06 09:48 . 2013-04-06 09:48 -------- d-----w- c:\programdata\Norton
2013-04-06 04:12 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-04-06 04:12 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-06 04:12 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-06 04:12 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-04-06 04:12 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-06 04:11 . 2013-03-15 05:53 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-04-06 04:11 . 2013-03-15 05:53 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-04-03 21:36 . 2013-04-03 22:05 -------- d-----w- c:\users\Owner\AppData\Roaming\Solvusoft
2013-04-03 21:36 . 2012-02-08 14:29 18760 ----a-w- c:\windows\system32\roboot64.exe
2013-04-03 16:52 . 2013-04-03 16:52 -------- d-----w- c:\programdata\Webroot
2013-04-03 13:09 . 2007-01-24 19:27 393576 ----a-w- c:\windows\system32\xactengine2_6.dll
2013-04-03 13:03 . 2013-04-03 13:03 -------- d-----w- c:\program files (x86)\Activision Value
2013-04-02 09:07 . 2013-04-20 11:59 -------- d-----w- c:\program files (x86)\Advanced PC Tweaker
2013-03-31 17:30 . 2013-03-31 17:30 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2013-03-31 17:29 . 2013-03-31 17:29 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-31 17:05 . 2009-02-05 14:53 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-03-31 17:02 . 2013-03-31 17:02 -------- d--h--w- c:\program files (x86)\Temp
2013-03-31 15:39 . 2013-04-05 20:45 -------- d-----w- c:\users\Owner\AppData\Local\Diagnostics
2013-03-31 12:32 . 2013-03-31 12:32 -------- d-----w- c:\programdata\Malwarebytes
2013-03-31 00:31 . 2013-04-01 23:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Systweak
2013-03-30 09:49 . 2013-03-30 09:49 -------- d-----w- c:\users\Owner\AppData\Roaming\GameTuts
2013-03-30 09:49 . 2013-03-30 09:49 -------- d-----w- c:\users\Owner\AppData\Local\GameTuts
2013-03-29 23:56 . 2013-03-29 23:56 -------- d-----w- c:\programdata\Trymedia
2013-03-29 23:52 . 2013-04-09 04:03 -------- d-----w- c:\programdata\NVIDIA
2013-03-29 23:32 . 2010-02-04 14:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2013-03-29 23:32 . 2010-02-04 14:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2013-03-29 23:32 . 2010-02-04 14:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2013-03-29 23:32 . 2010-02-04 14:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2013-03-29 23:32 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2013-03-29 23:32 . 2007-04-04 22:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2013-03-29 22:40 . 2013-03-29 23:04 -------- d-----w- c:\programdata\PopCap Games
2013-03-28 22:00 . 2013-03-28 22:00 -------- d-----w- c:\users\Owner\AppData\Local\IsolatedStorage
2013-03-24 02:29 . 2013-04-18 03:01 -------- d-----w- c:\windows\debug
2013-03-24 02:26 . 2013-04-17 13:13 -------- d-----w- c:\users\Owner\SecurityScans
2013-03-24 01:10 . 2013-03-24 01:10 -------- d-----w- c:\users\Owner\AppData\Roaming\liQeNSoft
2013-03-24 00:38 . 2013-03-24 00:38 -------- d-----w- c:\programdata\BDLogging
2013-03-24 00:38 . 2007-04-11 14:11 511328 ----a-w- c:\windows\capicom.dll
2013-03-24 00:34 . 2013-04-06 11:06 -------- d-----w- c:\users\Owner\AppData\Local\liQeNSoft
2013-03-23 15:55 . 2013-03-23 15:55 -------- d-----w- c:\program files (x86)\Belarc
2013-03-23 14:57 . 2013-03-23 14:57 65736 ------w- c:\windows\system32\drivers\pxrts.sys
2013-03-23 07:15 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{883FDED6-7EEF-4885-8894-FF1C0A2C1C46}\mpengine.dll
2013-03-22 06:25 . 2010-11-20 12:19 296448 ----a-w- c:\windows\SysWow64\mfds.dll.bak
2013-03-22 06:25 . 2013-03-22 06:25 -------- d-----w- c:\users\Owner\AppData\Roaming\Win7codecs
2013-03-22 06:25 . 2013-03-22 06:25 -------- d-----w- c:\program files (x86)\Win7codecs
2013-03-22 06:23 . 2013-03-22 06:25 -------- d-----w- c:\programdata\Win7codecs
2013-03-22 06:15 . 2013-03-22 06:16 -------- d-----w- c:\programdata\PMS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 02:40 . 2013-03-06 01:06 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-12 02:40 . 2010-12-29 18:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-01 23:58 . 2010-12-29 19:34 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-31 08:52 . 2013-02-23 06:05 1656 ----a-w- c:\windows\system32\ASOROSet.bin
2013-03-24 02:10 . 2013-03-03 05:52 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-24 02:10 . 2013-03-03 05:52 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-18 15:00 . 2013-03-18 15:00 1566720 ----a-w- c:\windows\SysWow64\VSFilter.dll
2013-03-12 05:10 . 2010-12-29 18:42 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-27 12:57 . 2013-02-27 12:57 4283392 ----a-w- c:\windows\SysWow64\x264vfw.dll
