Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware found in RogueKiller - Possible RootZeroAccess


  • This topic is locked This topic is locked
6 replies to this topic

#1 InfectedZombie

InfectedZombie

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 11 May 2013 - 08:34 AM

Hi, I can't seem to remove a possible trojan/virus.  I removed a win32/Downloadadmin.g from EST scanner.  In addition to, my router is having dos scan/attack and ip spoofing in the past two days of infection. I attached Roguekiller's log as well.    

 

Please assist.. thank you.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537
Run by OmniDeus at 6:07:10 on 2013-05-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2512 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\ehome\ehRec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Users\OmniDeus\Downloads\RogueKiller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - 
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - 
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3ACA83DD-28A0-408F-B4EE-EF5F4051726C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E32EA681-BFD7-4CFE-A887-7C59272F6D9B} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - 
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - 
x64-Run: [ISW] <no file>
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\OmniDeus\AppData\Roaming\Mozilla\Firefox\Profiles\kp3ikscx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.vn/
FF - ExtSQL: 2013-05-08 02:10; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\OmniDeus\AppData\Roaming\Mozilla\Firefox\Profiles\kp3ikscx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-08 09:49; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-05-08 09:49; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-05-08 09:49; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-05-08 23:55; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-05-08 23:55; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-05-11 02:54; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 55056]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-5-11 140672]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-7 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-8 1255736]
.
=============== Created Last 30 ================
.
2013-05-11 12:54:51 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-11 12:47:29 -------- d-----w- C:\Comfix4350C
2013-05-11 12:40:09 -------- d-----w- C:\Comfix
2013-05-11 11:26:16 -------- d-----w- C:\Windows\System32\catroot2
2013-05-11 11:06:59 -------- d-----w- C:\RegBackup
2013-05-11 10:37:42 -------- d-----w- C:\ComboFix
2013-05-11 10:22:32 98816 ----a-w- C:\Windows\sed.exe
2013-05-11 10:22:32 256000 ----a-w- C:\Windows\PEV.exe
2013-05-11 10:22:32 208896 ----a-w- C:\Windows\MBR.exe
2013-05-11 09:55:02 -------- d-----w- C:\Users\OmniDeus\AppData\Roaming\CheckPoint
2013-05-11 09:54:43 -------- d-----w- C:\Program Files\CheckPoint
2013-05-11 09:53:52 -------- d-----w- C:\Program Files (x86)\CheckPoint
2013-05-11 09:51:09 -------- d-----w- C:\ProgramData\CheckPoint
2013-05-11 08:15:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-11 02:52:08 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-10 19:42:20 -------- d-----w- C:\Windows\ERUNT
2013-05-10 19:42:13 -------- d-----w- C:\JRT
2013-05-10 10:02:38 83096 ----a-w- C:\Windows\SysWow64\SSSensor.dll
2013-05-10 10:02:35 -------- d-----w- C:\Program Files (x86)\Sygate
2013-05-10 10:02:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-05-10 06:50:56 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-05-10 06:50:53 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{457A160F-4CC6-4171-BBB6-35370D7784ED}\mpengine.dll
2013-05-10 05:29:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-05-10 05:29:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-05-09 13:40:01 13382056 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2013-05-09 13:40:00 922576 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2013-05-09 13:40:00 6276504 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2013-05-09 13:37:41 -------- d-----w- C:\Program Files\Realtek
2013-05-09 13:13:45 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Innovative Solutions
2013-05-09 12:09:06 -------- d-----w- C:\Program Files\CCleaner
2013-05-09 11:43:39 9728 ----a-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-09 11:03:30 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2013-05-09 11:01:05 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-05-09 06:41:11 64856 ----a-w- C:\Windows\System32\klfphc.dll
2013-05-09 06:40:12 -------- d-----w- C:\Windows\ELAMBKUP
2013-05-09 06:40:01 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-05-09 06:39:52 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-05-09 06:01:15 -------- d-----w- C:\Windows\System32\SPReview
2013-05-09 06:00:22 -------- d-----w- C:\Windows\System32\EventProviders
2013-05-09 03:50:11 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2013-05-09 03:50:11 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-05-09 03:50:01 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2013-05-09 03:48:59 457216 ----a-w- C:\Windows\System32\msdrm.dll
2013-05-09 03:47:59 932352 ----a-w- C:\Windows\SysWow64\printui.dll
2013-05-09 03:46:59 692736 ----a-w- C:\Windows\SysWow64\bthprops.cpl
2013-05-09 03:45:59 8192 ----a-w- C:\Windows\System32\KBDTUQ.DLL
2013-05-09 03:44:26 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-05-09 03:44:25 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-05-09 03:44:20 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2013-05-09 03:21:22 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2013-05-09 03:21:22 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-05-09 03:21:22 331776 ----a-w- C:\Windows\System32\oleacc.dll
