Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zero Access rootkit and Windows Defender unable to start


  • This topic is locked This topic is locked
15 replies to this topic

#1 BlazinB1

BlazinB1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia - Formerly Canada
  • Local time:03:50 AM

Posted 26 May 2013 - 08:33 PM

When attempting to start Windows defender or Microsoft security services, getting error 5 access denied.  I think this was caused by some malware which has been removed from my pc, but can't get either of these working again.  I have run RKill and MBAM also run McAfee virus scan.

 

Link from original post: http://www.bleepingcomputer.com/forums/t/495883/unable-to-start-microsoft-security-services-or-windefender/

 

Here is the log from DDS;

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.21.2
Run by BlazinGT at 9:08:14 on 2013-05-27
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.12286.7802 [GMT 8:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzuzyzz0F0CtCtC0CtCyBtBtDyDtC0E0EyBtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=174433575
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Microsoft Webupdater] C:\ProgramData\Microsoft Webupdater0\cxyqoyqvq.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [Microsoft Webupdater] C:\ProgramData\Microsoft Webupdater0\cxyqoyqvq.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
StartupFolder: C:\Users\BlazinGT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: NameServer = 192.168.0.1 192.168.1.1
TCP: Interfaces\{0628CA03-E32A-406C-A87D-81BEDFF93CED} : DHCPNameServer = 192.168.0.1 192.168.1.1
TCP: Interfaces\{6A374B20-0525-4204-911B-570DD53FBD37} : DHCPNameServer = 192.168.0.1 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzuzyzz0F0CtCtC0CtCyBtBtDyDtC0E0EyBtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=174433575
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
x64-Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Run: [Linksys Wireless Manager] "C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzuzyzz0F0CtCtC0CtCyBtBtDyDtC0E0EyBtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=174433575
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzuzyzz0F0CtCtC0CtCyBtBtDyDtC0E0EyBtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=174433575
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzuzyzz0F0CtCtC0CtCyBtBtDyDtC0E0EyBtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=174433575&q=
FF - user.js: extensions.funmoods.id - 98FC11C172051EE7
FF - user.js: extensions.funmoods.instlDay - 15585
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:30:7
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extentions.y2layers.installId - 9d8fed4f-e43c-4ad4-9045-2542b7fc2c42
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-9 55856]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-2-4 21616]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2010-12-18 570880]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2012-2-4 68136]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2012-2-4 72280]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-28 130008]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-4-23 1872568]
R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2013-5-26 439632]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-2-4 114688]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2010-12-18 157288]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-10 50208]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-2-4 32344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-7-27 78848]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-7-27 180224]
R3 SaiK0CCB;SaiK0CCB;C:\Windows\System32\drivers\SaiK0CCB.sys [2011-9-20 183104]
R3 SaiU0CCB;SaiU0CCB;C:\Windows\System32\drivers\SaiU0CCB.sys [2011-9-20 47168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2010-12-18 30824]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-2-4 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-2-4 79360]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-2-12 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-2-4 30528]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2007-5-10 16032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 NisSrv;NisSrv;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-3-27 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-23 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-23 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-23 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-4 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-05-25 19:11:54    --------    d-----w-    C:\Users\BlazinGT\AppData\Roaming\Malwarebytes
2013-05-25 19:11:38    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-05-25 19:11:37    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-05-25 19:11:37    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-25 19:11:14    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\Programs
2013-05-25 16:48:43    --------    d-----w-    C:\ProgramData\Trend Micro
2013-05-25 16:38:38    --------    d-----w-    C:\Program Files (x86)\WinPcap
2013-05-25 16:37:56    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-05-25 16:22:22    --------    d-----w-    C:\Windows\PCHEALTH
2013-05-25 16:03:37    --------    d-----w-    C:\ProgramData\McAfee Security Scan
2013-05-25 16:03:27    --------    d-----w-    C:\Program Files (x86)\McAfee Security Scan
2013-05-25 15:37:57    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\ElevatedDiagnostics
2013-05-25 15:32:40    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\{8C94CE10-4492-41B6-87EB-6099560ED112}
2013-05-24 23:42:48    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-05-24 23:42:48    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-05-24 23:42:48    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-05-24 23:41:42    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 23:41:42    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 23:41:42    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 23:41:42    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 23:41:42    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-19 20:42:33    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\SKIDROW
2013-05-18 16:41:01    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-18 16:41:01    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-18 16:41:01    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-18 16:41:01    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-18 16:37:27    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\{30C8ED6F-5644-4628-B410-6CDDC20E36B6}
2013-05-16 23:33:14    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2395D14-59D6-4ABB-880F-DF1365E7FDA2}\offreg.dll
2013-05-16 10:18:10    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2395D14-59D6-4ABB-880F-DF1365E7FDA2}\mpengine.dll
2013-05-15 10:18:21    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-14 02:01:29    --------    d-sh--w-    C:\$$PendingFiles
2013-05-13 10:08:21    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\{71794453-79DF-4A30-AF35-FDE27C92068B}
2013-05-12 00:41:35    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\{5342BF10-6CF5-4FEE-B445-4DE20BEE6470}
2013-05-10 07:57:26    187456    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-02 22:48:51    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\{9CDFD593-2C71-43D2-8CC1-1A677BA7E750}
2013-04-30 19:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-04-30 19:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
.
==================== Find3M  ====================
.
2013-05-25 20:49:05    30528    ----a-w-    C:\Windows\GVTDrv64.sys
2013-05-25 20:48:56    25640    ----a-w-    C:\Windows\gdrv.sys
2013-05-15 13:17:21    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:17:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 13:17:04    9195912    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-05-02 22:18:18    328704    ----a-w-    C:\Windows\System32\services.exe
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 05:51:43    1188864    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-10 05:08:12    981504    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-03 21:35:05    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 12:58:00    829264    ----a-w-    C:\Windows\System32\msvcr100.dll
2013-03-26 12:58:00    608080    ----a-w-    C:\Windows\System32\msvcp100.dll
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-15 04:16:18    3477280    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17    6398240    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10    877856    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-03-13 16:24:01    3065455    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-03-10 09:58:51    861088    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-03-10 09:58:51    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-28 12:03:52    1638912    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-28 11:38:43    1638912    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH:  9:08:27.14 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 PM

Posted 28 May 2013 - 08:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

  • Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.

    p.s.

    When attempting to start Windows defender or Microsoft security services,

    Do not attempt to fix this for now. We will deal with it later.


#3 BlazinB1

BlazinB1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia - Formerly Canada
  • Local time:03:50 AM

Posted 28 May 2013 - 06:45 PM

Hi Nasdaq - Thanks for the help!!  I miss Montreal, moved here to Malaysia 1 year ago.

 

Here are the logs of the three tools I ran.  I don't notice any problems persisting, but my firefox crashed twice since trying to post, and I got a low on memory message, which seems weird as I have 12GB of RAM and have never received this before.

 

I didn't try to fix Windows Defender but still cannot start the service.

 

RogueKiller:

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : BlazinGT [Admin rights]
Mode : Remove -- Date : 05/29/2013 06:48:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Microsoft Webupdater (C:\ProgramData\Microsoft Webupdater0\cxyqoyqvq.exe) [-] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : 槃䴖綇㐝屋⛁䋃뜙륣嫛뗍氇챡鑧諅沊㖐⟀㩚춬伽ㆥ9꼐嚼洼ᑺ䯰糴뙣ꦖᝤ␏렚�즤⿠逍ᷔ㍁耹亄쐇ﴙ珍௩�璧듌篆᪗⿅熥ᶺࣜ㎚ (C:\ProgramData\Microsoft Webupdater0\cxyqoyqvq.exe) [-] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : ဦ�׌寇讼㹼Ṿ+啉㦈豪ᾖ誕떚巤幭㈠㴲괽毽艎⎛镂�앎჈䍻튐톄鏞⵴䄹縘뒮�遼ꈪ⭵ᢃ私ꄬབྷ䫑拏�棗ꒂ�몬ᡋᰕ䅖꾌폧쮲㳳 (C:\ProgramData\Microsoft Webupdater0\cxyqoyqvq.exe) [-] -> DELETED
[RUN][BLACKLISTDLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-3167684819-1413693687-2382599310-1000[...]\Run : Microsoft Webupdater (C:\ProgramData\Microsoft Webupdater0\cxyqoyqvq.exe) [-] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Microsoft Webupdater (C:\ProgramData\Microsoft Webupdater0\cxyqoyqvq.exe) [-] -> DELETED
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{C2E0F3B7-A5FF-401C-8729-C96DB5481BF7} : NameServer (216.131.95.20 216.131.94.5) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$6fe09eebce71845f5ed7857e9e5f98fd\@ [-] --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3167684819-1413693687-2382599310-1000\$6fe09eebce71845f5ed7857e9e5f98fd\@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{6fe09eeb-ce71-845f-5ed7-857e9e5f98fd}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6fe09eebce71845f5ed7857e9e5f98fd\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3167684819-1413693687-2382599310-1000\$6fe09eebce71845f5ed7857e9e5f98fd\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{6fe09eeb-ce71-845f-5ed7-857e9e5f98fd}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6fe09eebce71845f5ed7857e9e5f98fd\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3167684819-1413693687-2382599310-1000\$6fe09eebce71845f5ed7857e9e5f98fd\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EARS-00S8B1 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Patriot Pyro SCSI Disk Device +++++
--- User ---
[MBR] eefc5805feef0925ad699b50e3dd29d0
[BSP] f793653053b00cbe3fab5e2939646d51 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_05292013_02d0648.txt >>
RKreport[1]_S_05292013_02d0644.txt ; RKreport[2]_D_05292013_02d0648.txt