2013-02-26 12:34 . 2013-02-08 02:02 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2013-02-26 12:34 . 2013-02-08 02:02 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2013-02-26 07:45 . 2012-05-02 01:28 164880 ---ha-w- c:\users\Owner\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2013-02-26 06:28 . 2013-02-26 06:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-26 06:28 . 2012-08-31 21:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-26 06:28 . 2012-08-31 21:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-26 06:28 . 2011-09-09 09:52 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-26 05:32 . 2013-02-26 05:32 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-26 05:32 . 2013-02-26 05:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-18 14:22 . 2013-02-18 14:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2013-02-18 14:22 . 2013-02-18 14:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 14:22 . 2013-02-18 14:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-17 20:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-17 20:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-17 20:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-17 20:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-17 20:05 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-17 20:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-19 18:30 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:25 . 2013-03-05 06:23 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-03-05 06:23 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll
2013-02-05 22:53 . 2013-03-03 08:50 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2013-02-05 22:52 . 2013-02-05 22:52 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2013-02-05 22:52 . 2013-02-05 22:52 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2013-02-05 22:52 . 2013-02-05 22:52 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2013-02-05 22:52 . 2013-02-05 22:52 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2013-02-05 22:52 . 2013-02-05 22:52 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2013-02-05 22:52 . 2013-02-05 22:52 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2013-02-05 22:52 . 2013-02-05 22:52 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2013-02-05 22:52 . 2013-02-05 22:52 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2013-02-05 22:52 . 2013-02-05 22:52 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2013-02-05 22:52 . 2013-02-05 22:52 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2013-02-05 22:52 . 2013-02-05 22:52 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2013-02-05 22:52 . 2013-02-05 22:52 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2013-02-05 22:52 . 2013-02-05 22:52 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2013-02-05 22:52 . 2013-02-05 22:52 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2013-02-05 22:52 . 2013-02-05 22:52 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2013-02-05 22:52 . 2013-02-05 22:52 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2013-02-05 22:52 . 2013-02-05 22:52 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2013-02-05 22:52 . 2013-02-05 22:52 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2013-02-05 22:52 . 2013-02-05 22:52 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2013-02-05 22:52 . 2013-02-05 22:52 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2013-02-05 22:52 . 2013-02-05 22:52 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2013-02-05 22:52 . 2013-02-05 22:52 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2013-02-05 22:52 . 2013-02-05 22:52 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2013-02-05 22:52 . 2013-02-05 22:52 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2013-02-05 22:52 . 2013-02-05 22:52 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *bddel.exe\0afeBox\0??¿???\0?\0?\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 90883072;90883072;c:\windows\system32\drivers\91567941.sys [x]
R0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R3 aswVmm;aswVmm; [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-09-23 144496]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-10-12 131552]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [2011-06-11 10112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1255736]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2013-03-23 65736]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-14 06:55 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-20 18:07]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14 06:55]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14 06:55]
.
2013-04-17 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2013-04-02 23:18]
.
2013-04-19 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-04-20 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:06]
.
2012-07-20 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:06]
.
2013-03-31 c:\windows\Tasks\User_Feed_Synchronization-{1DC01F9B-BAC8-4E7C-9FD8-6299800535C1}.job
- c:\windows\system32\msfeedssync.exe [2011-05-28 01:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4BA099BA-FF5D-41C8-A262-D6A8303E1E49} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKCU-Run-OfficeSyncProcess - c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\05\1e\01,\"?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-20  19:19:07
ComboFix-quarantined-files.txt  2013-04-20 23:19
.
Pre-Run: 528,196,972,544 bytes free
Post-Run: 528,213,852,160 bytes free
.
- - End Of File - - 51CF625944FF64BD36A88447178DB102
 