2013-05-09 03:21:22 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2013-05-09 03:21:10 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2013-05-09 03:21:10 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-05-09 03:21:09 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-05-09 03:21:09 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-05-09 03:21:06 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-05-09 03:21:06 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-05-09 01:22:57 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Macromedia
2013-05-09 00:35:18 -------- d-----w- C:\Windows\SysWow64\Wat
2013-05-09 00:35:18 -------- d-----w- C:\Windows\System32\Wat
2013-05-08 19:10:26 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-05-08 19:10:26 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-05-08 19:10:25 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-05-08 19:10:25 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-05-08 18:45:03 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-05-08 18:45:03 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-05-08 18:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-05-08 18:45:03 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-05-08 18:45:03 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-05-08 18:45:03 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-05-08 18:43:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-05-08 18:43:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-05-08 18:43:55 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-05-08 18:43:55 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-05-08 18:43:54 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-05-08 18:43:54 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-05-08 18:43:54 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-05-08 18:38:41 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-05-08 18:38:41 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-05-08 18:38:41 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-05-08 18:38:40 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-05-08 18:38:40 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-05-08 18:26:26 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-08 18:26:26 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-08 17:33:18 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2013-05-08 17:33:14 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-05-08 17:33:14 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-05-08 17:33:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-05-08 17:33:11 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-05-08 17:33:09 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-05-08 17:33:09 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-05-08 17:33:09 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-05-08 17:33:09 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-05-08 17:32:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-05-08 17:32:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-05-08 17:32:18 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-05-08 17:30:57 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-08 17:29:55 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-05-08 17:28:49 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-05-08 17:27:36 220160 ----a-w- C:\Windows\System32\wintrust.dll
2013-05-08 17:26:50 2871808 ----a-w- C:\Windows\explorer.exe
2013-05-08 17:25:41 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-05-08 17:24:35 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2013-05-08 17:24:35 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2013-05-08 17:24:35 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2013-05-08 17:24:14 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2013-05-08 17:24:14 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2013-05-08 17:24:14 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2013-05-08 17:24:10 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-05-08 17:24:10 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-05-08 17:22:31 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-05-08 17:22:30 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-05-08 17:22:08 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-05-08 17:22:08 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2013-05-08 17:22:04 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2013-05-08 17:22:03 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2013-05-08 17:22:03 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2013-05-08 17:22:02 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2013-05-08 17:21:46 33792 ----a-w- C:\Windows\System32\profprov.dll
2013-05-08 17:21:46 209920 ----a-w- C:\Windows\System32\profsvc.dll
2013-05-08 17:21:22 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-05-08 17:19:57 67072 ----a-w- C:\Windows\splwow64.exe
2013-05-08 17:19:57 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-05-08 17:19:18 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-08 17:19:18 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-08 17:19:18 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-08 17:19:18 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-08 17:19:18 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-08 17:19:17 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-08 16:53:24 77312 ----a-w- C:\Windows\System32\packager.dll
2013-05-08 16:53:24 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-05-08 15:25:33 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2013-05-08 15:16:17 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2013-05-08 15:10:12 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-05-08 15:04:56 -------- d-----w- C:\ProgramData\HitmanPro
2013-05-08 13:49:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-08 13:49:35 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-08 13:12:16 -------- d-----w- C:\Users\OmniDeus\AppData\Local\ElevatedDiagnostics
