Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit: Would like assistance with Removal


  • This topic is locked This topic is locked
27 replies to this topic

#1 K.Valkoren

K.Valkoren

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 10 May 2013 - 05:53 PM

Greetings,

 

Here are the two files asked for in the Preparation guide. I had run Malwarebytes Anti-Rootkit on it before coming here.. it claimed to have cleaned it but I still cannot turn on my network discovery. Hopefully i didn't do any damage by doing this..

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.7.2
Run by Korpen Valkoren at 17:09:35 on 2013-05-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.3238 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AASP\1.01.04\aaCenter.exe
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\dinotify.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Korpen Valkoren\Desktop\mbar\mbar.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.apu.apus.edu/login/student/index.htm
mWinlogon: Userinit = userinit.exe
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PlayNC Launcher] <no file>
uRunOnce: [DeleteMarkAny] C:\Windows\SysWOW64\MASetupCleaner.exe C:\Program Files (x86)\MarkAny\ContentSafer
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe"
mRun: [Launch PC Probe II] <no file>
mRunOnce: [Z1] cmd /c "C:\Users\Korpen Valkoren\Desktop\mbar\mbar.exe" /cleanup /s
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://join-test.webex.com/client/T27L10NSP25EP3/webex/ieatgpc1.cab
TCP: NameServer = 68.115.71.53 68.113.206.10 66.189.0.100
TCP: Interfaces\{7F061DBC-824C-4933-8E12-0D11D57C311D} : DHCPNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-7-18 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-7-18 141920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-4-29 1191408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-5-10 103064]
R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-5-10 36680]
R3 mbamswissarmy;mbamswissarmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2013-5-10 157512]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-3-31 126464]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-5-10 203672]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-4-21 121416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-27 59392]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-27 1255736]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-05-10 22:04:41 157512 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2013-05-10 22:04:41 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-10 22:04:40 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-05-10 19:13:22 -------- d-----w- C:\CrashDump
2013-05-10 19:11:35 -------- d-----w- C:\Users\Korpen Valkoren\AppData\Local\Samsung
2013-05-10 19:11:34 -------- d-----w- C:\Users\Korpen Valkoren\AppData\Roaming\Samsung
2013-05-10 19:09:13 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-05-10 19:09:13 103064 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-05-10 19:08:15 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2013-05-10 18:46:55 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-05-10 18:46:03 -------- d-----w- C:\ProgramData\Samsung
2013-05-10 18:46:03 -------- d-----w- C:\Program Files (x86)\Samsung
2013-05-10 14:30:08 -------- d-----w- C:\Program Files (x86)\Nmap
2013-05-10 03:46:00 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FF51713-060F-404D-8D51-035B97E300FB}\mpengine.dll
2013-05-09 03:43:45 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-08 03:47:52 -------- d-----w- C:\Amazon Unbox
2013-05-08 03:39:03 -------- d-----w- C:\Users\Korpen Valkoren\Dropbox
2013-05-08 01:37:38 -------- d-----w- C:\Users\Korpen Valkoren\AppData\Roaming\Awesomium
2013-05-08 00:55:29 -------- d-----w- C:\Windows\Entropia Universe
2013-05-08 00:55:29 -------- d-----w- C:\Program Files (x86)\Entropia Universe
2013-05-07 23:02:57 38224 ------w- C:\Windows\SysWow64\IJRMF.exe
2013-04-28 15:55:26 -------- d-----w- C:\Program Files\PAL
2013-04-28 15:54:20 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2013-04-26 18:17:12 -------- d-----w- C:\Program Files (x86)\Web Tools
2013-04-26 15:54:21 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-24 15:04:52 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9BDBAB2-C871-4D3A-966A-64BFEFC255CE}\gapaengine.dll
2013-04-21 18:14:34 -------- d-----w- C:\Users\Korpen Valkoren\AppData\Roaming\MotioninJoy
2013-04-21 18:14:29 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2013-04-21 18:14:29 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2013-04-21 18:14:29 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-04-21 18:14:29 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2013-04-21 18:14:29 -------- d-----w- C:\Program Files\MotioninJoy
2013-04-17 18:27:32 -------- d-----w- C:\Users\Korpen Valkoren\AppData\Roaming\webex
2013-04-17 18:27:13 -------- d-----w- C:\ProgramData\WebEx
.
==================== Find3M  ====================
.
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-10 14:27:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 14:27:47 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-19 07:44:40 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
.
============= FINISH: 17:11:00.09 ===============
 