 

 

 

 

 

 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 4 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
avast! Antivirus                
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 17  
 Adobe Reader XI  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastUI.exe  
 AVAST Software Avast AvastSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#6 Guieto1983

Guieto1983
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 20 April 2013 - 06:37 PM

# AdwCleaner v2.200 - Logfile created 04/20/2013 at 19:27:49
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC56456
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\END
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttigjai9.default\searchplugins\claro.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttigjai9.default\searchplugins\mywebsearch.xml
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttigjai9.default\extensions\crossriderapp21058@crossrider.com
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttigjai9.default\extensions\ffxtlbr@claro.com
Folder Deleted : C:\Users\Owner\AppData\Roaming\OpenCandy
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKCU\Software\52e8adebd68e941
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v [Unable to get version]
 
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttigjai9.default\prefs.js
 
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttigjai9.default\user.js ... Deleted !
 
Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "26-1-2011");
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Tue Jan 25 2011 18:05:59 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 11);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Jan 25 2011 18:06:00 GMT-0500 (Eastern St[...]
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Jan 25 2011 18:06:00 GMT-0500 (Eastern St[...]
Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "9-1-2011");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2504091.InstalledDate", "Sun Jan 09 2011 04:53:29 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Jan 25 2011 18:06:01 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_2.7.2.0", "Tue Jan 25 2011 18:06:00 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2504091.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.LoginCache", 4);
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Jan 25 2011 18:05:59 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Tue Jan 25 2011 18:05:59 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1292441626");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sun Jan 09 2011 04:53:28 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2504091.UserID", "UN71926455767273069");
Deleted : user_pref("CT2504091.ValidationData_Search", 1);
Deleted : user_pref("CT2504091.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.clientLogIsEnabled", true);
Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.2282] : homepage = "hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=98d79d500000000000006c[...]
 
*************************
 
AdwCleaner[S1].txt - [14960 octets] - [20/04/2013 19:27:49]
 
########## EOF - C:\AdwCleaner[S1].txt - [15021 octets] ##########


#7 Guieto1983

Guieto1983
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 20 April 2013 - 06:57 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2010 1:18:09 PM
System Uptime: 4/20/2013 7:31:12 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | M68MT-D3
Processor: AMD Athlon™ II X4 630 Processor | Socket M2 | 2800/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 492.13 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 0 GiB total, 0.05 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP9: 4/2/2013 7:48:47 PM - Initial restore point
RP10: 4/3/2013 9:08:30 AM - Installed DirectX
RP11: 4/3/2013 11:08:39 AM - Removed Microsoft Baseline Security Analyzer 2.2
RP12: 4/3/2013 11:53:26 AM - Restore Operation
RP13: 4/4/2013 7:25:04 PM - Windows Update
RP14: 4/4/2013 8:27:15 PM - Windows Update
RP15: 4/5/2013 11:33:21 PM - Windows Update
RP16: 4/5/2013 11:39:13 PM - Windows Update
RP17: 4/6/2013 12:14:06 AM - Windows Update
RP18: 4/6/2013 1:12:48 AM - Removed NVIDIA ForceWare Network Access Manager
RP19: 4/6/2013 9:50:49 AM - Installed Sophos Virus Removal Tool.
RP21: 4/6/2013 10:39:08 PM - Removed Sophos Virus Removal Tool.
RP22: 4/6/2013 10:40:20 PM - Removed Sophos Virus Removal Tool.
RP23: 4/6/2013 11:18:51 PM - Installed Windows 7 USB/DVD Download Tool
RP24: 4/7/2013 12:24:11 AM - Installed Windows 7 USB/DVD Download Tool
RP25: 4/9/2013 5:09:28 PM - Windows Update
RP26: 4/11/2013 10:18:38 PM - Removed Windows 7 USB/DVD Download Tool
RP27: 4/11/2013 10:19:28 PM - Removed Java 7 Update 17
RP28: 4/11/2013 10:20:51 PM - Removed Java 7 Update 17
RP29: 4/11/2013 10:26:51 PM - Installed DirectX
RP30: 4/11/2013 10:40:13 PM - Installed Java 7 Update 17
RP31: 4/12/2013 8:08:53 PM - Windows Update
RP32: 4/16/2013 7:22:50 AM - Windows Update
RP33: 4/17/2013 8:55:43 AM - Installed EMET
RP34: 4/17/2013 8:58:25 AM - Installed Microsoft Baseline Security Analyzer 2.2
RP35: 4/19/2013 2:06:18 PM - Windows Update
RP36: 4/20/2013 12:05:15 AM - Installed Sophos Virus Removal Tool.
RP37: 4/20/2013 6:43:06 PM - Removed Microsoft Office Professional Plus 2010
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
Angry Birds
Angry Birds Rio
avast! Free Antivirus
CCleaner
EMET
Google Chrome
Google Update Helper
Infineon USB driver 1.0.0.6
Java 7 Update 17
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Baseline Security Analyzer 2.2
Microsoft Software Update for Web Folders  (English) 14
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Monopoly City
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 314.22
NVIDIA Control Panel 314.22
NVIDIA Drivers
NVIDIA Graphics Driver 314.22
NVIDIA Install Application
NVIDIA PhysX
PeerBlock 1.1 (r518)
PowerISO
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SimCity 4 Deluxe
Sophos Virus Removal Tool
Super Mario 3 : Mario Forever
TeamExtreme Minecraft Installer 1.3.2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
USB Flash Port Driver
Win7codecs
WinRAR 4.20 (64-bit)
World Series of Poker 2008: Battle for the Bracelets
WSOP-USA.com
.
==== Event Viewer Messages From Past Week ========
.
90883072 gzflt
90883072 gzflt
90883072 gzflt
90883072 gzflt
90883072 gzflt
90883072 gzflt
90883072 gzflt
90883072 gzflt
90883072 gzflt
90883072 gzflt
90883072 gzflt
90883072 aswSnx aswSP aswTdi discache gzflt MpFilter pxrts SCDEmu spldr Wanarpv6
90883072 AFD aswRdr aswSnx aswSP aswTdi DfsC discache gzflt MpFilter NetBIOS NetBT nsiproxy Psched pxrts rdbss SASDIFSV SASKUTIL SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
4/20/2013 7:32:01 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load: 
4/20/2013 7:31:55 PM, Error: Service Control Manager [7001]  - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/20/2013 7:31:54 PM, Error: Service Control Manager [7000]  - The IHA_MessageCenter service failed to start due to the following error:  The system cannot find the file specified.
4/20/2013 7:31:47 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.
4/20/2013 7:31:47 PM, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/20/2013 7:17:11 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
4/20/2013 12:07:40 AM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/20/2013 12:07:26 AM, Error: Service Control Manager [7034]  - The Sophos Virus Removal Tool service terminated unexpectedly.  It has done this 1 time(s).
4/17/2013 8:27:21 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
4/17/2013 8:10:00 AM, Error: Service Control Manager [7034]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).
4/17/2013 7:35:17 PM, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
4/17/2013 10:42:09 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
4/17/2013 10:36:45 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/17/2013 10:32:26 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
4/17/2013 10:13:16 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
4/17/2013 10:11:49 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/17/2013 10:11:49 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/17/2013 10:11:44 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/17/2013 10:11:44 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/17/2013 10:11:40 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/17/2013 10:11:40 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/17/2013 10:11:38 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/17/2013 10:11:15 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
4/17/2013 10:11:15 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/17/2013 10:11:15 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/17/2013 10:11:15 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/17/2013 10:11:15 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/17/2013 10:11:15 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/17/2013 10:11:14 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/17/2013 10:11:14 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/17/2013 10:11:14 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
4/17/2013 10:11:14 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/17/2013 10:11:14 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/17/2013 10:11:14 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
4/17/2013 10:05:42 AM, Error: Application Popup [1060]  - \??\C:\Users\Owner\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/16/2013 8:38:35 PM, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The system cannot find the file specified.
4/14/2013 12:51:50 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
4/14/2013 12:40:18 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
4/14/2013 12:32:05 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/13/2013 9:11:37 PM, Error: Service Control Manager [7034]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 4 time(s).
4/13/2013 7:58:51 PM, Error: Service Control Manager [7034]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 3 time(s).
4/13/2013 10:29:08 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error:  An instance of the service is already running.
.
==== End Of File ===========================