2013-05-08 10:28:48 -------- d-----w- C:\Users\OmniDeus\AppData\Roaming\LolClient
2013-05-08 09:20:15 -------- d-----w- C:\Windows\System32\appmgmt
2013-05-08 09:04:12 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Mozilla
2013-05-08 09:04:01 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-08 09:03:41 -------- d-----w- C:\Program Files (x86)\Aurora
2013-05-08 09:01:35 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Spotify
2013-05-08 09:01:17 -------- d-----w- C:\Users\OmniDeus\AppData\Roaming\Spotify
2013-05-08 04:54:03 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Apple Computer
2013-05-08 04:53:55 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-05-08 04:53:14 -------- d-----w- C:\Program Files\iPod
2013-05-08 04:53:11 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-08 04:53:11 -------- d-----w- C:\Program Files\iTunes
2013-05-08 04:53:11 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-08 04:52:37 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Apple
2013-05-08 02:50:43 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2013-05-08 02:50:43 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2013-05-08 02:50:43 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2013-05-08 02:50:43 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2013-05-08 02:50:42 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2013-05-08 02:46:54 -------- d-----w- C:\Riot Games
2013-05-08 01:00:40 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-05-08 00:06:48 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Diagnostics
2013-05-07 20:04:50 -------- d-----w- C:\Windows\Panther
2013-05-07 19:57:20 -------- d-----w- C:\Users\OmniDeus\.swt
2013-05-07 19:56:10 -------- d-----w- C:\Users\OmniDeus\AppData\Roaming\Malwarebytes
2013-05-07 19:55:45 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-07 19:55:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-07 19:55:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-07 19:50:07 -------- d-----w- C:\Users\OmniDeus\AppData\Roaming\SUPERAntiSpyware.com
2013-05-07 19:49:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-05-07 19:49:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-05-07 19:47:39 -------- d-----w- C:\Users\OmniDeus\AppData\Roaming\uTorrent
2013-05-07 19:32:06 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-07 19:31:12 -------- d-----w- C:\Users\OmniDeus\AppData\Roaming\NVIDIA
2013-05-07 19:28:11 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Logitech
2013-05-07 19:23:24 31672 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-05-07 19:23:24 2921288 ----a-w- C:\Windows\System32\nvapi64.dll
2013-05-07 19:23:24 27765536 ----a-w- C:\Windows\System32\nvoglv64.dll
2013-05-07 19:23:24 2585496 ----a-w- C:\Windows\SysWow64\nvapi.dll
2013-05-07 19:23:24 194488 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-05-07 19:23:24 1807136 ----a-w- C:\Windows\System32\nvdispco6431422.dll
2013-05-07 19:23:24 15876728 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2013-05-07 19:23:24 1510328 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-05-07 19:23:24 1510176 ----a-w- C:\Windows\System32\nvdispgenco6431422.dll
2013-05-07 19:23:24 12417464 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2013-05-07 19:23:24 1055952 ----a-w- C:\Windows\System32\nvumdshimx.dll
2013-05-07 19:22:54 -------- d-----w- C:\NVIDIA
2013-05-07 19:21:00 -------- d-sh--w- C:\Windows\Installer
2013-05-07 19:19:48 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-05-07 19:19:48 6488352 ----a-w- C:\Windows\System32\nvcpl.dll
2013-05-07 19:19:48 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-05-07 19:19:48 3511072 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-05-07 19:19:48 3122645 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-05-07 19:19:48 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-05-07 19:19:48 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-05-07 19:19:38 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-05-07 19:19:38 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-05-07 19:19:25 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-05-07 19:19:23 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-05-07 19:19:23 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-05-07 19:18:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-05-07 19:18:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-05-07 19:18:05 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-05-07 19:18:05 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2013-05-07 19:18:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-05-07 19:16:40 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Google
2013-05-07 19:16:34 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Deployment
2013-05-07 19:16:34 -------- d-----w- C:\Users\OmniDeus\AppData\Local\Apps
2013-05-07 19:15:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-05-07 19:15:13 99840 ----a-w- C:\Windows\System32\wudriver.dll
.
==================== Find3M  ====================
.
2013-05-09 11:43:39 9728 ----a-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-09 06:54:39 55056 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2013-05-09 06:54:39 29528 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2013-05-09 06:54:39 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys
2013-05-09 06:54:38 29016 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2013-05-09 06:24:10 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-09 06:24:10 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-05-07 19:27:41 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-04 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-17 16:21:30 3649536 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2013-02-26 07:32:38 1814304 ----a-w- C:\Windows\System32\nvdispco64.dll
2013-02-26 07:32:32 1510176 ----a-w- C:\Windows\System32\nvdispgenco64.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH:  6:07:37.34 ===============
 