 

AdwCleaner:

 

# AdwCleaner v2.301 - Logfile created 05/29/2013 at 06:51:57
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : BlazinGT - BLAZINGT-PC
# Boot Mode : Normal
# Running from : C:\Users\BlazinGT\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\BlazinGT\AppData\Local\funmoods.crx
File Deleted : C:\Users\BlazinGT\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\BlazinGT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Deleted : C:\Users\BlazinGT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Deleted : C:\Users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\extensions\freehdsport@freehdsport.tv.xpi
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625F420E-A4A9-4B40-BC23-716C1C43893A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzuzyzz0F0CtCtC0CtCyBtBtDyDtC0E0EyBtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=174433575 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzuzyzz0F0CtCtC0CtCyBtBtDyDtC0E0EyBtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=174433575 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\prefs.js

C:\Users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\user.js ... Deleted !

Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "MY");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "99FD3ACB8C88261059E9854EE37E6463");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.id", "98FC11C172051EE7");
Deleted : user_pref("extensions.funmoods.instlDay", "15585");
Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:30:7");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:30:7");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:30:7");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "9d8fed4f-e43c-4ad4-9045-2542b7fc2c42");

*************************

AdwCleaner[S1].txt - [13355 octets] - [29/05/2013 06:51:57]

########## EOF - C:\AdwCleaner[S1].txt - [13416 octets] ##########
 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by BlazinGT on 29/05/2013 at  6:58:47.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{00B63D13-A487-4B7C-A291-741DF56C616D}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{010AF1A8-FF78-4599-91CD-108FE2FC1A23}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{02CDDDDD-28AB-4346-8457-60CC5547CDB6}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{0435C6F0-661B-4B8B-A7ED-6CB7785F2329}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{046FF020-F5E8-4C52-B321-EA6ECCB9AA71}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{04BC7079-5A02-4D8A-8637-91954538959C}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{04FDE470-3901-4B10-98A7-843CAEE943AB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{059CE275-BADB-4089-8C81-15B1E223464D}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{05CB2E08-7DAC-4728-9B05-B39DEB18560D}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{05E75813-C639-470D-B3FB-4C01932C2AC9}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{064F4338-C4AF-47CA-9AEC-264764C9DA58}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{06A8D7B5-DD95-4309-BEE0-698E4D5BDDBB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{090F28F8-91E7-4759-B43B-1F50B7FE6763}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{09B5708C-C140-4FBF-A6D5-DA40ADFD7CD4}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{09BDD4FA-0242-4434-AC76-029ED11A2197}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{0CA25788-FFC0-4D8F-86DB-733909CB4F81}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{0CCC9396-6C88-4D49-B800-51792F4E0A84}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{0D8A8483-3AC9-4585-9694-F1CA656FC5D6}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{0F751810-B1D5-40E6-B37C-542CBA658296}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{0F7F2436-EA20-4E15-9A40-BC1510D1C172}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1095C42E-8814-45A5-B365-C0E9EDF47BF5}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{110BC05F-0A5D-4367-BA05-86C3F11FF1AA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1262E560-126C-4B44-9D58-C1ABCA856C0A}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{12C98186-8766-432D-ABFD-7C0D7918E364}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{12E4DB14-23A1-457E-9D2E-424CFB7A1FB2}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{14150038-6A4A-4307-984A-93D90D3E8835}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1441F9B7-45AA-44A9-AFDA-2C56C537B7BC}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1485F04F-30FD-4075-A078-A5B953FA815E}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1777042B-B3C6-4714-825C-520044E63AFA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1949AF43-948E-4E4F-9CF2-E9EF50B864FE}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{198DD53D-6099-4918-99EC-FCD3FA3A5165}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{19D61D6D-245D-4251-9C32-E9404A5170CC}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1AA2C5B9-F9A2-40F5-9215-E03058F9992B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1C34FF7F-DEC1-46F9-A671-2BE53E783F93}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1DA98642-B49A-414D-870B-DFA8D4B35965}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1E24631A-621A-40D7-8899-EFE0C63730CD}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{1FFE09BB-DF0E-4662-8691-15BB70A5F590}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{21BFB369-A651-497E-BD0F-A17DB880B3F0}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{224745B1-F387-42F6-9DED-E0AC660284C8}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{2270106C-7222-4958-8A18-6011B2C33380}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{235EBDBB-16BE-48E6-A01C-556527DE4A72}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{23EC78C6-D462-43DE-AD07-BBB3E79079DC}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{257B7B80-1953-4D92-A1BE-29D005BDBFA2}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{25EDFD08-9FFF-471C-832C-124476F4952E}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{25F302B2-5C70-4C33-9A83-6E2737C4F9EB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{2627F372-3F99-4C39-9733-94E28BC29A25}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{264142CF-FA39-4AA2-BF10-B3E1C1E64597}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{26EF85A4-CAEA-4A14-B70A-8B76F36E49E0}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{27E5C665-7351-46A9-90D1-B58FB0068826}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{284133A3-A65E-4DCF-8FFC-F2F10A59B7C9}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{2877CE09-0E6D-495E-BE20-FD2AF3286B44}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{292EE0E9-64C0-4C63-87CB-27BA44175D2F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{2936BBC8-00F9-4F67-B9D8-ADB75DC9F8E1}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{2B08C265-149B-4C56-A646-AE1879DAFD4C}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{2C257E20-0313-4499-B5B7-42C472B0E1E9}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{2C782938-7E19-4C6F-A421-A80C539BA9C7}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{2E750756-25F8-444C-8023-8B434C20AD77}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{2FECBF99-D7B2-40AD-A563-16E4D4624C22}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{30C8ED6F-5644-4628-B410-6CDDC20E36B6}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{31C2C88B-1688-431A-9CA9-5E5321720862}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{32F312A2-2FCF-464F-8647-9E8CACFDCA4F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{33ACCB0D-E51F-4A7F-B26E-0EA1C871F8AE}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{34396800-426A-4C36-A11B-2F3769006C45}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{347B16B0-947A-4F04-9FC6-EA9EA7D83D60}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{36773975-306D-4363-9163-F97A34F3DC1E}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{37428079-C2A4-4CFB-9F5E-84E81666A71C}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{37D3A48E-E8A7-4966-8BFA-8AD069DAD074}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{386794E3-396E-4C6C-81E9-B98B354620EF}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{39EB241F-F7A1-4E31-B81D-77F24E17DDBB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{39ED0CEB-AE9D-49B0-9CFE-FF2A7FE58235}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{3BC30A12-C9A8-4044-A576-3F8193AC0228}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{3C78CD97-3553-4030-81B7-3E3E3F25AE89}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{3C9E8D3A-5BAA-429E-B80C-D284BA21C2EA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{3D7EAB22-7B4D-406A-824A-40828AB8C960}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{3E444ADC-D700-465C-AA48-E9820E0E5DF1}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{3E7CEFE9-75D7-4B69-9AFF-771C918647C5}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{3FA6116E-0E2E-45F4-B6EF-11E2AE8C4149}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4150B926-1F9D-4A38-8D02-2340E5583D00}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{427FE6AA-E87E-409F-BA47-1F2CE5B26306}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{429EE2BA-77AB-4E9A-916D-CB0EBA765924}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4322270C-0B48-4495-AA12-9D67DE2A9BB5}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4336C21F-41E4-44AF-9627-BD4CA35B73F2}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{43FAFB0F-08D2-4398-986E-C3D75EE0C465}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4493D5AD-A188-4C03-95A5-75EB6797EE52}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{44FEC927-8348-486A-A0DA-9DD703F88E24}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{45251246-AB24-4BC3-82B6-B4250E11CD01}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{475DC908-B25F-42FA-97D2-52238F1D3691}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{47E8D3C3-FBE9-4204-AC3F-672594749392}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4977B2A6-6156-4326-8095-B474B2C8A832}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{49B50BC1-0A5C-4759-B84B-7B1A9237E268}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{49EBEE51-8320-40CC-96B0-E6EEC886A273}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4A2266E6-692A-4DAA-A2A1-E1101F2287C8}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4C191F85-7C26-4BCF-A45C-2544892E6398}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4C543C53-2FD2-4F56-920A-2003860A83BE}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4C5633A6-8DB0-4464-AFAF-7E4F10304B58}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4D6B16EB-EE99-480A-8604-7DD4DBD24BA1}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4DD421BF-B4FA-439A-942F-548EBDE235EE}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4E7D3D3F-34D1-4694-8E90-8E204BA9B5F6}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4EFDB793-3A3F-49D5-91AC-C40D20F53527}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4F2AF8C4-29C5-4C90-8AA8-611E036C836F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{4F36C676-C717-4909-B027-631E7EE396C8}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5075195D-FA0A-4B19-B6B1-5187A9ABB6C8}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{51F95226-6297-4F3A-AFB0-3FACE75BB71D}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