#8 Guieto1983

Guieto1983
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 20 April 2013 - 07:02 PM

Sorry, wrong DDS file, here is the right one...

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.17.2
Run by Owner at 19:39:12 on 2013-04-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2559 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: {4BA099BA-FF5D-41C8-A262-D6A8303E1E49} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{32B93DD8-D672-4D17-9E2F-4068DA6239E6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{406374BE-75AA-4690-AC4B-45E02E89C57B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{89AA179C-72F7-469B-9AB4-E27C9607403A} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-8 65336]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-8 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-8 377920]
R1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2013-3-23 65736]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-8 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-8 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-8 45248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IHA_MessageCenter;IHA_MessageCenter;"C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" --> C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [?]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-8 178624]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-12-29 144496]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-12-29 131552]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 ssmirrdr;ssmirrdr;C:\Windows\System32\drivers\ssmirrdr.sys [2011-6-11 10112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-29 1255736]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe --> C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [?]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-04-20 23:32:52 -------- d-sh--w- C:\$RECYCLE.BIN
2013-04-20 23:09:41 98816 ----a-w- C:\Windows\sed.exe
2013-04-20 23:09:41 256000 ----a-w- C:\Windows\PEV.exe
2013-04-20 23:09:41 208896 ----a-w- C:\Windows\MBR.exe
2013-04-20 18:07:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\WSOP-USA.com
2013-04-20 18:07:53 -------- d-----w- C:\Program Files (x86)\WSOP-USA.com
2013-04-20 18:07:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 18:07:40 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-20 04:05:43 73728 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-20 04:05:43 73728 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-20 04:05:43 73728 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-04-20 04:05:41 -------- d-----w- C:\Program Files (x86)\PeanutGallery
2013-04-19 18:07:18 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3065C6C-3163-46BE-9B02-2A48B4490600}\mpengine.dll
2013-04-17 12:58:45 -------- d-----w- C:\Program Files\Microsoft Baseline Security Analyzer 2
2013-04-17 12:56:18 -------- d-----w- C:\Program Files (x86)\EMET
2013-04-14 22:14:50 -------- d-----w- C:\Program Files (x86)\Maxis
2013-04-13 16:26:09 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-04-13 08:54:39 -------- d-----w- C:\Program Files (x86)\softendo.com
2013-04-13 08:52:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\Rovio
2013-04-13 04:35:22 -------- d-----w- C:\Users\Owner\AppData\Roaming\Pogo
2013-04-13 04:35:22 -------- d-----w- C:\ProgramData\Pogo
2013-04-13 04:32:44 -------- d-----w- C:\Program Files (x86)\Foxy Games
2013-04-13 04:32:42 -------- d-----w- C:\Downloads
2013-04-13 04:30:08 -------- d-----w- C:\Program Files (x86)\Rovio
2013-04-12 02:46:00 -------- d-----w- C:\Games
2013-04-12 02:40:42 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-12 02:34:44 -------- d--h--w- C:\Windows\msdownld.tmp
2013-04-12 02:25:50 -------- d-----w- C:\Windows\SysWow64\directx
2013-04-09 21:10:42 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2013-04-09 18:43:16 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-09 18:43:14 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-09 18:43:13 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-09 18:43:09 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-09 18:43:08 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-09 18:43:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-09 18:43:07 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-09 18:43:07 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-09 18:43:06 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-09 00:54:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-08 21:21:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-04-08 04:07:01 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-04-08 04:07:00 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-04-08 04:06:59 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-04-08 04:06:58 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-04-08 04:06:54 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-04-08 04:06:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-04-08 04:06:26 -------- d-----w- C:\Program Files\AVAST Software
