Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan! backdoor using RDP


  • Please log in to reply
39 replies to this topic

#1 lalypatzy

lalypatzy

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 30 April 2013 - 09:32 AM

I found a hidden Default.rpd and i think they observe me and run malycious programs.... thank you!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 03 May 2013 - 10:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 lalypatzy

lalypatzy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 08 May 2013 - 05:08 PM

thanks for your help

in safe mode i have services Winmgmt,WinDefend,RpcSs,RpcEptMapper,ProfSvc,Power,PlugPlay,eventlog
DcomLaunch,CrypySvc

 

# AdwCleaner v2.300 - Logfile created 05/09/2013 at 00:36:10
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : b4r3s0r1c - SADFAPC
# Boot Mode : Safe mode
# Running from : C:\Users\b4r3s0r1c\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Users\b4r3s0r1c\AppData\Roaming\BabMaint.exe
File Found : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\bprotector_extensions.sqlite
File Found : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\bprotector_prefs.js
File Found : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\searchplugins\Askcom.xml
File Found : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\searchplugins\Babylon.xml
File Found : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\searchplugins\delta.xml
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Delta
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\Users\b4r3s0r1c\AppData\Local\AVG Secure Search
Folder Found : C:\Users\b4r3s0r1c\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\b4r3s0r1c\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\b4r3s0r1c\AppData\Roaming\BabSolution
Folder Found : C:\Users\b4r3s0r1c\AppData\Roaming\Babylon
Folder Found : C:\Users\b4r3s0r1c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Found : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\extensions\ffxtlbr@delta.com
Folder Found : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\extensions\toolbar@ask.com
Folder Found : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\jetpack
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\5f2dc8bb23db948
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\5f2dc8bb23db948
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKU\S-1-5-21-3220598368-3764719963-1868930678-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (ro)

File : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119828&babsrc=NT_ss&mntrId=442B[...]
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Delta Search");
Found : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?affID=119828&babsrc=HP_ss&mntrI[...]
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Found : user_pref("extensions.delta.admin", false);
Found : user_pref("extensions.delta.aflt", "babsst");
Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Found : user_pref("extensions.delta.autoRvrt", "false");
Found : user_pref("extensions.delta.dfltLng", "en");
Found : user_pref("extensions.delta.excTlbr", false);
Found : user_pref("extensions.delta.ffxUnstlRst", true);
Found : user_pref("extensions.delta.id", "442b61e9000000000000002522d514a5");
Found : user_pref("extensions.delta.instlDay", "15825");
Found : user_pref("extensions.delta.instlRef", "sst");
Found : user_pref("extensions.delta.newTab", false);
Found : user_pref("extensions.delta.prdct", "delta");
Found : user_pref("extensions.delta.prtnrId", "delta");
Found : user_pref("extensions.delta.rvrt", "false");
Found : user_pref("extensions.delta.smplGrp", "none");
Found : user_pref("extensions.delta.tlbrId", "base");
Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Found : user_pref("extensions.delta.vrsn", "1.8.16.16");
Found : user_pref("extensions.delta.vrsnTs", "1.8.16.1616:14:23");
Found : user_pref("extensions.delta.vrsni", "1.8.16.16");
Found : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7Be001c731-5e37-4538-a5cb[...]
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

*************************

AdwCleaner[R1].txt - [14013 octets] - [09/05/2013 00:36:10]

########## EOF - C:\AdwCleaner[R1].txt - [14074 octets] ##########

 