 

 


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OmniDeus [Admin rights]
Mode : Scan -- Date : 05/11/2013 06:23:25
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HD753LJ SCSI Disk Device +++++
--- User ---
[MBR] e4d16c5a1b08ade2350e037f370667fb
[BSP] 7704911ce83ff05ed409e6002a568fd9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
+++++ PhysicalDrive1: SAMSUNG HD753LJ SCSI Disk Device +++++
--- User ---
[MBR] 2e7bf37e2cc6b0f7057ad8b27be84c05
[BSP] e411f54bbde00ea8d1a4fec2f1db6f31 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 Mo
1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 Mo
2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 Mo
3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[1]_S_05112013_02d0623.txt >>
RKreport[1]_S_05112013_02d0623.txt

Attached Files


Edited by InfectedZombie, 12 May 2013 - 02:59 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 14 May 2013 - 10:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 InfectedZombie

InfectedZombie
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 14 May 2013 - 01:27 PM

Hi Nasdaq and thank you. I found some win32/DownloadAdmin.G and Rogue St with virus scanners the other day and removed them.    

 

Here are the logs:

 

 

Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.7.700.169  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````
 WinPatrol winpatrol.exe 
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log``````````````````````
 

 

 
=====================================================
AdwCleaner v2.300 - Logfile created 05/14/2013 at 11:17:07
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : OmniDeus - OMNIDEUS-PC
# Boot Mode : Normal
# Running from : C:\Users\OmniDeus\Downloads\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\ProgramData\InstallMate
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v [Unable to get version]
 
File : C:\Users\OmniDeus\AppData\Roaming\Mozilla\Firefox\Profiles\kp3ikscx.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\OmniDeus\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R10].txt - [963 octets] - [13/05/2013 03:45:18]
AdwCleaner[R11].txt - [937 octets] - [14/05/2013 11:17:07]
 