2013-04-08 04:03:07 -------- d-----w- C:\ProgramData\AVAST Software
2013-04-07 01:12:53 -------- d-----w- C:\Program Files (x86)\WinZip Registry Optimizer
2013-04-06 14:30:04 -------- d-----w- C:\ProgramData\Sophos
2013-04-06 09:48:32 -------- d-----w- C:\ProgramData\Symantec
2013-04-06 09:48:28 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0400000.030
2013-04-06 09:48:28 -------- d-----w- C:\Windows\System32\drivers\NSSx64
2013-04-06 09:48:28 -------- d-----w- C:\ProgramData\Norton
2013-04-06 09:48:16 -------- d-----w- C:\ProgramData\NortonInstaller
2013-04-06 04:12:19 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-04-06 04:12:19 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-04-06 04:12:19 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-04-06 04:12:19 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-04-06 04:12:19 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-04-06 04:11:49 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-04-06 04:11:49 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-04-03 21:36:33 -------- d-----w- C:\Users\Owner\AppData\Roaming\Solvusoft
2013-04-03 21:36:21 18760 ----a-w- C:\Windows\System32\roboot64.exe
2013-04-03 16:52:05 -------- d-----w- C:\ProgramData\Webroot
2013-04-03 13:09:59 393576 ----a-w- C:\Windows\System32\xactengine2_6.dll
2013-04-03 13:03:13 -------- d-----w- C:\Program Files (x86)\Activision Value
2013-04-02 09:07:12 -------- d-----w- C:\Program Files (x86)\Advanced PC Tweaker
2013-03-31 17:30:02 -------- d-----w- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2013-03-31 17:29:52 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-03-31 17:05:14 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-03-31 17:02:24 -------- d--h--w- C:\Program Files (x86)\Temp
2013-03-31 15:39:23 -------- d-----w- C:\Users\Owner\AppData\Local\Diagnostics
2013-03-31 12:32:55 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-31 00:31:48 -------- d-----w- C:\Users\Owner\AppData\Roaming\Systweak
2013-03-30 09:49:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\GameTuts
2013-03-30 09:49:26 -------- d-----w- C:\Users\Owner\AppData\Local\GameTuts
2013-03-29 23:32:15 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2013-03-29 23:32:15 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2013-03-29 23:32:15 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2013-03-29 23:32:15 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2013-03-29 23:32:15 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2013-03-29 23:32:14 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2013-03-29 22:40:37 -------- d-----w- C:\ProgramData\PopCap Games
2013-03-28 22:00:06 -------- d-----w- C:\Users\Owner\AppData\Local\IsolatedStorage
2013-03-24 02:26:45 -------- d-----w- C:\Users\Owner\SecurityScans
2013-03-24 01:10:13 -------- d-----w- C:\Users\Owner\AppData\Roaming\liQeNSoft
2013-03-24 00:38:12 -------- d-----w- C:\ProgramData\BDLogging
2013-03-24 00:38:07 511328 ----a-w- C:\Windows\capicom.dll
2013-03-24 00:34:11 -------- d-----w- C:\Users\Owner\AppData\Local\liQeNSoft
2013-03-23 15:55:24 -------- d-----w- C:\Program Files (x86)\Belarc
2013-03-23 14:57:14 65736 ------w- C:\Windows\System32\drivers\pxrts.sys
2013-03-23 07:15:40 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{883FDED6-7EEF-4885-8894-FF1C0A2C1C46}\mpengine.dll
2013-03-22 06:25:41 296448 ----a-w- C:\Windows\SysWow64\mfds.dll.bak
2013-03-22 06:25:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\Win7codecs
2013-03-22 06:25:02 -------- d-----w- C:\Program Files (x86)\Win7codecs
2013-03-22 06:23:27 -------- d-----w- C:\ProgramData\Win7codecs
2013-03-22 06:15:22 -------- d-----w- C:\ProgramData\PMS
.
==================== Find3M  ====================
.
2013-04-12 02:40:29 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-12 02:40:29 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-31 08:52:48 1656 ----a-w- C:\Windows\System32\ASOROSet.bin
2013-03-24 02:10:40 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-03-24 02:10:40 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-03-18 15:00:00 1566720 ----a-w- C:\Windows\SysWow64\VSFilter.dll
2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-27 12:57:04 4283392 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2013-02-26 12:34:15 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
2013-02-26 12:34:15 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
2013-02-26 05:32:38 1814304 ----a-w- C:\Windows\System32\nvdispco64.dll
2013-02-26 05:32:32 1510176 ----a-w- C:\Windows\System32\nvdispgenco64.dll
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-18 14:22:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-02-18 14:22:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-02-18 14:22:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-10 03:25:27 1807136 ----a-w- C:\Windows\System32\nvdispco6420294.dll
2013-02-10 03:25:27 1510176 ----a-w- C:\Windows\System32\nvdispgenco6420162.dll
2013-02-05 22:53:34 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
.
============= FINISH: 19:39:30.18 ===============
 