ComboFix 13-05-08.02 - b4r3s0r1c 09.05.2013   0:44.3.1 - x64 MINIMAL
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1791.1271 [GMT 3:00]
Running from: c:\users\b4r3s0r1c\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-08 to 2013-05-08  )))))))))))))))))))))))))))))))
.
.
2013-05-08 21:49 . 2013-05-08 21:49    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-05-08 21:49 . 2013-05-08 21:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-05 13:02 . 2013-05-05 13:02    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{76663876-93A9-4782-81FD-959C7B7DF76B}\offreg.dll
2013-05-05 13:01 . 2013-04-10 03:46    9317456    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{76663876-93A9-4782-81FD-959C7B7DF76B}\mpengine.dll
2013-04-30 14:27 . 2013-04-30 14:27    --------    d-----w-    c:\users\b4r3s0r1c\AppData\Roaming\Malwarebytes
2013-04-30 14:27 . 2013-04-30 14:27    --------    d-----w-    c:\programdata\Malwarebytes
2013-04-30 14:27 . 2013-04-30 14:27    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-30 14:27 . 2013-04-04 11:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-30 13:13 . 2013-04-30 13:13    --------    d-----w-    c:\program files (x86)\7-Zip
2013-04-24 04:07 . 2013-04-12 14:45    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-11 19:16 . 2013-03-15 06:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1AA3EFF7-84DD-4B5E-9CF0-158A3E393847}\mpengine.dll
2013-04-11 09:37 . 2013-04-11 09:38    --------    d-----w-    c:\windows\CD95F661A5C444F5A6AAECDD91C240D9.TMP
2013-04-11 09:37 . 2013-04-11 09:37    39768    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-04-11 09:20 . 2013-04-11 09:38    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-04-11 09:20 . 2009-01-25 09:14    17272    ----a-w-    c:\windows\system32\sdnclean64.exe
2013-04-11 09:20 . 2013-04-11 09:20    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-11 09:20 . 2013-04-11 09:20    --------    d-----w-    c:\users\b4r3s0r1c\AppData\Local\Programs
2013-04-11 03:36 . 2013-03-15 06:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-11 03:29 . 2013-04-11 03:29    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-11 03:26 . 2013-04-11 03:26    --------    d-----w-    c:\users\UpdatusUser
2013-04-10 22:28 . 2013-02-15 06:06    3717632    ----a-w-    c:\windows\system32\mstscax.dll
2013-04-10 22:28 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\SysWow64\mstscax.dll
2013-04-10 22:28 . 2013-02-15 06:08    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2013-04-10 22:28 . 2013-02-15 06:02    158720    ----a-w-    c:\windows\system32\aaclient.dll
2013-04-10 22:28 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2013-04-10 22:28 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2013-04-10 22:28 . 2013-03-01 03:36    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-04-10 22:28 . 2013-03-19 06:04    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-04-10 22:28 . 2013-03-19 05:04    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 22:27 . 2013-03-19 05:04    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 22:27 . 2013-03-19 03:06    112640    ----a-w-    c:\windows\system32\smss.exe
2013-04-10 22:27 . 2013-03-19 05:46    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-04-10 22:27 . 2013-03-19 04:47    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 22:34 . 2011-12-21 01:11    72702784    ----a-w-    c:\windows\system32\MRT.exe
2013-04-02 10:34 . 2011-12-20 04:41    282744    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-19 20:00 . 2013-03-19 19:06    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 20:00 . 2011-12-19 10:36    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-20 13:49 . 2013-02-10 16:57    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-20 13:48 . 2013-02-10 16:57    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-20 13:48 . 2013-02-10 16:57    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-20 13:48 . 2013-02-20 13:48    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-19 19:32 . 2011-12-19 10:14    15413704    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-02-19 19:32 . 2013-02-19 19:32    25256736    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-02-19 19:32 . 2013-02-19 19:32    2222880    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-02-19 19:32 . 2009-07-13 21:59    18376008    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-02-19 19:32 . 2013-02-19 19:32    2749216    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-02-19 19:32 . 2013-02-19 19:32    1802528    ----a-w-    c:\windows\system32\nvdispco64.dll
2013-02-19 19:32 . 2013-02-19 19:32    7457968    ----a-w-    c:\windows\system32\nvopencl.dll
2013-02-19 19:32 . 2013-02-19 19:32    26341664    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-02-19 19:32 . 2013-02-19 19:32    2446416    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-02-19 19:32 . 2011-12-19 10:14    2752880    ----a-w-    c:\windows\system32\nvapi64.dll
2013-02-19 19:32 . 2013-02-19 19:32    6162704    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2013-02-19 19:32 . 2013-02-19 19:32    13531936    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 19:32 . 2013-02-19 19:32    7754560    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2013-02-19 19:32 . 2013-02-19 19:32    17560352    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2013-02-19 19:32 . 2013-02-19 19:32    2577184    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2013-02-19 19:32 . 2013-02-19 19:32    1869088    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2013-02-19 19:32 . 2013-02-19 19:32    19915552    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2013-02-19 19:32 . 2013-02-19 19:32    9184760    ----a-w-    c:\windows\system32\nvcuda.dll
2013-02-19 19:32 . 2013-02-19 19:32    1510176    ----a-w-    c:\windows\system32\nvdispgenco64.dll
2013-02-17 12:34 . 2013-02-17 12:34    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-17 12:33 . 2013-02-17 12:33    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-17 12:33 . 2013-02-17 12:33    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-12 04:12 . 2013-03-26 02:54    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-02-10 16:57 . 2013-02-10 16:57    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASRockOCTuner"="" [BU]
"ASRockIES"="" [BU]
"zASRockInstantBoot"="" [BU]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
"MediaGet2"="c:\users\b4r3s0r1c\AppData\Local\MediaGet2\mediaget.exe" [BU]
"Facebook Update"="c:\users\b4r3s0r1c\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-12-19 4942336]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-19 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-19 79360]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-12-19 79360]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-20 1255736]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-12-19 15936]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 20:00]
.
2013-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3220598368-3764719963-1868930678-1000Core.job
- c:\users\b4r3s0r1c\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 22:16]
.
2013-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3220598368-3764719963-1868930678-1000UA.job
- c:\users\b4r3s0r1c\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 22:16]
.
2013-05-08 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-03-15 12:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01    134384    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0A1266EA-2063-49C9-93E5-7AE43EA5A948}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-09  00:50:54
ComboFix-quarantined-files.txt  2013-05-08 21:50
ComboFix2.txt  2013-04-30 14:13
ComboFix3.txt  2013-04-30 13:59
.
Pre-Run: 204.377.796.608 bytes free
Post-Run: 204.291.043.328 bytes free
.
- - End Of File - - 073857BD806F3D0C168195AF4777BF71