5288035B-A917-4888-A8FC-2CEF211393BA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{529CEFB6-9078-4F38-9648-C269BBAA2602}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{52D97E0B-30EA-4BB8-90FB-F266394485D1}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{533C3734-AE28-4DB2-BF1A-B98CAD5B999E}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5342BF10-6CF5-4FEE-B445-4DE20BEE6470}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{55C571A0-C090-43CB-A4D6-50264B32FB01}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5715DD0B-3BFF-46C7-B30C-84FDC70D5B7D}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{57CED0B6-EBCB-40F9-AF65-14E8A5358B7A}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5806D4FD-B8BF-4F5B-95F4-08BA067F5A69}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{58742024-0578-4D8C-959D-E667D5C468BD}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{58A899CA-5436-457D-895B-C2FBF1299EE4}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{58FAFF1D-F59C-4F89-BDE9-C310871F081B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{59CCFFC8-9446-4B1D-A915-EC1A858B5EDE}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5A37ABB5-1B48-4B4F-A0ED-1D89B30602F8}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5B8A8117-664D-4AF5-B011-4F0AD4169D93}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5BA86D5F-AB80-45D5-A2E4-71E3180B44F2}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5CBB001E-639A-4718-8ABE-2F8693EA5DB2}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5CD994F7-1A69-4A66-87CF-5B2849FABD85}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5D6C6CBA-1BD0-4C72-BD9B-6253C98DD339}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5E314040-5BFB-4EB4-BB55-8334C2FD27AF}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5EA97458-F85B-4C05-AE34-169D0F92DCE0}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5ED65C2F-81F6-48B6-BC52-DE14EE387507}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5F39DE7F-A908-4776-A078-6597195D4176}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5F4B6588-2CC4-4748-BFF8-8913F2744A4F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{5F5C6B95-10C1-46FA-872F-626D27331E0C}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{60BAE975-C353-4F20-93DF-A4DD03154B4C}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{60CBAACC-2189-48B3-850B-1F984807ACE0}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{62352DF5-EB13-48D3-A8F8-924B98B4B9D2}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{623874D0-2DF7-4402-9F22-0C27DA970822}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{634202BF-0DB8-41F6-956E-9517EF079496}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{64B4C7B6-3DF7-4960-91EB-2CBB4A3231F5}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{65C872C5-235E-4008-B44B-B780D24219D6}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{674748DF-9BEB-4801-B56C-F7927CB915E6}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{67CF4AFE-E652-406F-87E8-E15F9EB48D87}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{67E3C385-550A-4301-A792-12B797C64D1C}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{683C17EF-3902-481F-92AB-033E34F6FBDD}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{69946BCA-E1B4-46A6-8ACB-60F119F7971F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{69E40E05-9E31-45DB-AA8B-F70BDE14A978}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{6A98ED0F-DA10-4871-A9FF-21B403861FAE}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{6BC3433C-AA63-4D93-91EE-D6FC49704989}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{6BC798B1-C946-4F6F-9968-3998CAD5E2E4}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{6E50B60B-9304-4F50-BD72-326261C844E9}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{711AB110-1BFF-40F6-BA96-1541DB96BC91}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{71794453-79DF-4A30-AF35-FDE27C92068B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{71D6D69C-FBC9-4CFF-8D2C-97E4D014B474}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{7221DE91-9DDD-4B4C-B356-58F765AF95D8}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{729AE99D-6A1A-495E-8A95-DB0BF123D55A}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{72AD8653-2115-4624-B3D2-30125875C037}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{742F73DB-308D-4E47-B35A-55DA6D671CAA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{74F9A58A-DB9A-4AD3-A49C-E9C3E5F368DA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{76BD7E3C-FB92-425E-966F-5E452C04989A}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{7937CB72-F2C7-4B28-AE76-3083E270EACB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{7D1C50FA-8473-4516-95D4-7063A74432E9}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{7D52A550-912C-425B-8379-943AD597B2CE}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{7D5BB7AA-BF12-443B-867D-08BA90B28D2C}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{7E6E2BC4-A376-4D4B-85C0-C02E0309E090}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{7F863399-1E93-49D5-8454-6A1467BB0501}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{7FF1108F-661B-4F4A-A9AE-DB2E266AB664}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{808D0AA0-B20B-4859-8B48-0E4FE5E9D360}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{81721D1E-25E6-4F40-B3A9-672A3F547531}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8244797B-9C86-4333-A1A2-A2C0606CFBDD}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{82FC2BA1-AB10-4D01-8F3B-8DBCFC9B9959}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{831CE169-3ECD-4AE2-AC9C-9893719A2A51}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{858318FB-74DB-44A6-B5D7-9911874931A2}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{85BF8B1F-EBFD-4676-9562-8609C9ED286A}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{85FB9F28-EF68-4695-BBCC-F2C39E043ABB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{866615B5-8170-4569-9CCF-EA13ADC5A6EE}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8707F560-F77C-4561-A0F0-AA9678A1C877}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8783B2C7-DD4C-4D9F-8E54-AF81E9E26315}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{87B789A2-1B2E-49F4-8C0A-49DB0CA0D4AD}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{87C27453-23A7-4E94-BA87-95B42B6D5B36}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8B77D84A-68E4-4E86-AEAA-B030EE83F1DF}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8C09BD89-15D8-4103-9669-DC2D9D614672}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8C26962A-83ED-44B4-8679-AE216C2DDE3B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8C94CE10-4492-41B6-87EB-6099560ED112}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8C9F8A42-8324-4FDA-A4C6-3D5930F05153}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8CCE9A5B-B56D-4C03-80D5-7AEA575FBF2F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8D658316-0578-45AA-9C19-2A2AE0FCD9D6}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8E0D8CD8-D1DC-48BD-86B7-2D1B7758ACAC}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8F1ED8F1-0906-4A60-AFFA-A861FDAD70A7}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8FC84CC7-4F4A-4A71-988D-F2FF8073EAF2}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{8FE4B60E-2788-43C2-81BA-731D2F551FCA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{91CD1DE5-94FE-4346-9C17-DDDA3C30DE2F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{92408B05-662E-4490-8109-FC2177502BCB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{93FFEB97-3E15-4036-9766-6B68EABFB196}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{942A6325-3020-480E-A55F-6F59956BD553}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9597D86A-631E-41CA-AA42-ACAA6AC262F7}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{95F8B2A7-A6F6-43EE-A444-7CC389F47736}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{961E654F-71CB-44C4-A260-2821BBF8B4DA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9768DB5A-02DA-4F21-8C24-24E648F60F4A}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{98B9C163-F1A3-48A7-8324-3261AB47EA6D}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{99B633C4-97DF-450D-A364-BBE3F70BF2F0}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{99CDAFF9-8C85-4A26-A50D-1725D56ED065}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9A56CCEC-5606-47E6-8219-C5A33399AF29}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9A89383B-9EE8-4D09-A251-855423190DB5}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9A95B487-6CEE-4D86-8376-5B63DC5B70E0}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9B91B31F-AC2C-4B96-AF36-0A2AE9623D7B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9C68253C-83EC-45FF-89A1-68DA4B1204A9}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9C9D4D47-04CE-4499-BE23-980A817462E6}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9CDFD593-2C71-43D2-8CC1-1A677BA7E750}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9D22B0C0-A2AE-4CBF-B235-D9B8A829F136}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{9DAB5C30-A07C-4501-A5FD-1EFD746D660F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A0953833-6D63-4A5C-BB8C-5A008C620ED8}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A0EA510B-B721-4512-945E-451EA0A48E43}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A130F5C3-B66C-4841-8DB5-D8DCA5DBD832}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A15642E6-D2E7-4CCA-923B-867FC2127414}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A1E9A279-8FF1-4161-900A-AE43B88A4B7F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A2F2E4C6-97F2-4A7B-9085-9C4DD9077D45}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A4A8D663-9673-4C42-9A04-E63A59BBA643}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A4D5D26B-A963-4282-820F-6338AA8C7C8E}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A4D8E6CE-7D56-43AE-9EB5-80761FEC093E}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A7174E7D-9941-491C-9E31-5E3D27B7A4B9}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{A808E3B2-B99E-4996-A100-531A16DCA87E}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{AA5A2967-353C-4E3A-85D1-6D7245C5C72B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{ABAE6BD9-D866-4659-8D90-F332D47255C2}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{AC48C85A-886C-4F2B-BA66-103D957F7AD3}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{AC78714D-8150-43DD-B81C-FF2C7BE24AD4}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{AC8D2B6A-1CA3-495C-B0AF-51C50B112F21}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{AD27A1BB-2DEA-4973-8EC1-7AC54342754A}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{AF558FD1-6C27-454E-B002-3F776000DBCE}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{AFCB73FF-CA55-4AD0-BA1F-CC27959E7362}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{B08A3B46-606E-4AD1-97ED-9B90C0ED8E54}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{B0EE86E4-F5BF-4FB2-9F81-DA8B633F7614}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{B0FBA754-41F6-4232-9355-84DB24BEF8E3}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{B1E63C61-ADE4-48A5-A354-89F1305E67CB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{B2CB479D-6775-4559-A2E6-4C21B83A6064}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