 

 

I have been noticing a performance lag and slower processing times with this rootkit, trojan, malware, etc.  I greatly appreciate you taking the time to give me a hand.  I will be looking forward to your opinion.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 21 April 2013 - 08:13 AM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
90883072
gzflt
BDSandBox
BdDesktopParental

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

===

For you security I strongly suggest you update to a more recent version of Internet Explorer.
Internet Explorer 4 Out of date!
I would at least get the version 7.
You may not be using Internet Explorer but you are still vulnerable with version 4.
Open your Tools menu and use the Windows Update application. See what is available.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 17

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
There may also be some other 3rd party programs suggested. Do not install them if you do not want them.
===

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push the esetFinish.png button.


#10 Guieto1983

Guieto1983
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 21 April 2013 - 10:37 AM

ComboFix 13-04-20.02 - Owner 04/21/2013  10:59:41.7.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2158 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GZFLT
-------\Service_90883072
-------\Service_BdDesktopParental
-------\Service_BDSandBox
-------\Service_gzflt
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-21 to 2013-04-21  )))))))))))))))))))))))))))))))
.
.
2013-04-20 18:07 . 2013-04-20 18:09 -------- d-----w- c:\users\Owner\AppData\Roaming\WSOP-USA.com
2013-04-20 18:07 . 2013-04-20 18:08 -------- d-----w- c:\program files (x86)\WSOP-USA.com
2013-04-20 18:07 . 2013-04-20 18:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 18:07 . 2013-04-20 18:07 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-19 18:07 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3065C6C-3163-46BE-9B02-2A48B4490600}\mpengine.dll
2013-04-17 12:58 . 2013-04-17 12:58 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2013-04-17 12:56 . 2013-04-17 12:56 -------- d-----w- c:\program files (x86)\EMET
2013-04-14 22:14 . 2013-04-14 22:14 -------- d-----w- c:\program files (x86)\Maxis
2013-04-14 06:55 . 2013-04-14 06:55 -------- d-----w- c:\program files (x86)\Google
2013-04-13 16:26 . 2013-04-13 16:26 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-04-13 08:54 . 2013-04-13 08:54 -------- d-----w- c:\program files (x86)\softendo.com
2013-04-13 08:52 . 2013-04-18 23:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Rovio
2013-04-13 04:35 . 2013-04-13 04:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Pogo
2013-04-13 04:35 . 2013-04-13 04:35 -------- d-----w- c:\programdata\Pogo
2013-04-13 04:32 . 2013-04-13 04:32 -------- d-----w- c:\program files (x86)\Foxy Games
2013-04-13 04:32 . 2013-04-13 04:32 -------- d-----w- C:\Downloads
2013-04-13 04:30 . 2013-04-18 23:48 -------- d-----w- c:\program files (x86)\Rovio
2013-04-12 02:46 . 2013-04-12 02:48 -------- d-----w- C:\Games
2013-04-12 02:41 . 2013-04-12 02:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-12 02:40 . 2013-04-12 02:40 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-12 02:40 . 2013-04-12 02:40 -------- d-----w- c:\program files (x86)\Java
2013-04-12 02:34 . 2013-04-12 02:48 -------- d--h--w- c:\windows\msdownld.tmp
2013-04-09 21:10 . 2013-04-09 21:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-04-09 21:10 . 2013-04-09 21:10 -------- d-----w- c:\users\Default
2013-04-09 18:43 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 18:43 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-09 18:43 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-09 18:43 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-09 18:43 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-09 18:43 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-09 18:43 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-09 18:43 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-09 18:43 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-09 00:54 . 2013-04-17 12:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-08 21:21 . 2013-04-17 12:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-04-08 04:07 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-04-08 04:07 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-04-08 04:07 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-04-08 04:07 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-04-08 04:07 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-04-08 04:06 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-08 04:06 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-08 04:06 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-08 04:06 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-08 04:06 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-04-08 04:06 . 2013-04-08 04:06 -------- d-----w- c:\program files\AVAST Software
2013-04-08 04:03 . 2013-04-08 04:06 -------- d-----w- c:\programdata\AVAST Software
2013-04-07 01:12 . 2013-04-07 01:18 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
2013-04-06 14:30 . 2013-04-06 14:30 -------- d-----w- c:\programdata\Sophos
2013-04-06 09:48 . 2013-04-06 09:48 -------- d-----w- c:\programdata\Symantec
2013-04-06 09:48 . 2013-04-06 09:48 -------- d-----w- c:\windows\system32\drivers\NSSx64
2013-04-06 09:48 . 2013-04-06 09:48 -------- d-----w- c:\programdata\Norton
2013-04-06 04:12 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-04-06 04:12 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-06 04:12 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-06 04:12 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-04-06 04:12 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-06 04:11 . 2013-03-15 05:53 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-04-06 04:11 . 2013-03-15 05:53 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-04-03 21:36 . 2013-04-03 22:05 -------- d-----w- c:\users\Owner\AppData\Roaming\Solvusoft
2013-04-03 21:36 . 2012-02-08 14:29 18760 ----a-w- c:\windows\system32\roboot64.exe
2013-04-03 16:52 . 2013-04-03 16:52 -------- d-----w- c:\programdata\Webroot
2013-04-03 13:09 . 2007-01-24 19:27 393576 ----a-w- c:\windows\system32\xactengine2_6.dll
2013-04-03 13:03 . 2013-04-03 13:03 -------- d-----w- c:\program files (x86)\Activision Value
2013-04-02 09:07 . 2013-04-20 11:59 -------- d-----w- c:\program files (x86)\Advanced PC Tweaker
2013-03-31 17:30 . 2013-03-31 17:30 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2013-03-31 17:29 . 2013-03-31 17:29 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-31 17:05 . 2009-02-05 14:53 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-03-31 17:02 . 2013-03-31 17:02 -------- d--h--w- c:\program files (x86)\Temp
2013-03-31 15:39 . 2013-04-05 20:45 -------- d-----w- c:\users\Owner\AppData\Local\Diagnostics
2013-03-31 12:32 . 2013-03-31 12:32 -------- d-----w- c:\programdata\Malwarebytes
2013-03-31 00:31 . 2013-04-01 23:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Systweak
2013-03-30 09:49 . 2013-03-30 09:49 -------- d-----w- c:\users\Owner\AppData\Roaming\GameTuts
2013-03-30 09:49 . 2013-03-30 09:49 -------- d-----w- c:\users\Owner\AppData\Local\GameTuts
2013-03-29 23:52 . 2013-04-09 04:03 -------- d-----w- c:\programdata\NVIDIA