 

 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus                
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 37  
 Java version out of Date!
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled!
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

 

 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 09 May 2013 - 07:39 AM

Please run the AdwCleaner tool one more time and used the Delete button this time.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 6 Update 37

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Please post a fresh AdwCleaner log and let me know what problem persists.

#5 lalypatzy

lalypatzy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 09 May 2013 - 09:08 AM

# AdwCleaner v2.300 - Logfile created 05/09/2013 at 16:57:22
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : b4r3s0r1c - SADFAPC
# Boot Mode : Normal
# Running from : C:\Users\b4r3s0r1c\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\jetpack

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (ro)

File : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14122 octets] - [09/05/2013 00:36:10]
AdwCleaner[R2].txt - [836 octets] - [09/05/2013 16:57:22]
AdwCleaner[S1].txt - [14466 octets] - [09/05/2013 00:36:36]

########## EOF - C:\AdwCleaner[R2].txt - [956 octets] ##########
 

# AdwCleaner v2.300 - Logfile created 05/09/2013 at 16:57:52
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : b4r3s0r1c - SADFAPC
# Boot Mode : Normal
# Running from : C:\Users\b4r3s0r1c\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\jetpack

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (ro)

File : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14122 octets] - [09/05/2013 00:36:10]
AdwCleaner[R2].txt - [1024 octets] - [09/05/2013 16:57:22]
AdwCleaner[S1].txt - [14466 octets] - [09/05/2013 00:36:36]
AdwCleaner[S2].txt - [959 octets] - [09/05/2013 16:57:52]

########## EOF - C:\AdwCleaner[S2].txt - [1018 octets] ##########
 



# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\BabMaint.exe
File Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\bprotector_extensions.sqlite
File Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\bprotector_prefs.js
File Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\searchplugins\Askcom.xml
File Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\searchplugins\Babylon.xml
File Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\searchplugins\delta.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Users\b4r3s0r1c\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\b4r3s0r1c\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\b4r3s0r1c\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Babylon
Folder Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\extensions\ffxtlbr@delta.com
Folder Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\jetpack
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\5f2dc8bb23db948
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5f2dc8bb23db948
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (ro)

File : C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\prefs.js

C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119828&babsrc=NT_ss&mntrId=442B[...]
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?affID=119828&babsrc=HP_ss&mntrI[...]
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "442b61e9000000000000002522d514a5");
Deleted : user_pref("extensions.delta.instlDay", "15825");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1616:14:23");
Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7Be001c731-5e37-4538-a5cb[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

*************************

AdwCleaner[R1].txt - [14122 octets] - [09/05/2013 00:36:10]
AdwCleaner[S1].txt - [14357 octets] - [09/05/2013 00:36:36]

########## EOF - C:\AdwCleaner[S1].txt - [14418 octets] ##########
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 09 May 2013 - 09:47 AM

Any remaining issues with this computer?