{B2FBF224-3CEA-4F67-8309-0E4E100A6EF0}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{B36C0847-DBC5-4583-9C2C-77562957F447}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{B5A899ED-B08B-4109-9987-A057DF4F0C4A}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{B99C0F37-2CC9-451B-91EF-809D3E7CB7D9}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{BA22E342-32B4-4639-8641-F386AE8EF05B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{BAFD999C-81E2-4EF8-8B14-F95367A8C4A3}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{BD2249DE-707C-4D16-B4A2-5BB2F6017C75}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{BDF9712F-3F7A-46FE-8E69-207AD3128873}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{BE72E8FD-814F-4BC9-86FB-EF0E30EA8DCF}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{BFDE8ECA-5E8E-49B6-82F8-41D3DEA3A96F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{C019A565-CB7D-4268-9AFC-37A3EE52E049}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{C162B7C2-1569-4C25-B16E-FF0D037FE2BD}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{C42453E0-3883-4E12-A7BA-4DC7CA39CF63}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{C479F63F-E898-4A25-A8E4-8B511446D484}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{C4E7136B-88A7-4E88-A180-030CF3A154EF}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{C714686E-89E3-490D-839E-0FD3BC904A43}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{C7A3A64A-F6BB-4BFB-8E59-D9C5BB67AC66}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{C7CCB25E-D531-43FE-953F-7D25C67D89E1}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{C93B3E30-5DBE-4B78-86F9-D38C561EA82B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{C9D04067-B2B8-4D56-AE15-2E115C6D7F82}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{CBAFC507-5F64-463E-A79A-6EC6EDD5810C}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{CC6C14A2-CDE3-4339-A605-12D02B53972F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{CCA713AA-A9FB-467D-B34A-47AC683F3541}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{CD73F01E-B2D6-4C40-A85A-DD8C3E499DD3}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{CDEA027C-9309-420C-84DE-9A2113E2A9D8}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{CDF7E1A1-F2E4-4F1B-8FCB-CF63F3C08216}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{CE8A9700-8562-4822-9A4E-473B69CD8A55}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D03A3741-A1D4-44E9-8686-8FA80EE8672B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D21C043A-27BC-4781-95F9-D8A4D5253C5C}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D226BB79-1C05-4F5F-8229-9A22E9F280FB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D229C723-CCE6-4805-B1FB-9B48BD507ADA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D282ADCF-836D-4EB9-8086-7C25719B854E}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D384CFB6-29FF-4D37-A9B1-DC7EE9A9607F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D3BBBAD0-9D2B-4B1B-8DAF-BA9A8B8E0383}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D47C047A-B14B-42C3-A33B-99DA98A64B84}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D5C20DB3-A90F-4CFE-821A-762B3B68642F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D6BE3176-957E-4084-BBE4-6E3322881808}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D6C4687A-CCDA-4405-BBEA-2D123D19FC07}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D74D8FB8-D118-4F1E-8757-1D59367D5C35}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D9497751-C679-472B-809D-2D9F570D66DF}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{D9BE79BD-C654-4307-9CBA-2AAF74D626AC}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{DC406F26-D2E5-4321-AF0F-0C3CEC9DBE22}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{DD6C63DA-5F49-43F1-8F53-019BAF6D3814}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{DDBF0687-0CF5-4890-B05C-8104991B6FC0}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{DE554AAF-10E6-4BE3-8E48-2C4571B820D9}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{DF4E3349-733A-43D0-80BB-788B4448CC3E}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{DFC4D99C-28E3-4D33-8A3F-5D5F7FBC5337}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E062ED8B-BDB0-4DFA-BECA-3E207AA50C34}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E2265623-7574-4AEF-9661-8E3967909FDD}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E2AF0372-5780-4DBA-9980-F1A141B37D1D}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E3121AE8-AF00-4D0D-8FD3-002DBFC6DB4B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E3830EE4-75B8-4B8B-BF94-70E09C28BE67}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E4A0EF35-4B18-47A4-B373-6152E8DDA88E}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E4B9E467-FC22-4FD2-A32C-DB1098C86326}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E55999CD-5C43-4A25-B1E6-B4FD7E3FC621}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E5BBA05B-9F83-4204-B442-557A82FB8A4D}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E63BADD6-DC81-40F7-9DB8-90185409396B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E7D1E02D-22E8-4534-9F83-654FD9A2DE08}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E8091ACB-E836-4F21-A041-0508896080D7}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E83AEB2E-9670-4B54-827B-CF2D5525EFE3}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E906B44B-7790-486F-AA6C-054C0AA2A17D}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{E99E71CA-4E9F-4786-B80A-CDD4B0309F05}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{EA36822B-F83F-4E06-8863-57FDDF05B581}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{EA936352-3D5E-47AB-B4FA-786299FC7988}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{EB390A68-E0B5-4692-ACFD-537FDAD07D6F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{ED90FE49-F196-4369-9804-46DE0BA19AAC}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{EE1D6FF5-10A3-41AF-B135-5C8F317EC089}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{EE730D9E-5197-40A5-A761-FB6648BD647B}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{EEC5373E-98CD-478B-803D-933AFA80B35D}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{EF4697B1-3E7F-4AC6-8795-9362BA23EC90}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{EF9B063F-9B28-4518-99DE-BFD58D1849C8}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F0811C77-6135-430C-B918-38B02151D491}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F1123D83-F295-4319-8A42-6AE130B0FEB0}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F143676A-BFB1-462D-AE17-3ED65304B4FA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F204BF0B-53BF-4735-9E5E-106019426321}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F2122FA1-3E22-4072-959E-CCF34DFDBBA4}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F25E4CDB-BBCB-4AA1-9BBA-D7BEBCAA02FA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F2DF90F3-DD93-46C4-AD78-7455585A8A30}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F3493770-45C0-4656-9C47-55BE0D4493AC}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F3AE54C8-F11B-441C-AF02-1E46D45F8E58}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F4E67B27-A22C-44B6-A7A7-859E41CD6DE9}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F4E86873-F809-4F3B-AE59-32BA051DFB81}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F5C25155-0D24-43C2-823E-BF78FFD1A8CB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F6AB23B3-2053-40D8-A0D3-3741B9149D7C}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{F76BAFAC-1527-4B4C-BFD3-8EC7616CECBA}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{FB72CCB6-91B8-4973-86FD-0A220CBD0BAB}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{FCF3DA2A-1CA2-45BD-9AB0-5AE85921EA2F}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{FD1316CC-88A4-4D39-9235-7DF8FD858E04}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{FD9728FF-D222-46F1-9DEF-9BD511C761C5}
Successfully deleted: [Empty Folder] C:\Users\BlazinGT\appdata\local\{FE37ECE4-79C5-47AF-A43F-E69095FD1CAD}



~~~ FireFox

Emptied folder: C:\Users\BlazinGT\AppData\Roaming\mozilla\firefox\profiles\vu3nqakj.default\minidumps [79 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/05/2013 at  7:30:31.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 BlazinB1

BlazinB1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia - Formerly Canada
  • Local time:03:50 AM

Posted 29 May 2013 - 04:49 AM

Hey Nasdaq - One last thing, when running the JRT 3 times a pop box came up called application error with the message cxyqoyqvq.exe application unable to start correctly.  I've no idea what that application is but sounds suspicious and it looks like it was removed by the Rogue Killer logs.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 PM

Posted 29 May 2013 - 09:05 AM

Some remnant items in the registry could be causing this error. Lets continue.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post a fresh DDS log for my review.

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#6 BlazinB1

BlazinB1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia - Formerly Canada
  • Local time:03:50 AM

Posted 29 May 2013 - 05:33 PM

Ok I have run all 3 things and here are the logs to review.

 

ComboFix:

 

ComboFix 13-05-30.01 - BlazinGT 30/05/2013   5:23.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.12286.9928 [GMT 8:00]
Running from: c:\users\BlazinGT\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe
c:\windows\SysWow64\tmp68D0.tmp
c:\windows\SysWow64\tmp690F.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-28 to 2013-05-29  )))))))))))))))))))))))))))))))
.
.
2013-05-29 21:30 . 2013-05-29 21:30    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-05-29 21:30 . 2013-05-29 21:30    --------    d-----w-    c:\users\UpdatusUser.BlazinGT-PC\AppData\Local\temp
2013-05-29 21:30 . 2013-05-29 21:30    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-28 22:58 . 2013-05-28 22:58    --------    d-----w-    c:\windows\ERUNT
2013-05-28 22:58 . 2013-05-28 22:58    --------    d-----w-    C:\JRT
2013-05-26 14:00 . 2013-05-26 14:00    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\users\BlazinGT\AppData\Roaming\Malwarebytes
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\programdata\Malwarebytes
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-25 19:11 . 2013-04-04 06:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\users\BlazinGT\AppData\Local\Programs
2013-05-25 16:48 . 2013-05-25 16:48    --------    d-----w-    c:\programdata\Trend Micro
2013-05-25 16:38 . 2013-05-25 16:38    --------    d-----w-    c:\program files (x86)\WinPcap
2013-05-25 16:37 . 2013-05-25 16:37    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-05-25 16:22 . 2013-05-25 16:22    --------    d-----w-    c:\windows\PCHEALTH
2013-05-25 16:03 . 2013-05-25 16:03    --------    d-----w-    c:\programdata\McAfee Security Scan
2013-05-25 16:03 . 2013-05-25 16:03    --------    d-----w-    c:\program files (x86)\McAfee Security Scan
2013-05-25 15:37 . 2013-05-25 15:37    --------    d-----w-    c:\users\BlazinGT\AppData\Local\ElevatedDiagnostics
2013-05-24 23:42 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-24 23:42 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-24 23:42 . 2013-01-24 06:01    223752    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-24 23:41 . 2013-05-24 23:41    --------    d-----w-    c:\program files (x86)\QuickTime