2013-03-29 23:32 . 2010-02-04 14:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2013-03-29 23:32 . 2010-02-04 14:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2013-03-29 23:32 . 2010-02-04 14:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2013-03-29 23:32 . 2010-02-04 14:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2013-03-29 23:32 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2013-03-29 23:32 . 2007-04-04 22:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2013-03-29 22:40 . 2013-03-29 23:04 -------- d-----w- c:\programdata\PopCap Games
2013-03-28 22:00 . 2013-03-28 22:00 -------- d-----w- c:\users\Owner\AppData\Local\IsolatedStorage
2013-03-24 02:29 . 2013-04-18 03:01 -------- d-----w- c:\windows\debug
2013-03-24 02:26 . 2013-04-17 13:13 -------- d-----w- c:\users\Owner\SecurityScans
2013-03-24 01:10 . 2013-03-24 01:10 -------- d-----w- c:\users\Owner\AppData\Roaming\liQeNSoft
2013-03-24 00:38 . 2013-03-24 00:38 -------- d-----w- c:\programdata\BDLogging
2013-03-24 00:38 . 2007-04-11 14:11 511328 ----a-w- c:\windows\capicom.dll
2013-03-24 00:34 . 2013-04-06 11:06 -------- d-----w- c:\users\Owner\AppData\Local\liQeNSoft
2013-03-23 15:55 . 2013-03-23 15:55 -------- d-----w- c:\program files (x86)\Belarc
2013-03-23 14:57 . 2013-03-23 14:57 65736 ------w- c:\windows\system32\drivers\pxrts.sys
2013-03-23 07:15 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{883FDED6-7EEF-4885-8894-FF1C0A2C1C46}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 02:40 . 2013-03-06 01:06 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-12 02:40 . 2010-12-29 18:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-01 23:58 . 2010-12-29 19:34 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-31 08:52 . 2013-02-23 06:05 1656 ----a-w- c:\windows\system32\ASOROSet.bin
2013-03-24 02:10 . 2013-03-03 05:52 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-24 02:10 . 2013-03-03 05:52 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-18 15:00 . 2013-03-18 15:00 1566720 ----a-w- c:\windows\SysWow64\VSFilter.dll
2013-03-12 05:10 . 2010-12-29 18:42 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-27 12:57 . 2013-02-27 12:57 4283392 ----a-w- c:\windows\SysWow64\x264vfw.dll
2013-02-26 12:34 . 2013-02-08 02:02 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2013-02-26 12:34 . 2013-02-08 02:02 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2013-02-26 07:45 . 2012-05-02 01:28 164880 ---ha-w- c:\users\Owner\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2013-02-26 06:28 . 2013-02-26 06:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-26 06:28 . 2012-08-31 21:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-26 06:28 . 2012-08-31 21:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-26 06:28 . 2011-09-09 09:52 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-26 05:32 . 2013-02-26 05:32 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-26 05:32 . 2013-02-26 05:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-18 14:22 . 2013-02-18 14:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2013-02-18 14:22 . 2013-02-18 14:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 14:22 . 2013-02-18 14:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-17 20:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-17 20:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-17 20:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-17 20:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-17 20:05 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-17 20:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-19 18:30 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:25 . 2013-03-05 06:23 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-03-05 06:23 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll
2013-02-05 22:53 . 2013-03-03 08:50 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2013-02-05 22:52 . 2013-02-05 22:52 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2013-02-05 22:52 . 2013-02-05 22:52 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2013-02-05 22:52 . 2013-02-05 22:52 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2013-02-05 22:52 . 2013-02-05 22:52 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2013-02-05 22:52 . 2013-02-05 22:52 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2013-02-05 22:52 . 2013-02-05 22:52 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2013-02-05 22:52 . 2013-02-05 22:52 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2013-02-05 22:52 . 2013-02-05 22:52 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2013-02-05 22:52 . 2013-02-05 22:52 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2013-02-05 22:52 . 2013-02-05 22:52 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2013-02-05 22:52 . 2013-02-05 22:52 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2013-02-05 22:52 . 2013-02-05 22:52 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2013-02-05 22:52 . 2013-02-05 22:52 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2013-02-05 22:52 . 2013-02-05 22:52 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2013-02-05 22:52 . 2013-02-05 22:52 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2013-02-05 22:52 . 2013-02-05 22:52 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2013-02-05 22:52 . 2013-02-05 22:52 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2013-02-05 22:52 . 2013-02-05 22:52 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2013-02-05 22:52 . 2013-02-05 22:52 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2013-02-05 22:52 . 2013-02-05 22:52 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2013-02-05 22:52 . 2013-02-05 22:52 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2013-02-05 22:52 . 2013-02-05 22:52 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2013-02-05 22:52 . 2013-02-05 22:52 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2013-02-05 22:52 . 2013-02-05 22:52 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2013-02-05 22:52 . 2013-02-05 22:52 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *bddel.exe\0afeBox\0??¿???\0?\0?\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R3 aswVmm;aswVmm; [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-09-23 144496]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-10-12 131552]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [2011-06-11 10112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1255736]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2013-03-23 65736]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-14 06:55 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-20 18:07]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14 06:55]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14 06:55]
.
2013-04-17 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2013-04-02 23:18]
.
2013-04-19 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-04-21 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:06]
.
2012-07-20 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:06]
.
2013-03-31 c:\windows\Tasks\User_Feed_Synchronization-{1DC01F9B-BAC8-4E7C-9FD8-6299800535C1}.job
- c:\windows\system32\msfeedssync.exe [2011-05-28 01:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4BA099BA-FF5D-41C8-A262-D6A8303E1E49} - (no file)
AddRemove-{B030FEFA-B196-A9FB-1757-17693547894D} - c:\progra~3\INSTAL~1\{79855~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\05\1e\01,\"?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2013-04-21  11:10:34 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-21 15:10
ComboFix2.txt  2013-04-20 23:19
.
Pre-Run: 527,400,984,576 bytes free
Post-Run: 527,222,251,520 bytes free
.
- - End Of File - - 57102DB742BB02AE3D3C20A1ED00358B
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 21 April 2013 - 12:30 PM