attach.txt is attached

 

Thank you for your time and assistance.

 

K V

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:29 PM

Posted 10 May 2013 - 06:21 PM

Please run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.Verify that your system is now functioning normally.

NEXT

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 K.Valkoren

K.Valkoren
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 10 May 2013 - 09:26 PM

I've opened another window to post.. The file was so long that an hour later the forum still says "saving post" and has a green bar at the top that is still running.. It would be quicker to attach it however, even compressed it is too large to upload (max is 507 and the file is 589). I'll leave the other instance open and post it if it ever finishes. In the meantimeIs there anything else i can do? Would it be worth refreshing the other instance and trying to post again? My apologies for this. I greatly appreciate your assistance.



#4 K.Valkoren

K.Valkoren
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 10 May 2013 - 11:16 PM

I've been trying unsuccessfully to get this diagnostic posted.. it just isn't working. I'll click post and it will freeze up, come back saying saving post then it goes back to a post button.. Is there any other way I can get this 12mb (589kb zipped) file on here?



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:29 PM

Posted 11 May 2013 - 01:33 AM

Please re-run ComboFix, the file shouldn't be that large

If there is a giant section in the middle of the log that says: "snapshot" then that whole section can be removed


please advise

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 K.Valkoren

K.Valkoren
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 11 May 2013 - 09:31 AM

There was no snapshot section. The largest section was other deletions. It wiped a major amount of files from my HD. I've run it again and here is the post:

 