########## EOF - C:\AdwCleaner[R11].txt - [997 octets] ##########
 
=========================================================
 

ComboFix 13-05-14.01 - OmniDeus 05/14/2013  11:21:03.7.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.1989 [GMT -7:00]
Running from: c:\users\OmniDeus\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\OmniDeus\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\OmniDeus\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-14 to 2013-05-14  )))))))))))))))))))))))))))))))
.
.
2013-05-14 18:24 . 2013-05-14 18:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 08:05 . 2013-04-17 13:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7817938-3633-448B-B3A8-3289EBFE7C9E}\mpengine.dll
2013-05-13 20:09 . 2013-05-13 20:09 -------- d-----w- c:\program files (x86)\BillP Studios
2013-05-13 20:09 . 2013-05-13 20:09 -------- d-----w- c:\programdata\InstallMate
2013-05-13 19:04 . 2013-05-13 19:04 -------- d-----w- c:\programdata\Sophos
2013-05-13 18:31 . 2013-05-14 11:07 -------- d-----w- c:\program files\PeerBlock
2013-05-13 04:24 . 2013-05-13 04:24 -------- d-----w- c:\program files (x86)\Aurora
2013-05-11 11:26 . 2013-05-11 11:42 -------- d-----w- c:\windows\system32\catroot2
2013-05-11 09:54 . 2013-05-11 11:37 -------- d-----w- c:\program files\CheckPoint
2013-05-11 09:53 . 2013-05-11 11:04 -------- d-----w- c:\program files (x86)\CheckPoint
2013-05-11 09:51 . 2013-05-11 11:03 -------- d-----w- c:\programdata\CheckPoint
2013-05-11 08:15 . 2013-05-13 11:27 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-11 02:52 . 2013-05-11 02:52 -------- d-----w- c:\program files (x86)\ESET
2013-05-10 19:42 . 2013-05-10 19:42 -------- d-----w- c:\windows\ERUNT
2013-05-10 19:42 . 2013-05-11 03:55 -------- d-----w- C:\JRT
2013-05-10 10:02 . 2004-10-16 01:32 83096 ----a-w- c:\windows\SysWow64\SSSensor.dll
2013-05-10 10:02 . 2013-05-10 10:02 -------- d-----w- c:\program files (x86)\Sygate
2013-05-10 10:02 . 2013-05-10 10:02 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-05-10 05:29 . 2013-05-10 06:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-05-10 05:29 . 2013-05-10 06:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-09 13:40 . 2013-04-19 05:24 13382056 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-05-09 13:40 . 2013-04-19 05:24 922576 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-05-09 13:40 . 2013-04-19 05:24 6276504 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-05-09 13:37 . 2013-05-09 13:37 -------- d-----w- c:\program files\Realtek
2013-05-09 12:09 . 2013-05-09 12:09 -------- d-----w- c:\program files\CCleaner
2013-05-09 11:43 . 2013-05-09 11:43 9728 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-09 11:03 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2013-05-09 11:01 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-05-09 06:41 . 2012-07-12 00:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-05-09 06:40 . 2013-05-09 06:40 -------- d-----w- c:\windows\ELAMBKUP
2013-05-09 06:40 . 2013-05-09 06:40 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-05-09 06:39 . 2013-05-09 06:54 90208 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-05-09 06:39 . 2013-05-09 06:54 620128 ----a-w- c:\windows\system32\drivers\klif.sys
2013-05-09 06:01 . 2013-05-09 06:01 -------- d-----w- c:\windows\system32\SPReview
2013-05-09 06:00 . 2013-05-09 06:00 -------- d-----w- c:\windows\system32\EventProviders
2013-05-09 03:50 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-05-09 03:50 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-05-09 03:50 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2013-05-09 03:48 . 2010-11-20 13:27 457216 ----a-w- c:\windows\system32\msdrm.dll
2013-05-09 03:47 . 2010-11-20 13:27 235520 ----a-w- c:\windows\system32\onex.dll
2013-05-09 03:46 . 2010-11-20 12:21 19456 ----a-w- c:\windows\SysWow64\sisbkup.dll
2013-05-09 03:45 . 2010-11-20 13:02 8192 ----a-w- c:\windows\system32\KBDTUQ.DLL
2013-05-09 03:44 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-05-09 03:44 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-05-09 03:44 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-05-09 03:21 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2013-05-09 03:21 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2013-05-09 03:21 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2013-05-09 03:21 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2013-05-09 03:21 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-05-09 03:21 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2013-05-09 03:21 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-05-09 03:21 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-05-09 03:21 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-05-09 03:21 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-05-09 01:50 . 2013-05-09 01:50 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-05-09 00:35 . 2013-05-09 00:35 -------- d-----w- c:\windows\SysWow64\Wat
2013-05-09 00:35 . 2013-05-09 00:35 -------- d-----w- c:\windows\system32\Wat
2013-05-08 20:54 . 2013-04-02 02:58 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-05-08 19:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-05-08 19:10 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-05-08 19:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-05-08 19:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-05-08 18:45 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-05-08 18:45 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-05-08 18:45 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-05-08 18:45 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-05-08 18:45 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-05-08 18:45 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-05-08 18:43 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-05-08 18:43 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-05-08 18:43 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-05-08 18:43 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-05-08 18:43 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-05-08 18:43 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-05-08 18:43 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-05-08 18:38 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-05-08 18:38 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-05-08 18:38 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-05-08 18:38 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-05-08 18:38 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-05-08 18:26 . 2013-05-08 18:25 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-08 18:26 . 2013-05-08 18:25 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-08 18:25 . 2013-05-08 18:25 -------- d-----w- c:\programdata\McAfee