2013-05-24 23:41 . 2013-05-24 23:41    --------    d-----w-    c:\programdata\Apple Computer
2013-05-19 20:42 . 2013-05-19 20:42    --------    d-----w-    c:\users\BlazinGT\AppData\Local\SKIDROW
2013-05-18 17:51 . 2013-05-18 17:51    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-05-18 16:41 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-18 16:41 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-18 16:41 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-18 16:41 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-18 16:41 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-18 16:41 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-16 23:33 . 2013-05-16 23:33    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2395D14-59D6-4ABB-880F-DF1365E7FDA2}\offreg.dll
2013-05-16 10:18 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2395D14-59D6-4ABB-880F-DF1365E7FDA2}\mpengine.dll
2013-05-15 10:18 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-14 02:01 . 2013-05-14 02:01    --------    d-sh--w-    C:\$$PendingFiles
2013-05-13 09:15 . 2013-05-13 09:15    --------    d-----w-    c:\windows\Sun
2013-05-10 07:57 . 2013-05-10 07:57    187456    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-04-30 19:59 . 2013-04-30 19:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-04-30 19:59 . 2013-04-30 19:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-29 21:20 . 2012-02-04 02:51    30528    ----a-w-    c:\windows\GVTDrv64.sys
2013-05-29 21:20 . 2012-02-04 02:51    25640    ----a-w-    c:\windows\gdrv.sys
2013-05-18 16:43 . 2012-02-04 03:51    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-18 16:37 . 2011-03-28 23:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 20:44 . 2013-04-23 10:15    811216    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-15 13:17 . 2012-04-02 23:25    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:17 . 2012-02-04 14:32    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 13:17 . 2012-04-14 14:39    9195912    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-02 22:18 . 2009-07-13 23:19    328704    ----a-w-    c:\windows\system32\services.exe
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-23 15:58 . 2013-04-23 15:58    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CA29DE7-8933-4106-AA91-69E7F58BB645}\gapaengine.dll
2013-04-13 05:49 . 2013-05-24 23:42    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-24 23:42    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-24 23:42    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-24 23:42    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-24 23:42    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-24 23:42    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-03 21:35 . 2013-03-10 09:58    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 12:58 . 2013-03-26 12:58    829264    ----a-w-    c:\windows\system32\msvcr100.dll
2013-03-26 12:58 . 2013-03-26 12:58    608080    ----a-w-    c:\windows\system32\msvcp100.dll
2013-03-15 05:53 . 2012-10-19 11:25    2864144    ----a-w-    c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-10-19 11:25    26956576    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2012-10-19 11:25    2539128    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2012-10-19 11:25    17990800    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2012-10-19 11:25    15508512    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2012-10-19 11:25    13088000    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2012-10-19 11:25    1118776    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-03-15 04:16 . 2012-10-19 11:26    3477280    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-10-19 11:26    6398240    ----a-w-    c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-10-19 11:26    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-10-19 11:26    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-10-19 11:26    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-03-13 16:24 . 2012-10-19 11:26    3065455    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-03-10 09:58 . 2012-07-26 10:58    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-10 09:58 . 2012-03-11 03:55    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"???????????????????????????????????????????????????????????????"="c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe" [?]
"????????????????????????????????????????????????[??????????????"="c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe" [?]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-04-19 1631144]
"Microsoft Webupdater"="c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe" [2013-05-29 37748736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-08-06 1370624]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2011-01-07 27248]
.
c:\users\BlazinGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-2-4 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2010-12-18 700416]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
PHOTOfunSTUDIO 6.0 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-4-9 170480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 uymisawx;uymisawx;c:\windows\system32\drivers\uymisawx.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys [2010-12-17 30824]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-02-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-04 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-01 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-05-29 30528]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-10 16032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-03-26 178760]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-12-17 21616]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2010-12-17 570880]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-19 1872568]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [2010-12-17 157288]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-10 50208]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 78848]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 180224]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-06-24 1366064]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-24 2552320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
FF - ProfilePath - c:\users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3167684819-1413693687-2382599310-1000_Classes\CLSID\{83220814-6342-F241-A7E1-474F80BE5A41}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-30  05:46:37
ComboFix-quarantined-files.txt  2013-05-29 21:46
.
Pre-Run: 18,647,449,600 bytes free
Post-Run: 19,301,257,216 bytes free
.
- - End Of File - - 40286AD65027FCB3664940AEE235F529
 

After running this I got an application error and disk error for corrupted files: Clicked on a box to let windows repair the files and rebooted.  Clicked ok to the application error box and it went away.

 

 

 

Security Check:

 

Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro RUBotted RUBotSrv.exe  
 Trend Micro RUBotted RUBottedGUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.21.2
Run by BlazinGT at 6:21:12 on 2013-05-30
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.12286.9988 [GMT 8:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Microsoft Webupdater] C:\ProgramData\Microsoft Webupdater0\cxyqoyqvq.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
StartupFolder: C:\Users\BlazinGT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: NameServer = 192.168.0.1 192.168.1.1
TCP: Interfaces\{0628CA03-E32A-406C-A87D-81BEDFF93CED} : DHCPNameServer = 192.168.0.1 192.168.1.1
TCP: Interfaces\{6A374B20-0525-4204-911B-570DD53FBD37} : DHCPNameServer = 192.168.0.1 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.google.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
x64-Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Run: [Linksys Wireless Manager] "C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-9 55856]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-2-4 21616]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2010-12-18 570880]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2012-2-4 68136]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2012-2-4 72280]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-28 130008]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-4-23 1872568]
R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2013-5-26 439632]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-2-4 114688]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2010-12-18 157288]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-2-4 30528]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-10 50208]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-2-4 32344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-7-27 78848]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-7-27 180224]
R3 SaiK0CCB;SaiK0CCB;C:\Windows\System32\drivers\SaiK0CCB.sys [2011-9-20 183104]
R3 SaiU0CCB;SaiU0CCB;C:\Windows\System32\drivers\SaiU0CCB.sys [2011-9-20 47168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2010-12-18 30824]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-2-4 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-2-4 79360]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-2-12 25640]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2007-5-10 16032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 NisSrv;NisSrv;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-3-27 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-23 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-23 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-23 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-4 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-05-29 22:15:28    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-05-29 21:20:47    98816    ----a-w-    C:\Windows\sed.exe
2013-05-29 21:20:47    256000    ----a-w-    C:\Windows\PEV.exe
2013-05-29 21:20:47    208896    ----a-w-    C:\Windows\MBR.exe
2013-05-28 23:49:56    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\{87B10F84-C102-430B-B1D4-4BC56221DF41}
2013-05-28 22:58:46    --------    d-----w-    C:\Windows\ERUNT
2013-05-28 22:58:26    --------    d-----w-    C:\JRT
2013-05-25 19:11:54    --------    d-----w-    C:\Users\BlazinGT\AppData\Roaming\Malwarebytes
2013-05-25 19:11:38    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-05-25 19:11:37    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-05-25 19:11:37    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-25 19:11:14    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\Programs
2013-05-25 16:48:43    --------    d-----w-    C:\ProgramData\Trend Micro
2013-05-25 16:38:38    --------    d-----w-    C:\Program Files (x86)\WinPcap
2013-05-25 16:37:56    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-05-25 16:22:22    --------    d-----w-    C:\Windows\PCHEALTH
2013-05-25 16:03:37    --------    d-----w-    C:\ProgramData\McAfee Security Scan
2013-05-25 16:03:27    --------    d-----w-    C:\Program Files (x86)\McAfee Security Scan