ComboFix 13-05-11.01 - Korpen Valkoren 05/11/2013   9:14.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.2947 [GMT -5:00]
Running from: c:\users\Korpen Valkoren\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
----- File Replicators -----
.
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\3.6.0\bin\asdoc.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\3.6.0\bin\compc.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\3.6.0\bin\copylocale.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\3.6.0\bin\digest.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\3.6.0\bin\fcsh.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\3.6.0\bin\fdb.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\3.6.0\bin\mxmlc.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\3.6.0\bin\optimizer.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\bin\asdoc.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\bin\compc.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\bin\copylocale.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\bin\digest.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\bin\fcsh.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\bin\fdb.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\bin\mxmlc.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\bin\optimizer.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\bin\swcdepends.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\bin\swfdump.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\bin\asdoc.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\bin\compc.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\bin\copylocale.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\bin\digest.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\bin\fcsh.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\bin\fdb.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\bin\mxmlc.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\bin\optimizer.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\bin\swcdepends.exe
c:\program files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\bin\swfdump.exe
c:\program files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\bin\asdoc.exe
c:\program files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\bin\compc.exe
c:\program files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\bin\copylocale.exe
c:\program files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\bin\digest.exe
c:\program files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\bin\fcsh.exe
c:\program files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\bin\fdb.exe
c:\program files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\bin\mxmlc.exe
c:\program files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\bin\optimizer.exe
c:\program files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\bin\swcdepends.exe
c:\program files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\bin\swfdump.exe
c:\program files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\vshost32.exe
c:\users\Korpen Valkoren\Desktop\TestingStuff\Week7Assignment_Lindahl\bin\Debug\Week7Assignment_Lindahl.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap06\Sales Express Solution\Sales Express Project\bin\Debug\Sales Express Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap09\Cities Solution-ForEachNext\Cities Project\bin\Debug\Cities Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap09\Cities Solution\Cities Project\bin\Debug\Cities Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap09\Cycles Galore Solution\Cycles Galore Project\bin\Debug\Cycles Galore Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap09\Sweet Tooth Solution\Sweet Tooth Project\bin\Debug\Sweet Tooth Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap09\Treasures Solution-Parallel\Treasures Project\bin\Debug\Treasures Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap09\Treasures Solution-Two-Dimensional\Treasures Project\bin\Debug\Treasures Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap09\Warren Solution\Warren Project\bin\Debug\Warren Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap10\Treasures Solution-Structure\Treasures Project\bin\Debug\Treasures Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap10\Willow Pools Solution\Willow Pools Project\bin\Debug\Willow Pools Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap11\Carpet Haven Solution\Carpet Haven Project\bin\Debug\Carpet Haven Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap11\Modified Carpet Haven Solution\Carpet Haven Project\bin\Debug\Carpet Haven Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Course Technology\DataFilesforStudents\VB2010\Chap11\Willow Pools Solution\Willow Pools Project\bin\Debug\Willow Pools Project.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek1\Splash Project\Splash Project\bin\Debug\Splash.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek3\WK3EX1\bin\Debug\WK3EX1.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek3\Wk3EX2\bin\Debug\WK3EX2.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek4\WK4EX1\bin\Debug\WK4EX1_Lindahl.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek5\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek5\WindowsApplication2\bin\Debug\WindowsApplication2.