2013-05-08 17:33 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-05-08 17:33 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2013-05-08 17:33 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-05-08 17:33 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-05-08 17:33 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-05-08 17:33 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-05-08 17:33 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-05-08 17:33 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-05-08 17:33 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-05-08 17:33 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-05-08 17:32 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-05-08 17:32 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-05-08 17:32 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-05-08 17:30 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 17:29 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-05-08 17:28 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-05-08 17:27 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2013-05-08 17:26 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2013-05-08 17:25 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2013-05-08 17:24 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2013-05-08 17:24 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2013-05-08 17:24 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2013-05-08 17:24 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-05-08 17:24 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2013-05-08 17:24 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-05-08 17:24 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2013-05-08 17:24 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2013-05-08 17:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-05-08 17:22 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2013-05-08 17:22 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2013-05-08 17:22 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-05-08 17:22 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2013-05-08 17:22 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2013-05-08 17:22 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2013-05-08 17:22 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2013-05-08 17:22 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2013-05-08 17:21 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-05-08 17:21 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll
2013-05-08 17:21 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2013-05-08 17:19 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-05-08 17:19 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-09 06:54 . 2012-08-13 23:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-05-09 06:54 . 2012-07-25 21:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-05-09 06:54 . 2012-06-08 18:38 55056 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-05-09 06:54 . 2012-05-26 02:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-05-09 06:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-05-09 06:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-02-26 07:32 . 2013-02-26 07:32 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-26 07:32 . 2013-02-26 07:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"Spotify Web Helper"="c:\users\OmniDeus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-08 1105408]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
"F.lux"="c:\users\OmniDeus\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-05-09 356376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-08 1255736]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-09 55056]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-05-09 178448]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-13 140672]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-05-09 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-05-09 29528]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2013-01-17 66800]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-07 19:20 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-08 21:08]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07 19:16]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07 19:16]
.
2013-05-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0ba57018-c5d3-4abc-8f97-173204a986c0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-05-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f973be7c-ef83-4a2f-acca-4a6d7ad46dfc.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-24 12480616]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\OmniDeus\AppData\Roaming\Mozilla\Firefox\Profiles\kp3ikscx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.vn/
FF - ExtSQL: 2013-05-08 02:10; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\OmniDeus\AppData\Roaming\Mozilla\Firefox\Profiles\kp3ikscx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-08 09:49; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-05-08 09:49; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-05-08 09:49; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-05-08 23:55; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-05-08 23:55; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-15470247.sys
SafeBoot-25195866.sys
SafeBoot-71092695.sys
HKLM-Run-ISW - (no file)
.
.
.
Completion time: 2013-05-14  11:25:52
ComboFix-quarantined-files.txt  2013-05-14 18:25
.
Pre-Run: 693,235,798,016 bytes free
Post-Run: 693,166,460,928 bytes free
.
- - End Of File - - E6AA41CA431C6239A1E5CF4C87C84C3B
 

 


Edited by InfectedZombie, 14 May 2013 - 01:28 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 15 May 2013 - 07:10 AM

Looking good. Any remaining issues?

#5 InfectedZombie

InfectedZombie
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 15 May 2013 - 08:01 AM

No, everything is running fine now.  Solved all problems.  

 

Thank you 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 15 May 2013 - 08:44 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 15 May 2013 - 08:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users