2013-05-25 15:37:57    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\ElevatedDiagnostics
2013-05-24 23:42:48    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-05-24 23:42:48    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-05-24 23:42:48    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-05-24 23:41:42    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 23:41:42    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 23:41:42    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 23:41:42    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 23:41:42    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-19 20:42:33    --------    d-----w-    C:\Users\BlazinGT\AppData\Local\SKIDROW
2013-05-18 16:41:01    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-18 16:41:01    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-18 16:41:01    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-18 16:41:01    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-16 23:33:14    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2395D14-59D6-4ABB-880F-DF1365E7FDA2}\offreg.dll
2013-05-16 10:18:10    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2395D14-59D6-4ABB-880F-DF1365E7FDA2}\mpengine.dll
2013-05-15 10:18:21    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-14 02:01:29    --------    d-sh--w-    C:\$$PendingFiles
2013-05-10 07:57:26    187456    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-04-30 19:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-04-30 19:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
.
==================== Find3M  ====================
.
2013-05-29 22:15:35    30528    ----a-w-    C:\Windows\GVTDrv64.sys
2013-05-29 22:15:28    25640    ----a-w-    C:\Windows\gdrv.sys
2013-05-15 13:17:21    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:17:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 13:17:04    9195912    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-05-02 22:18:18    328704    ----a-w-    C:\Windows\System32\services.exe
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 05:51:43    1188864    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-10 05:08:12    981504    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-03 21:35:05    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 12:58:00    829264    ----a-w-    C:\Windows\System32\msvcr100.dll
2013-03-26 12:58:00    608080    ----a-w-    C:\Windows\System32\msvcp100.dll
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-15 04:16:18    3477280    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17    6398240    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10    877856    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-03-13 16:24:01    3065455    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-03-10 09:58:51    861088    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-03-10 09:58:51    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH:  6:21:23.37 ===============
 

Everything seems to be ok.  Windefend still won't start.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 PM

Posted 30 May 2013 - 07:35 AM

Open notepad and copy/paste the text in the quote box below into it:
 
Driver::
uymisawx

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"???????????????????????????????????????????????????????????????"=-
"????????????????????????????????????????????????[??????????????"=-
"Microsoft Webupdater"=-

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
====

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Lets check the Windows Defender status.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Let me know what problem persists.

#8 BlazinB1

BlazinB1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia - Formerly Canada
  • Local time:03:50 AM

Posted 30 May 2013 - 06:40 PM

Here are the results of the two scans.  I cannot install Acrobat reader.  The Adobe installer times out during download.  I uninstalled the current version I have but still unable to update, my internet access is fine.  I tried downloading about 4 times.

 

ComboFix:

 

ComboFix 13-05-30.02 - BlazinGT 31/05/2013   6:42.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.12286.10313 [GMT 8:00]
Running from: c:\users\BlazinGT\Desktop\ComboFix.exe
Command switches used :: c:\users\BlazinGT\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uymisawx
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-28 to 2013-05-30  )))))))))))))))))))))))))))))))
.
.
2013-05-30 22:49 . 2013-05-30 22:49    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-05-30 22:49 . 2013-05-30 22:49    --------    d-----w-    c:\users\UpdatusUser.BlazinGT-PC\AppData\Local\temp
2013-05-28 22:58 . 2013-05-28 22:58    --------    d-----w-    c:\windows\ERUNT
2013-05-28 22:58 . 2013-05-28 22:58    --------    d-----w-    C:\JRT
2013-05-26 14:00 . 2013-05-26 14:00    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\users\BlazinGT\AppData\Roaming\Malwarebytes
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\programdata\Malwarebytes
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-25 19:11 . 2013-04-04 06:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\users\BlazinGT\AppData\Local\Programs
2013-05-25 16:48 . 2013-05-25 16:48    --------    d-----w-    c:\programdata\Trend Micro
2013-05-25 16:38 . 2013-05-25 16:38    --------    d-----w-    c:\program files (x86)\WinPcap
2013-05-25 16:37 . 2013-05-25 16:37    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-05-25 16:22 . 2013-05-25 16:22    --------    d-----w-    c:\windows\PCHEALTH
2013-05-25 16:03 . 2013-05-25 16:03    --------    d-----w-    c:\programdata\McAfee Security Scan
2013-05-25 16:03 . 2013-05-25 16:03    --------    d-----w-    c:\program files (x86)\McAfee Security Scan
2013-05-25 15:37 . 2013-05-25 15:37    --------    d-----w-    c:\users\BlazinGT\AppData\Local\ElevatedDiagnostics
2013-05-24 23:42 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-24 23:42 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-24 23:42 . 2013-01-24 06:01    223752    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-24 23:41 . 2013-05-24 23:41    --------    d-----w-    c:\program files (x86)\QuickTime
2013-05-24 23:41 . 2013-05-24 23:41    --------    d-----w-    c:\programdata\Apple Computer
2013-05-19 20:42 . 2013-05-19 20:42    --------    d-----w-    c:\users\BlazinGT\AppData\Local\SKIDROW
2013-05-18 17:51 . 2013-05-18 17:51    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-05-18 16:41 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-18 16:41 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-18 16:41 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-18 16:41 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-18 16:41 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-18 16:41 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-16 23:33 . 2013-05-16 23:33    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2395D14-59D6-4ABB-880F-DF1365E7FDA2}\offreg.dll
2013-05-16 10:18 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2395D14-59D6-4ABB-880F-DF1365E7FDA2}\mpengine.dll
2013-05-15 10:18 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-14 02:01 . 2013-05-14 02:01    --------    d-sh--w-    C:\$$PendingFiles
2013-05-13 09:15 . 2013-05-13 09:15    --------    d-----w-    c:\windows\Sun
2013-05-10 07:57 . 2013-05-10 07:57    187456    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-30 22:52 . 2012-02-04 02:51    30528    ----a-w-    c:\windows\GVTDrv64.sys
2013-05-30 22:51 . 2012-02-04 02:51    25640    ----a-w-    c:\windows\gdrv.sys
2013-05-18 16:43 . 2012-02-04 03:51    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-18 16:37 . 2011-03-28 23:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 20:44 . 2013-04-23 10:15    811216    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-15 13:17 . 2012-04-02 23:25    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:17 . 2012-02-04 14:32    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 13:17 . 2012-04-14 14:39    9195912    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-02 22:18 . 2009-07-13 23:19    328704    ----a-w-    c:\windows\system32\services.exe
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-30 19:59 . 2013-04-30 19:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-04-30 19:59 . 2013-04-30 19:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-23 15:58 . 2013-04-23 15:58    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CA29DE7-8933-4106-AA91-69E7F58BB645}\gapaengine.dll
2013-04-13 05:49 . 2013-05-24 23:42    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-24 23:42    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-24 23:42    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-24 23:42    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-24 23:42    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-24 23:42    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-03 21:35 . 2013-03-10 09:58    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 12:58 . 2013-03-26 12:58    829264    ----a-w-    c:\windows\system32\msvcr100.dll
2013-03-26 12:58 . 2013-03-26 12:58    608080    ----a-w-    c:\windows\system32\msvcp100.dll
2013-03-15 05:53 . 2012-10-19 11:25    2864144    ----a-w-    c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-10-19 11:25    26956576    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2012-10-19 11:25    2539128    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2012-10-19 11:25    17990800    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2012-10-19 11:25    15508512    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2012-10-19 11:25    13088000    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2012-10-19 11:25    1118776    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-03-15 04:16 . 2012-10-19 11:26    3477280    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-10-19 11:26    6398240    ----a-w-    c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-10-19 11:26    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-10-19 11:26    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-10-19 11:26    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-03-13 16:24 . 2012-10-19 11:26    3065455    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-03-10 09:58 . 2012-07-26 10:58    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-10 09:58 . 2012-03-11 03:55    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"???????????????????????????????????????????????????????????????"="c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe" [?]
"????????????????????????????????????????????????[??????????????"="c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe" [?]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-04-19 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-08-06 1370624]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2011-01-07 27248]
.
c:\users\BlazinGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-2-4 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2010-12-18 700416]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