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek5\WK5EX1\bin\Debug\WK5EX1.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek5\WK5EX2\bin\Debug\WK5EX2.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek6\WK6EX1\bin\Debug\WK6EX1.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek7\WK7EX1\bin\Debug\WK7EX1.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\ENTD361LINDAHLWeek8\WK8Final\bin\Debug\WK8Final_Lindahl.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\Misc Programs\New Pay Calculator\New Pay Calculator\bin\Debug\New Pay Calculator.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD361 Ent Dev VB.NET\WK4EX1\bin\Debug\WK4EX1.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Chapter11_Projects\Chapter 11 - Building Objects\bin\Debug\Chapter 11 - Building Objects.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Chapter12_Project\Chapter 12 - Advanced Class Techniques\bin\Debug\Chapter 12 - Advanced Class Techniques.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Chapter12_Project\Favorites Tray\bin\Debug\Favorites Tray.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Chapter12_Project\Shared Properties Demo\bin\Debug\Shared Properties Demo.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Chapter15_Projects\NorthwindCustomersBindingNavigator\bin\Debug\NorthwindCustomersBindingNavigator.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Chapter15_Projects\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Chapter16_Projects\BindingExample\bin\Debug\BindingExample.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Chapter16_Projects\DataSetExample\bin\Debug\DataSetExample.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Chapter19_Projects_XML\Address Book\bin\Debug\Address Book.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Week1and2\ENTD461Wk1and2Assignment_Lindahl\bin\Debug\ENTD461Wk1and2Assignment_Lindahl.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Week1and2\TestErrorHandling\bin\Debug\TestErrorHandling.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Week3and4\Week3and4Assignment_Lindahl\bin\Debug\Week3and4Assignment_Lindahl.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Week5and6\Week5and6Assignment_Lindahl\bin\Debug\Week5and6Assignment_Lindahl.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Week7\Week7Assignment_Lindahl\bin\Debug\Week7Assignment_Lindahl.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Week8\Week8Assignment_Lindahl\bin\Debug\Week8Assignment_Lindahl.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Week8\Week8Assignment_Lindahl_Alternate\Week8Assignment_Lindahl_Alternate\bin\Debug\Week8Assignment_Lindahl_Alternate.vshost.exe
c:\users\Korpen Valkoren\Documents\School-APU\ENTD461 VB.NET ADVANCED\Week8\Week8Assignment_Lindahl_Alternate\Week8Assignment_Lindahl_Alternate\Week7\Week7Assignment_Lindahl\bin\Debug\Week7Assignment_Lindahl.vshost.exe
c:\users\Korpen Valkoren\Documents\Visual Studio 2010\Projects\Arrays Demo\bin\Debug\Arrays Demo.vshost.exe
c:\users\Korpen Valkoren\Documents\Visual Studio 2010\Projects\Constants Demo\bin\Debug\Constants Demo.vshost.exe
c:\users\Korpen Valkoren\Documents\Visual Studio 2010\Projects\Enumeration Demo\bin\Debug\Enumeration Demo.vshost.exe
c:\users\Korpen Valkoren\Documents\Visual Studio 2010\Projects\Structure Demo\bin\Debug\Structure Demo.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\arrays\arrays\bin\Debug\arrays.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\arrays\arrays\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\CalculatorForm\CalculatorForm\bin\Debug\CalculatorForm.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\CalculatorForm\CalculatorForm\bin\Debug\WindowsFormsApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Casting\Casting\bin\Debug\Casting.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Casting\Casting\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\CastingNull\CastingNull\bin\Debug\CastingNull.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\CastingNull\CastingNull\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\CheckingObjectType\CheckingObjectType\bin\Debug\CheckingObjectType.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\CheckingObjectType\CheckingObjectType\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\confirmpasswordform\confirmpasswordform\bin\Debug\confirmpasswordform.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\confirmpasswordform\confirmpasswordform\bin\Debug\WindowsFormsApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\ConsoleApplication1\ConsoleApplication1\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\CountupNCountdown\CountupNCountdown\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\CountupNCountdown\CountupNCountdown\bin\Debug\CountupNCountdown.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\DeclaringandUsingAbstractClasses\DeclaringandUsingAbstractClasses\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\DivideSomeNumbers\DivideSomeNumbers\bin\Debug\DivideSomeNumbers.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\DivideSomeNumbers\DivideSomeNumbers\bin\Debug\WindowsFormsApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Doggies\Doggies\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Doggies\Doggies\bin\Debug\Doggies.