#7 lalypatzy

lalypatzy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 09 May 2013 - 09:54 AM

how i close the acces from outside... all remotes... i;m feeling followed



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 09 May 2013 - 12:37 PM

how i close the acces from outside... all remotes... i;m feeling followed

Why do you say this.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.
  • Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


#9 lalypatzy

lalypatzy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 09 May 2013 - 01:31 PM

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : b4r3s0r1c [Admin rights]
Mode : Scan -- Date : 05/09/2013 21:24:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> FOUND
[TASK][SUSP PATH] EPUpdater : C:\Users\B4R3S0~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe  [x] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD253GJ SCSI Disk Device +++++
--- User ---
[MBR] f2e948a1df242df200152e3b502e82ba
[BSP] d5720f274d6066017d7647f732f052f6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238316 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_05092013_02d2124.txt >>
RKreport[1]_S_05092013_02d2124.txt

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : b4r3s0r1c [Admin rights]
Mode : Remove -- Date : 05/09/2013 21:25:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> ERROR [0x1]
[TASK][SUSP PATH] EPUpdater : C:\Users\B4R3S0~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe  [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ERROR [0x1]
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> ERROR [0x1]
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD253GJ SCSI Disk Device +++++
--- User ---
[MBR] f2e948a1df242df200152e3b502e82ba
[BSP] d5720f274d6066017d7647f732f052f6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238316 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_05092013_02d2125.txt >>
RKreport[1]_S_05092013_02d2124.txt ; RKreport[2]_D_05092013_02d2125.txt
 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : b4r3s0r1c [Admin rights]
Mode : Remove -- Date : 05/09/2013 21:25:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD253GJ SCSI Disk Device +++++
--- User ---
[MBR] f2e948a1df242df200152e3b502e82ba
[BSP] d5720f274d6066017d7647f732f052f6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238316 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_D_05092013_02d2125.txt >>
RKreport[1]_S_05092013_02d2124.txt ; RKreport[2]_D_05092013_02d2125.txt ; RKreport[3]_D_05092013_02d2125.txt
 