Looking good. Any remaining Issues?

#12 Guieto1983

Guieto1983
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 21 April 2013 - 01:04 PM

C:\Users\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application 
C:\Users\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\Crack\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application 
C:\Users\Owner\Downloads\super-mario (1).exe a variant of Win32/Kryptik.PVK trojan 
C:\Users\Owner\Downloads\super-mario (2).exe a variant of Win32/Kryptik.PVK trojan 
C:\Users\Owner\Downloads\super-mario (3).exe a variant of Win32/Kryptik.PVK trojan 
C:\Users\Owner\Downloads\super-mario.exe a variant of Win32/Kryptik.PVK trojan 
C:\Users\Owner\Videos\Movies\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application 
C:\Documents and Settings\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\Crack\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Downloads\super-mario (1).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Downloads\super-mario (2).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Downloads\super-mario (3).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Downloads\super-mario.exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Videos\Movies\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\Crack\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Downloads\super-mario (1).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Downloads\super-mario (2).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Downloads\super-mario (3).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Downloads\super-mario.exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 21 April 2013 - 01:11 PM

That was a good cleanup.

#14 Guieto1983

Guieto1983
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 21 April 2013 - 08:40 PM

I believe this started when I configured a homegroup for windows media network sharing service.  Do you think that the rootkit, if any were present, is gone?  I can't thank you enough for the steps and procedures you outlined for appropriate course's of action. 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 22 April 2013 - 08:02 AM

No rootkit but some pub/adaware unwanted programs removed.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users