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\InheritanceAndVirtualMethods\InheritanceAndVirtualMethods\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\InheritanceAndVirtualMethods\InheritanceAndVirtualMethods\bin\Debug\InheritanceAndVirtualMethods.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\IntegerManipulator_Lindahl\IntegerManipulator_Lindahl\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\IntegerManipulator_Lindahl\IntegerManipulator_Lindahl\bin\Debug\IntegerManipulator_Lindahl.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\LocatingCharsinStrings\LocatingCharsinStrings\bin\Debug\ConsoleApplication2.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\LocatingCharsinStrings\LocatingCharsinStrings\bin\Debug\LocatingCharsinStrings.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\NamePropertiesFieldsandGetsSets\NamePropertiesFieldsandGetsSets\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\NamePropertiesFieldsandGetsSets\NamePropertiesFieldsandGetsSets\bin\Debug\NamePropertiesFieldsandGetsSets.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\PartialClasses\PartialClasses\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\PartialClasses\PartialClasses\bin\Debug\PartialClasses.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\simplepLoginForm\simplepLoginForm\bin\Debug\simplepLoginForm.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\simplepLoginForm\simplepLoginForm\bin\Debug\WindowsFormsApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\System.ConsoleStuff\System.ConsoleStuff\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\System.ConsoleStuff\System.ConsoleStuff\bin\Debug\System.ConsoleStuff.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\WebBrowser\WebBrowser\bin\Debug\WebBrowser.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\WebBrowser\WebBrowser\bin\Debug\WindowsFormsApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week1Assignment3_Lindahl\Week1Assignment3_Lindahl\bin\Debug\Week1Assignment3_Lindahl.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week1Assignment3_Lindahl\Week1Assignment3_Lindahl\bin\Debug\WindowsFormsApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week2Assignment1_Lindahl\ConsoleApplication1\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week2Assignment2_Lindahl\Week2Assignment2_Lindahl\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week2Assignment2_Lindahl\Week2Assignment2_Lindahl\bin\Debug\Week2Assignment2_Lindahl.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week2Assignment3_Lindahl\WindowsFormsApplication2\bin\Debug\WindowsFormsApplication2.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week3Assignment1_Lindahl\Week3Assignment1_Lindahl\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week3Assignment1_Lindahl\Week3Assignment1_Lindahl\bin\Debug\Week3Assignment1_Lindahl.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week3Assignment2_Lindahl\Week3Assignment2_Lindahl\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week3Assignment2_Lindahl\Week3Assignment2_Lindahl\bin\Debug\Week3Assignment2_Lindahl.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week4Assignment1_Lindahl\Week4Assignment1_Lindahl\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week4Assignment1_Lindahl\Week4Assignment1_Lindahl\bin\Debug\Week4Assignment1_Lindahl.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week4Assignment2_Lindahl\Week4Assignment2_Lindahl\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week4Assignment2_Lindahl\Week4Assignment2_Lindahl\bin\Debug\Week4Assignment2_Lindahl.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week5Assignment1_Lindahl\Week5Assignment1_Lindahl\bin\Debug\ConsoleApplication2.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week5Assignment1_Lindahl\Week5Assignment1_Lindahl\bin\Debug\Week5Assignment1_Lindahl.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week5Assignment1_LindahlR\Week5Assignment1_LindahlR\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week5Assignment1_LindahlR\Week5Assignment1_LindahlR\bin\Debug\Week5Assignment1_LindahlR.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week5Assignment2_Lindahl\Week5Assignment2_Lindahl\bin\Debug\Week5Assignment2_Lindahl.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Week5Assignment2_Lindahl\Week5Assignment2_Lindahl\bin\Debug\WindowsFormsApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Welcome2CSC202_Lindahl\Welcome2CSC202_Lindahl\bin\Debug\ConsoleApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\Welcome2CSC202_Lindahl\Welcome2CSC202_Lindahl\bin\Debug\Welcome2CSC202_Lindahl.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\whatAreYou\whatAreYou\bin\Debug\whatAreYou.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\whatAreYou\whatAreYou\bin\Debug\WindowsFormsApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\whileLoop\whileLoop\bin\Debug\whileLoop.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\whileLoop\whileLoop\bin\Debug\WindowsFormsApplication1.vshost.exe
c:\users\Korpen\Documents\Visual Studio 2010\Projects\WindowsFormsApplication1\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe