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 1.6.0_37
Run by b4r3s0r1c at 21:27:44 on 2013-05-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1791.515 [GMT 3:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\b4r3s0r1c\Downloads\RogueKillerX64.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ASRockOCTuner] <no file>
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0A1266EA-2063-49C9-93E5-7AE43EA5A948} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0A1266EA-2063-49C9-93E5-7AE43EA5A948} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\b4r3s0r1c\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\b4r3s0r1c\AppData\Roaming\Mozilla\Firefox\Profiles\97pe1ixy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2011-12-19 15368]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-22 591192]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-22 304472]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2011-12-19 15936]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-22 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-22 66904]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-22 44768]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-30 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-30 701512]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-11 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-11 168384]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-30 25928]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-12-19 79360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-12-19 1250816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-11 1103392]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-19 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-19 79360]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-12-21 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-21 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-21 1255736]
.
=============== Created Last 30 ================
.
2013-05-09 18:21:36    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76663876-93A9-4782-81FD-959C7B7DF76B}\offreg.dll
2013-05-09 14:00:36    972264    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CCF81DB-136F-B508-E16C-A4A01381F46C}\GapaEngine.dll
2013-05-08 21:56:53    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-05-05 13:01:32    9317456    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76663876-93A9-4782-81FD-959C7B7DF76B}\mpengine.dll
2013-04-30 14:27:26    --------    d-----w-    C:\Users\b4r3s0r1c\AppData\Roaming\Malwarebytes
2013-04-30 14:27:13    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-04-30 14:27:11    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-30 14:27:11    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-30 13:45:27    98816    ----a-w-    C:\Windows\sed.exe
2013-04-30 13:45:27    256000    ----a-w-    C:\Windows\PEV.exe
2013-04-30 13:45:27    208896    ----a-w-    C:\Windows\MBR.exe
2013-04-28 21:34:47    --------    d-----w-    C:\Windows\pss
2013-04-24 04:07:31    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-11 19:16:53    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1AA3EFF7-84DD-4B5E-9CF0-158A3E393847}\mpengine.dll
2013-04-11 09:37:54    --------    d-----w-    C:\Windows\CD95F661A5C444F5A6AAECDD91C240D9.TMP
2013-04-11 09:37:34    39768    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-04-11 09:20:58    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-04-11 09:20:37    17272    ----a-w-    C:\Windows\System32\sdnclean64.exe
2013-04-11 09:20:24    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-11 09:20:03    --------    d-----w-    C:\Users\b4r3s0r1c\AppData\Local\Programs
2013-04-11 03:36:01    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-11 03:29:03    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-10 22:28:24    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-04-10 22:28:23    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-04-10 22:28:21    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-04-10 22:28:21    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2013-04-10 22:28:21    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2013-04-10 22:28:20    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2013-04-10 22:28:11    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-10 22:28:03    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-10 22:28:00    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 22:27:59    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 22:27:58    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-04-10 22:27:57    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-04-10 22:27:57    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
.
==================== Find3M  ====================
.
2013-05-09 14:04:38    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 14:04:38    691592    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-11 03:29:03    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 10:34:28    282744    ------w-    C:\Windows\System32\MpSigStub.exe
2013-02-12 04:12:05    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 21:28:54,31 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 19.12.2011 11:59:33
System Uptime: 09.05.2013 17:57:35 (4 hours ago)
.
Motherboard: ASRock |  | N68-VS3 UCC
Processor: AMD Sempron™ 145 Processor | CPUSocket | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 189,826 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP156: 27.03.2013 00:06:28 - Windows Update
RP157: 04.04.2013 12:22:49 - Scheduled Checkpoint
RP158: 11.04.2013 01:32:00 - Windows Update
RP159: 11.04.2013 06:20:23 - Windows Update
RP160: 24.04.2013 13:46:22 - Windows Update
RP161: 30.04.2013 16:45:49 - ComboFix created restore point
.
==== Installed Programs ======================
.
7-Zip 9.20
888poker
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
ASRock App Charger v1.0.4
ASRock IES v2.1.15
ASRock InstantBoot v1.26
ASRock OC Tuner v2.4.31
avast! Free Antivirus
CameraHelperMsi
erLT
Facebook Video Calling 1.2.0.287
Free File Viewer 2011
HP Deskjet 3070 B611 series Basic Device Software
Java Auto Updater
Java™ 6 Update 37
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 20.0.1 (x86 ro)
Mozilla Maintenance Service
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
Platform
PVSonyDll
RegUtility version 4.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype™ 5.10
Sound Blaster X-Fi MB
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VIA Platform Device Manager
VLC media player 2.0.0
Windows Media Player Firefox Plugin
XFastUsb
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
09.05.2013 17:00:41, Error: Service Control Manager [7023]  - The Microsoft Antimalware Service service terminated with the following error:  %%-2147017840
09.05.2013 17:00:37, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
09.05.2013 16:42:38, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
09.05.2013 00:56:50, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
09.05.2013 00:52:48, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
09.05.2013 00:49:24, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
09.05.2013 00:40:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
09.05.2013 00:38:43, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
09.05.2013 00:38:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
09.05.2013 00:38:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
09.05.2013 00:38:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
09.05.2013 00:38:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
09.05.2013 00:38:41, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
09.05.2013 00:38:35, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
09.05.2013 00:37:54, Error: Service Control Manager [7001]  - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
09.05.2013 00:37:47, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
09.05.2013 00:37:39, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AsrAppCharger aswRdr aswSnx aswSP aswTdi CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
09.05.2013 00:37:37, Error: Service Control Manager [7001]  - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error:  The dependency service or group failed to start.
09.05.2013 00:35:26, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.147.1566.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9302.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
09.05.2013 00:23:07, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
09.05.2013 00:12:36, Error: Service Control Manager [7038]  - The LanmanWorkstation service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
09.05.2013 00:12:36, Error: Service Control Manager [7038]  - The CryptSvc service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
09.05.2013 00:12:36, Error: Service Control Manager [7000]  - The Workstation service failed to start due to the following error:  The service did not start due to a logon failure.
09.05.2013 00:12:36, Error: Service Control Manager [7000]  - The Cryptographic Services service failed to start due to the following error:  The service did not start due to a logon failure.
09.05.2013 00:11:36, Error: Service Control Manager [7031]  - The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
09.05.2013 00:11:36, Error: Service Control Manager [7031]  - The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
09.05.2013 00:11:36, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
09.05.2013 00:11:36, Error: Service Control Manager [7031]  - The Cryptographic Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
09.05.2013 00:09:19, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
09.05.2013 00:09:19, Error: Service Control Manager [7031]  - The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
09.05.2013 00:09:19, Error: Service Control Manager [7031]  - The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
09.05.2013 00:09:19, Error: Service Control Manager [7031]  - The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
09.05.2013 00:09:19, Error: Service Control Manager [7031]  - The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
08.05.2013 18:35:10, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
08.05.2013 18:33:46, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
08.05.2013 09:30:15, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
08.05.2013 09:19:05, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
07.05.2013 14:46:46, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
06.05.2013 15:39:27, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
04.05.2013 17:19:31, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
04.05.2013 09:43:57, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
04.05.2013 05:08:52, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
03.05.2013 13:27:25, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
02.05.2013 18:54:46, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
02.05.2013 13:23:24, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: Network Inspection System      Error Code: 0x80004004      Error description: Operation aborted       Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
02.05.2013 01:38:16, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
02.05.2013 01:37:45, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02.05.2013 01:37:45, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02.05.2013 01:37:45, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02.05.2013 01:37:45, Error: Service Control Manager [7031]  - The Offline Files service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02.05.2013 01:37:45, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
02.05.2013 01:37:45, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02.05.2013 01:37:45, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 09 May 2013 - 01:48 PM