PHOTOfunSTUDIO 6.0 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-4-9 170480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys [2010-12-17 30824]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-02-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-04 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-01 25640]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-10 16032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-03-26 178760]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-12-17 21616]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2010-12-17 570880]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-19 1872568]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [2010-12-17 157288]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-05-30 30528]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-10 50208]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 78848]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 180224]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-06-24 1366064]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-24 2552320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
FF - ProfilePath - c:\users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3167684819-1413693687-2382599310-1000_Classes\CLSID\{83220814-6342-F241-A7E1-474F80BE5A41}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\GIGABYTE\ET6\GUI.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-05-31  07:03:33 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-30 23:03
ComboFix2.txt  2013-05-29 21:46
.
Pre-Run: 19,451,084,800 bytes free
Post-Run: 19,085,201,408 bytes free
.
- - End Of File - - B632A0B51DDFAA225CB1AA7F955F2377
 

FSS:

 

Farbar Service Scanner Version: 25-05-2013
Ran by BlazinGT (administrator) on 31-05-2013 at 07:30:14
Running from "C:\Users\BlazinGT\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-14 07:54] - [2009-07-14 09:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 PM

Posted 31 May 2013 - 07:49 AM

These empty registry keys were not removed, try this.

; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
 

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"???????????????????????????????????????????????????????????????"=-
"????????????????????????????????????????????????[??????????????"=-


; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

On a Vista or Windows 7 operating system, right click the Fix.reg and run as Administrator.

Delete the Fix.reg file when done.

Restart the computer normally.

Run ComboFix and post a fresh log.
===

The ZeroAccess changed the permission of some of your services.
You need to download and run this new tool. I used it successfully on other topics.
Trust the tool and delete what it finds.

HitmanPro 3.7.5 Build 198 BETA will clean this mse patch infection.
http://www.wilderssecurity.com/showpost.php?p=2233029&postcount=5345

Keep me posted.

Edited by nasdaq, 31 May 2013 - 07:49 AM.


#10 BlazinB1

BlazinB1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia - Formerly Canada
  • Local time:03:50 AM

Posted 31 May 2013 - 06:04 PM

Ok here is my latest ComboFix log:

 

ComboFix 13-05-30.02 - BlazinGT 01/06/2013   6:04.3.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.12286.10185 [GMT 8:00]
Running from: c:\users\BlazinGT\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-28 to 2013-05-31  )))))))))))))))))))))))))))))))
.
.
2013-05-31 22:11 . 2013-05-31 22:11    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-05-31 22:11 . 2013-05-31 22:11    --------    d-----w-    c:\users\UpdatusUser.BlazinGT-PC\AppData\Local\temp
2013-05-31 22:11 . 2013-05-31 22:11    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-30 23:35 . 2013-05-30 23:35    --------    d-----w-    c:\windows\system32\appmgmt
2013-05-28 22:58 . 2013-05-28 22:58    --------    d-----w-    c:\windows\ERUNT
2013-05-28 22:58 . 2013-05-28 22:58    --------    d-----w-    C:\JRT
2013-05-26 14:00 . 2013-05-26 14:00    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\users\BlazinGT\AppData\Roaming\Malwarebytes
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\programdata\Malwarebytes
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-25 19:11 . 2013-04-04 06:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\users\BlazinGT\AppData\Local\Programs
2013-05-25 16:48 . 2013-05-25 16:48    --------    d-----w-    c:\programdata\Trend Micro
2013-05-25 16:38 . 2013-05-25 16:38    --------    d-----w-    c:\program files (x86)\WinPcap
2013-05-25 16:37 . 2013-05-25 16:37    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-05-25 16:22 . 2013-05-25 16:22    --------    d-----w-    c:\windows\PCHEALTH
2013-05-25 16:03 . 2013-05-25 16:03    --------    d-----w-    c:\programdata\McAfee Security Scan
2013-05-25 16:03 . 2013-05-25 16:03    --------    d-----w-    c:\program files (x86)\McAfee Security Scan
2013-05-25 15:37 . 2013-05-25 15:37    --------    d-----w-    c:\users\BlazinGT\AppData\Local\ElevatedDiagnostics
2013-05-24 23:42 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-24 23:42 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-24 23:42 . 2013-01-24 06:01    223752    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-24 23:41 . 2013-05-24 23:41    --------    d-----w-    c:\program files (x86)\QuickTime
2013-05-24 23:41 . 2013-05-24 23:41    --------    d-----w-    c:\programdata\Apple Computer
2013-05-19 20:42 . 2013-05-19 20:42    --------    d-----w-    c:\users\BlazinGT\AppData\Local\SKIDROW
2013-05-18 17:51 . 2013-05-18 17:51    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-05-18 16:41 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-18 16:41 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-18 16:41 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-18 16:41 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-18 16:41 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-18 16:41 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-16 23:33 . 2013-05-16 23:33    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2395D14-59D6-4ABB-880F-DF1365E7FDA2}\offreg.dll
2013-05-16 10:18 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2395D14-59D6-4ABB-880F-DF1365E7FDA2}\mpengine.dll
2013-05-15 10:18 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-14 02:01 . 2013-05-14 02:01    --------    d-sh--w-    C:\$$PendingFiles
2013-05-13 09:15 . 2013-05-13 09:15    --------    d-----w-    c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 21:54 . 2012-02-04 02:51    30528    ----a-w-    c:\windows\GVTDrv64.sys
2013-05-31 21:54 . 2012-02-04 02:51    25640    ----a-w-    c:\windows\gdrv.sys
2013-05-18 16:43 . 2012-02-04 03:51    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-18 16:37 . 2011-03-28 23:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 20:44 . 2013-04-23 10:15    811216    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-15 13:17 . 2012-04-02 23:25    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:17 . 2012-02-04 14:32    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 13:17 . 2012-04-14 14:39    9195912    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-02 22:18 . 2009-07-13 23:19    328704    ----a-w-    c:\windows\system32\services.exe
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-30 19:59 . 2013-04-30 19:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-04-30 19:59 . 2013-04-30 19:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-23 15:58 . 2013-04-23 15:58    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CA29DE7-8933-4106-AA91-69E7F58BB645}\gapaengine.dll
2013-04-13 05:49 . 2013-05-24 23:42    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-24 23:42    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-24 23:42    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-24 23:42    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-24 23:42    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-24 23:42    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-03 21:35 . 2013-03-10 09:58    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 12:58 . 2013-03-26 12:58    829264    ----a-w-    c:\windows\system32\msvcr100.dll
2013-03-26 12:58 . 2013-03-26 12:58    608080    ----a-w-    c:\windows\system32\msvcp100.dll
2013-03-15 05:53 . 2012-10-19 11:25    2864144    ----a-w-    c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-10-19 11:25    26956576    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2012-10-19 11:25    2539128    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2012-10-19 11:25    17990800    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2012-10-19 11:25    15508512    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2012-10-19 11:25    13088000    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2012-10-19 11:25    1118776    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-03-15 04:16 . 2012-10-19 11:26    3477280    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-10-19 11:26    6398240    ----a-w-    c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-10-19 11:26    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-10-19 11:26    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-10-19 11:26    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-03-13 16:24 . 2012-10-19 11:26    3065455    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-03-10 09:58 . 2012-07-26 10:58    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-10 09:58 . 2012-03-11 03:55    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"???????????????????????????????????????????????????????????????"="c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe" [?]
"????????????????????????????????????????????????[??????????????"="c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe" [?]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-04-19 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-08-06 1370624]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2011-01-07 27248]
.
c:\users\BlazinGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-2-4 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2010-12-18 700416]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
PHOTOfunSTUDIO 6.0 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-4-9 170480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys [2010-12-17 30824]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-02-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-04 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-01 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-05-31 30528]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-10 16032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-03-26 178760]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-12-17 21616]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2010-12-17 570880]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-19 1872568]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [2010-12-17 157288]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-10 50208]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 78848]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 180224]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-06-24 1366064]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-24 2552320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