c:\websites\JOBTEST\ConsoleApplication1\ConsoleApplication1\bin\Debug\ConsoleApplication1.vshost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-11 to 2013-05-11  )))))))))))))))))))))))))))))))
.
.
2013-05-11 08:16 . 2013-05-11 08:16 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C053FF29-F6CE-42F3-949F-EC5B49F48B7C}\offreg.dll
2013-05-11 08:16 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C053FF29-F6CE-42F3-949F-EC5B49F48B7C}\mpengine.dll
2013-05-11 01:20 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-10 22:04 . 2013-05-10 22:04 -------- d-----w- c:\programdata\Malwarebytes
2013-05-10 19:13 . 2013-05-10 19:13 -------- d-----w- C:\CrashDump
2013-05-10 19:11 . 2013-05-10 19:11 -------- d-----w- c:\users\Korpen Valkoren\AppData\Local\Samsung
2013-05-10 19:11 . 2013-05-10 21:09 -------- d-----w- c:\users\Korpen Valkoren\AppData\Roaming\Samsung
2013-05-10 19:09 . 2013-04-03 07:58 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-05-10 19:09 . 2013-04-03 07:58 103064 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-05-10 19:08 . 2013-05-10 19:08 -------- d-----w- c:\program files (x86)\MyFree Codec
2013-05-10 18:46 . 2013-04-19 00:08 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2013-05-10 18:46 . 2013-05-10 21:09 -------- d-----w- c:\program files (x86)\Samsung
2013-05-10 18:46 . 2013-05-10 21:09 -------- d-----w- c:\programdata\Samsung
2013-05-10 14:30 . 2013-05-10 14:30 -------- d-----w- c:\program files (x86)\Nmap
2013-05-08 03:47 . 2013-05-08 03:47 -------- d-----w- C:\Amazon Unbox
2013-05-08 03:39 . 2013-05-08 03:39 -------- d-----w- c:\users\Korpen Valkoren\Dropbox
2013-05-08 01:37 . 2013-05-08 01:37 -------- d-----w- c:\users\Korpen Valkoren\AppData\Roaming\Awesomium
2013-05-08 00:56 . 2013-05-09 04:06 -------- d-----w- c:\users\Public\entropia universe
2013-05-08 00:55 . 2013-05-08 01:37 -------- d-----w- c:\program files (x86)\Entropia Universe
2013-05-08 00:55 . 2013-05-08 00:55 -------- d-----w- c:\windows\Entropia Universe
2013-05-07 23:02 . 2010-03-02 17:14 38224 ------w- c:\windows\SysWow64\IJRMF.exe
2013-04-28 15:55 . 2013-04-28 15:55 -------- d-----w- c:\program files\PAL
2013-04-28 15:54 . 2013-04-28 15:54 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2013-04-26 18:17 . 2013-04-26 18:17 -------- d-----w- c:\program files (x86)\Web Tools
2013-04-26 15:54 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-24 15:04 . 2013-04-24 15:04 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9BDBAB2-C871-4D3A-966A-64BFEFC255CE}\gapaengine.dll
2013-04-22 16:45 . 2013-04-22 17:07 -------- d-----w- c:\users\TEMP.IIS APPPOOL.014
2013-04-21 18:14 . 2013-04-21 18:14 -------- d-----w- c:\users\Korpen Valkoren\AppData\Roaming\MotioninJoy
2013-04-21 18:14 . 2013-04-21 18:14 -------- d-----w- c:\program files\MotioninJoy
2013-04-21 18:14 . 2012-05-12 17:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2013-04-21 18:14 . 2011-12-08 00:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2013-04-21 18:14 . 2011-12-08 00:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2013-04-21 18:14 . 2011-12-08 00:42 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-04-17 18:27 . 2013-04-17 21:41 -------- d-----w- c:\users\Korpen Valkoren\AppData\Roaming\webex
2013-04-17 18:27 . 2013-04-17 18:27 -------- d-----w- c:\programdata\WebEx
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:29 . 2011-11-27 17:31 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-10 14:27 . 2012-05-11 12:03 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 14:27 . 2011-11-29 17:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 06:54 . 2011-12-04 19:17 2501984 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-04-10 06:48 . 2011-11-27 20:32 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-19 06:04 . 2013-04-10 06:45 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 06:45 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 06:45 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 06:45 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 06:45 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 06:45 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 06:46 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-26 05:32 . 2013-02-26 05:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-26 05:32 . 2013-01-09 01:55 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-26 05:32 . 2012-12-20 04:54 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-26 05:32 . 2013-02-26 05:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-26 05:32 . 2011-11-27 20:05 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-26 05:32 . 2012-08-27 14:41 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-26 05:32 . 2011-11-27 20:05 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-26 05:32 . 2013-02-26 05:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-26 05:32 . 2013-02-26 05:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-26 05:32 . 2013-02-26 05:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-26 05:32 . 2013-02-26 05:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-26 05:32 . 2013-02-26 05:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-26 05:32 . 2012-10-11 03:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-26 05:32 . 2013-02-26 05:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-26 05:32 . 