Any remaining issues pending?

#11 lalypatzy

lalypatzy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 09 May 2013 - 01:53 PM

from the scan NO. You see anything unusual there?

was infected my pc? 2 weeks ago i found am desktop remote in documents named as Default.. when i opened the file it was remote desktop connection.. never put smf like that

 

 Quarantine Report...

 Time : 09/05/2013 21:24:18
 --------------------------
[AmbRunE.dll.vir] -> C:\Windows\system32\AmbRunE.dll
ERROR [BabMaint.exe.vir] -> C:\Users\B4R3S0~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe


 Time : 09/05/2013 21:25:25
 --------------------------
[AmbRunE.dll.vir] -> C:\Windows\system32\AmbRunE.dll
ERROR [BabMaint.exe.vir] -> C:\Users\B4R3S0~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
[AmbRunE.dll.vir] -> C:\Windows\system32\AmbRunE.dll
ERROR [BabMaint.exe.vir] -> C:\Users\B4R3S0~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe


 Time : 09/05/2013 21:25:56
 --------------------------
[AmbRunE.dll.vir] -> C:\Windows\system32\AmbRunE.dll
ERROR [BabMaint.exe.vir] -> C:\Users\B4R3S0~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
[AmbRunE.dll.vir] -> C:\Windows\system32\AmbRunE.dll
ERROR [BabMaint.exe.vir] -> C:\Users\B4R3S0~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
[AmbRunE.dll.vir] -> C:\Windows\system32\AmbRunE.dll
 


Edited by lalypatzy, 09 May 2013 - 06:01 PM.


#12 lalypatzy

lalypatzy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 09 May 2013 - 01:55 PM

was infected my pc? 2 weeks ago i found am desktop remote in documents named as Default.. when i opened the file it was remote desktop connection.. never put smf like that



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 10 May 2013 - 06:29 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#14 lalypatzy

lalypatzy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 10 May 2013 - 12:34 PM

thank you!



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 10 May 2013 - 01:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users