FF - ProfilePath - c:\users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3167684819-1413693687-2382599310-1000_Classes\CLSID\{83220814-6342-F241-A7E1-474F80BE5A41}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-01  06:26:21
ComboFix-quarantined-files.txt  2013-05-31 22:26
ComboFix2.txt  2013-05-30 23:03
ComboFix3.txt  2013-05-29 21:46
.
Pre-Run: 19,208,818,688 bytes free
Post-Run: 19,012,829,184 bytes free
.
- - End Of File - - 188D28E85FB02C42B363DE1657E39642

 

It appears like the registry enter is still there.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"???????????????????????????????????????????????????????????????"="c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe" [?]
"????????????????????????????????????????????????[??????????????"="c:\programdata\Microsoft Webupdater0\cxyqoyqvq.exe" [?]

 

 

I ran HitmanPro as requested and indeed my MSE and WinDefend are working again.

 

Where to go from here?

 

Thanks for all the help so far.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 PM

Posted 01 June 2013 - 07:57 AM


The non ASCII characters may not be parsed correctly.
Will delete the RUN key and rebuild it without the bad empty entries.


Open notepad and copy/paste the text in the quote box below into it:

Registry::
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe"
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe"
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe"
"Steam"="c:\program files (x86)\Steam\steam.exe"

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

#12 BlazinB1

BlazinB1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia - Formerly Canada
  • Local time:03:50 AM

Posted 01 June 2013 - 12:27 PM

Here is the log.   I think everything is back to normal now, thoughts?

 

ComboFix 13-05-30.02 - BlazinGT 01/06/2013  22:08:10.4.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.12286.10105 [GMT 8:00]
Running from: c:\users\BlazinGT\Desktop\ComboFix.exe
Command switches used :: c:\users\BlazinGT\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-01 to 2013-06-01  )))))))))))))))))))))))))))))))
.
.
2013-06-01 14:16 . 2013-06-01 14:16    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-06-01 14:16 . 2013-06-01 14:16    --------    d-----w-    c:\users\UpdatusUser.BlazinGT-PC\AppData\Local\temp
2013-06-01 14:16 . 2013-06-01 14:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-31 22:53 . 2013-05-31 22:53    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{423CC1EA-DF3C-4DB1-8DEA-7E4E6EE0D97C}\offreg.dll
2013-05-31 22:43 . 2013-05-31 22:43    964552    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47A40EE4-3E65-42C9-B608-F31498F4B78B}\gapaengine.dll
2013-05-31 22:43 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{423CC1EA-DF3C-4DB1-8DEA-7E4E6EE0D97C}\mpengine.dll
2013-05-31 22:33 . 2013-05-31 22:39    --------    d-----w-    c:\programdata\HitmanPro
2013-05-30 23:35 . 2013-05-30 23:35    --------    d-----w-    c:\windows\system32\appmgmt
2013-05-28 22:58 . 2013-05-28 22:58    --------    d-----w-    c:\windows\ERUNT
2013-05-28 22:58 . 2013-05-28 22:58    --------    d-----w-    C:\JRT
2013-05-26 14:00 . 2013-05-26 14:00    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\users\BlazinGT\AppData\Roaming\Malwarebytes
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\programdata\Malwarebytes
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-25 19:11 . 2013-04-04 06:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-25 19:11 . 2013-05-25 19:11    --------    d-----w-    c:\users\BlazinGT\AppData\Local\Programs
2013-05-25 16:48 . 2013-05-25 16:48    --------    d-----w-    c:\programdata\Trend Micro
2013-05-25 16:38 . 2013-05-25 16:38    --------    d-----w-    c:\program files (x86)\WinPcap
2013-05-25 16:37 . 2013-05-25 16:37    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-05-25 16:22 . 2013-05-25 16:22    --------    d-----w-    c:\windows\PCHEALTH
2013-05-25 16:03 . 2013-05-25 16:03    --------    d-----w-    c:\programdata\McAfee Security Scan
2013-05-25 16:03 . 2013-05-25 16:03    --------    d-----w-    c:\program files (x86)\McAfee Security Scan
2013-05-25 15:37 . 2013-05-25 15:37    --------    d-----w-    c:\users\BlazinGT\AppData\Local\ElevatedDiagnostics
2013-05-24 23:42 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-24 23:42 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-24 23:42 . 2013-01-24 06:01    223752    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 23:41 . 2013-05-24 23:41    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-24 23:41 . 2013-05-24 23:41    --------    d-----w-    c:\program files (x86)\QuickTime
2013-05-24 23:41 . 2013-05-24 23:41    --------    d-----w-    c:\programdata\Apple Computer
2013-05-19 20:42 . 2013-05-19 20:42    --------    d-----w-    c:\users\BlazinGT\AppData\Local\SKIDROW
2013-05-18 17:51 . 2013-05-18 17:51    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-05-18 16:41 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-18 16:41 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-18 16:41 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-18 16:41 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-18 16:41 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-18 16:41 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-16 10:18 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-14 02:01 . 2013-05-14 02:01    --------    d-sh--w-    C:\$$PendingFiles
2013-05-13 09:15 . 2013-05-13 09:15    --------    d-----w-    c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 22:41 . 2012-02-04 02:51    30528    ----a-w-    c:\windows\GVTDrv64.sys
2013-05-31 22:41 . 2012-02-04 02:51    25640    ----a-w-    c:\windows\gdrv.sys
2013-05-18 16:43 . 2012-02-04 03:51    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-18 16:37 . 2011-03-28 23:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 20:44 . 2013-04-23 10:15    811216    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-15 13:17 . 2012-04-02 23:25    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:17 . 2012-02-04 14:32    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 13:17 . 2012-04-14 14:39    9195912    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-02 22:18 . 2009-07-13 23:19    328704    ----a-w-    c:\windows\system32\services.exe
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-30 19:59 . 2013-04-30 19:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-04-30 19:59 . 2013-04-30 19:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-23 15:58 . 2013-04-23 15:58    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CA29DE7-8933-4106-AA91-69E7F58BB645}\gapaengine.dll
2013-04-23 15:58 . 2012-06-13 23:42    905296    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-24 23:42    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-24 23:42    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-24 23:42    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-24 23:42    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-24 23:42    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-24 23:42    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-03 21:35 . 2013-03-10 09:58    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 12:58 . 2013-03-26 12:58    829264    ----a-w-    c:\windows\system32\msvcr100.dll
2013-03-26 12:58 . 2013-03-26 12:58    608080    ----a-w-    c:\windows\system32\msvcp100.dll
2013-03-15 05:53 . 2012-10-19 11:25    2864144    ----a-w-    c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-10-19 11:25    26956576    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2012-10-19 11:25    2539128    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2012-10-19 11:25    17990800    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2012-10-19 11:25    15508512    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2012-10-19 11:25    13088000    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2012-10-19 11:25    1118776    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-03-15 04:16 . 2012-10-19 11:26    3477280    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-10-19 11:26    6398240    ----a-w-    c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-10-19 11:26    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-10-19 11:26    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-10-19 11:26    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-03-13 16:24 . 2012-10-19 11:26    3065455    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-03-10 09:58 . 2012-07-26 10:58    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-10 09:58 . 2012-03-11 03:55    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-16 20:46    1724600    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-08-06 1370624]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2011-01-07 27248]
.
c:\users\BlazinGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-2-4 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2010-12-18 700416]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
PHOTOfunSTUDIO 6.0 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-4-9 170480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys [2010-12-17 30824]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-02-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-04 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-01 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-05-31 30528]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-10 16032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-03-26 178760]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-12-17 21616]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2010-12-17 570880]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-19 1872568]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [2010-12-17 157288]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-10 50208]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 78848]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 180224]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-16 20:46    2328760    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-06-24 1366064]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-24 2552320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
FF - ProfilePath - c:\users\BlazinGT\AppData\Roaming\Mozilla\Firefox\Profiles\vu3nqakj.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3167684819-1413693687-2382599310-1000_Classes\CLSID\{83220814-6342-F241-A7E1-474F80BE5A41}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-01  22:33:01
ComboFix-quarantined-files.txt  2013-06-01 14:32
ComboFix2.txt  2013-05-31 22:26
ComboFix3.txt  2013-05-30 23:03
ComboFix4.txt  2013-05-29 21:46
.
Pre-Run: 18,870,009,856 bytes free
Post-Run: 18,668,249,088 bytes free
.
- - End Of File - - 0711DC9ECFB4D7D21EF28CFAF8436603
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 PM

Posted 01 June 2013 - 12:47 PM

The bad entries are gone.

Any remaining issues?

#14 BlazinB1

BlazinB1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia - Formerly Canada
  • Local time:03:50 AM

Posted 02 June 2013 - 10:35 AM

No more issues.  Thanks again for all your help Nasdaq, much appreciated.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 PM

Posted 02 June 2013 - 12:43 PM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users