2013-02-26 05:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-26 05:32 . 2013-02-26 05:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-26 05:32 . 2013-02-26 05:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-26 05:32 . 2013-02-26 05:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-26 05:32 . 2013-02-26 05:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-26 05:32 . 2013-02-26 05:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-26 05:32 . 2013-02-26 05:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-22 06:57 . 2013-04-10 06:47 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 06:47 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 06:47 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 06:47 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 06:47 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 06:47 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 06:47 237056 ----a-w- c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 06:47 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 06:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 06:47 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 06:47 816640 ----a-w- c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 06:47 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 06:47 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 06:47 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 06:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 06:47 248320 ----a-w- c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 06:47 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 06:47 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 06:47 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 06:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 06:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 06:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-15 06:08 . 2013-04-10 06:46 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 06:46 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 06:46 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 06:46 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 06:46 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 06:46 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-02-12 05:45 . 2013-03-14 15:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 15:28 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 15:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 15:28 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 15:28 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 15:28 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-14 15:28 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-19 07:44 . 2013-01-19 07:44 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QFan Help"="c:\program files (x86)\ASUS\Fan Xpert\QFanHelp.exe" [2010-04-19 611968]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2011-11-23 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-04-29 1191408]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-04-03 103064]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-04-03 203672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-27 1255736]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-07-18 210016]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-07-18 141920]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20 01:26]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20 01:26]
.
2013-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2174878378-1556292870-2953857928-1001Core.job
- c:\users\Korpen Valkoren\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 20:52]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2174878378-1556292870-2953857928-1001UA.job
- c:\users\Korpen Valkoren\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 20:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.apu.apus.edu/login/student/index.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Mozilla Firefox 20.0.1 (x86 en-US) - c:\program files (x86)\C\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
AddRemove-Saxon-HE 9.4.0.4_is1 - c:\program files\Saxonica\SaxonHE9.4N\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
   71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
   55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
   03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
   33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{DDA57003-0068-4ED2-9D32-4D1EC707D94D}"=hex:51,66,7a,6c,4c,1d,38,12,6d,73,b6,
   d9,5a,4e,bc,0b,e2,24,0e,5e,c2,59,9d,59
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
   25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{5802D092-1784-4908-8CDB-99B6842D353D}"=hex:51,66,7a,6c,4c,1d,38,12,fc,d3,11,
   5c,b6,59,66,0c,f3,cd,da,f6,81,73,71,29
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:86,b5,de,c2,e4,ab,cd,01
.
[HKEY_USERS\S-1-5-21-2174878378-1556292870-2953857928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2174878378-1556292870-2953857928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-11  09:24:15
ComboFix-quarantined-files.txt  2013-05-11 14:23
.
Pre-Run: 224,311,201,792 bytes free
Post-Run: 223,940,399,104 bytes free
.
- - End Of File - - 7D98A633956526FAD939B114B67834E1
 

Thank you for all of your assistance.

 

KV



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:29 PM

Posted 11 May 2013 - 12:20 PM

It wiped a major amount of files from my HD.


they were likely file replicators
----- File Replicators -----

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 K.Valkoren

K.Valkoren
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 11 May 2013 - 10:46 PM

Wanted to give you an update. (Posting from my phone)

Jrt, adwcleaner, and malwarebytes have all run. As far as i can tell they found nothing. Eset is almost 7 hours into its scan. Unfortunately it has found somethings. i have a backup drive which is what it is scanning now (c drive is done) it would appear my backup drive was also infected.

I will post the logs as soon as eset is done (assuming i'm awake)/i can. Can u recommend a worthy antivirus solution for daily use? MS Security essentials didnt/doesnt seem to be working out.

Your time and assistance are greatly appreciated.

KV

#9 K.Valkoren

K.Valkoren
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 12 May 2013 - 01:18 PM

Finally, over 20hours later ESET finished. Here are the logs(1 attached).

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Korpen Valkoren on Sat 05/11/2013 at 15:24:33.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\Users\Korpen Valkoren\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Program Files (x86)\freerip3"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/11/2013 at 15:26:38.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

MalwareBytes

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.11.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Korpen Valkoren :: NIGHTMAREZ [administrator]

5/11/2013 3:33:45 PM
mbam-log-2013-05-11 (15-33-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 529685
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

ESET

 

C:\Users\Korpen Valkoren\Downloads\cbsidlm-tr1_13-QuickZIP-ORG-75451305.exe Win32/DownloadAdmin.G application
C:\Users\Korpen Valkoren\Downloads\QuickZIPSetup.exe Win32/Toolbar.Babylon application
E:\NIGHTMAREZ\Backup Set 2012-10-26 175515\Backup Files 2012-10-26 175515\Backup files 98.zip multiple threats
E:\NIGHTMAREZ\Backup Set 2013-01-06 050003\Backup Files 2013-01-06 050003\Backup files 101.zip multiple threats
E:\NIGHTMAREZ\Backup Set 2013-01-06 050003\Backup Files 2013-01-06 050003\Backup files 233.zip multiple threats
E:\NIGHTMAREZ\Backup Set 2013-01-06 050003\Backup Files 2013-02-03 050007\Backup files 16.zip multiple threats

 

 

Your assistance and time are most appreciated,

 

KV

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:29 PM

Posted 12 May 2013 - 04:55 PM

Delete these installer files if you no longer need them as they are bundled with adware, the other detections are in your backup sets, so once we are done here, create a new back up set and delete those old one.

C:\Users\Korpen Valkoren\Downloads\cbsidlm-tr1_13-QuickZIP-ORG-75451305.exe
C:\Users\Korpen Valkoren\Downloads\QuickZIPSetup.exe

I personally use MSE along with MBAM Pro, but there are other free antivirus products which are also very good.

Avast and Avira, it's a matter of personal preference, for a paid product, ESET and Kaspersky are very good. No matter what antivirus product you choose, you still have to be vigilant as no one product can stop everything as malware is always evolving.

Is your network discovery now working,

run the Malwarebytes antirootkit one more time, post the new logs


advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 K.Valkoren

K.Valkoren
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 12 May 2013 - 05:30 PM

My Network Discovery works.

 

Ran the anti-root kit. Here is the log:

 

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Korpen Valkoren :: NIGHTMAREZ [administrator]

5/12/2013 5:20:26 PM
mbar-log-2013-05-12 (17-20-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 33877
Time elapsed: 11 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

Thank you for your assistance, advice, and time throughout this process. It has been much appreciated.

 

KV



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:29 PM

Posted 12 May 2013 - 06:55 PM

javaicon.gif
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version
  • Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.
Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if there are - remove them.


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 K.Valkoren

K.Valkoren
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 12 May 2013 - 09:14 PM

Java will not install. First it said Java\jre1.7..0.21\java_sp.dll is corrupt. I tried a few different times and another time it said something about Java SE Binary coudn't install.. a third time I just got the Microsoft popup saying it didn't work click to search for a solution. Fourth time I got the .dll corrupt again.

 

Also, My Microsoft Word is not working properly. I cannot open any files from a folder. None show previews and the only way to open them is by opening Word then going through file>open and opening form there.

 

My Steam(Gaming application steampowered.com) application give an odd popup about enacting a service. I click Cancel and it works just fine without the "service".

 

Thanks,

 

KV



#14 K.Valkoren

K.Valkoren
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 12 May 2013 - 09:44 PM

I got Java installed using an offline installation. The other programs are still messed up.

Thanks,
KV

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:29 PM

Posted 12 May 2013 - 10:10 PM

For Word

Go to Start > Control panel > Programs and Features > scroll down to the Microsoft Office Installation > click "change"

click "repair" and allow the setup files to repair the installation


(this tutorial is for problems with Claro, but it gives detailed instructions on how to repair word about halfway down the page:
http://www.help.clarosoftwaredownloads.com/?p=4


As for the Steam program, a total uninstall then reinstall is likely needed.

Please let me know how that goes.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users