Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad website-Virus-Possible RAT


  • This topic is locked This topic is locked
22 replies to this topic

#1 Zerflamveil

Zerflamveil

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 11 June 2013 - 03:31 PM

Went to a bad website today and AVG didn't block it. After visiting the website, things seemed fine until a system message titled o.0? haha, "your computer can't handle this crap." came up. I don't know where it came from and I think it might be a virus. I did a system restore and am looking for help to see if there is anything.

Thank you for the help guys.

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Name at 16:23:49 on 2013-06-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6052.3244 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\windows\system32\lxczcoms.exe
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Name\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\msi\Cinema ProII\CinemaProII.exe
C:\Program Files (x86)\msi\Cinema ProII\Cinema ProII Controler.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\System32\WUDFHost.exe
C:\Users\Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\taskmgr.exe
C:\Users\Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Users\Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://msi.msn.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [SpeedBitVideoAccelerator] "C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
uRun: [Google Update] "C:\Users\Name\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
mRun: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\windows\UpdReg.EXE
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\UsersName~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Name\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Name~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveAutorun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: Interfaces\{4C19EC9B-C58E-4958-A2A5-D8250C6A247C} : NameServer = 4.2.2.5,4.2.2.6
TCP: Interfaces\{D2325D65-4948-41B6-95C5-AAD4695E177E} : NameServer = 4.2.2.5,4.2.2.6,25.0.0.1
TCP: Interfaces\{F8B8A02D-D24C-4116-8FAE-8FE375200945} : NameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [THXCfg64] C:\windows\System32\RunDLL32.exe C:\windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [lxczbmgr.exe] "C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe"
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\14f04ytg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?hl=en&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mangafox.me/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Name\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc, BRI/1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2013-4-14 30496]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-9-4 45856]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-2-20 129024]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-2-20 317440]
R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2011-2-20 32344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-3-4 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUVStor.sys [2011-2-20 290920]
.
=============== Created Last 30 ================
.
2013-05-29 21:13:26 -------- d-----w- C:\Users\Name\AppData\Roaming\.minecraft
2013-05-23 21:00:51 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-05-20 22:43:12 -------- d-----r- C:\Users\Name\Dropbox
2013-05-20 22:39:44 -------- d-----w- C:\Users\Name\AppData\Roaming\Dropbox
2013-05-15 02:40:40 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-05-15 02:33:17 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
.
==================== Find3M  ====================
.
2013-05-20 20:05:54 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-05-14 21:37:51 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 21:37:50 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-04-12 15:41:58 237840 ----a-w- C:\windows\System32\drivers\VBoxDrv.sys
2013-04-12 15:41:28 131856 ----a-w- C:\windows\System32\drivers\VBoxNetAdp.sys
2013-04-12 15:40:18 146704 ----a-w- C:\windows\System32\drivers\VBoxNetFlt.sys
2013-04-12 15:40:18 120080 ----a-w- C:\windows\System32\drivers\VBoxUSBMon.sys
2013-04-12 15:40:16 204048 ----a-w- C:\windows\System32\VBoxNetFltNobj.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-04-05 04:29:45 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 09:35:05 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 21:57:52 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-03-30 21:57:52 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-03-30 19:07:10 564824 ----a-w- C:\windows\System32\drivers\sptd.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe
2013-03-15 04:16:18 3477280 ----a-w- C:\windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\windows\System32\nvvsvc.exe
2013-03-15 04:16:10 76064 ----a-w- C:\windows\System32\nv3dappshextr.dll
2013-03-15 04:16:10 63776 ----a-w- C:\windows\System32\nvshext.dll
2013-03-15 04:16:10 2555680 ----a-w- C:\windows\System32\nvsvcr.dll
2013-03-15 04:16:10 237856 ----a-w- C:\windows\System32\nvmctray.dll
2013-03-15 04:16:10 1016096 ----a-w- C:\windows\System32\nv3dappshext.dll
.
============= FINISH: 16:28:25.36 ===============
 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 11 June 2013 - 03:55 PM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Zerflamveil

Zerflamveil
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 11 June 2013 - 04:17 PM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-11 17:15:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: 8w3xg5lx.exe; Driver: C:\Users\SHIOFU~1\AppData\Local\Temp\fwlyikow.sys
 
 
---- Devices - GMER 2.1 ----
 
Device  \Driver\a7w8r9lp \Device\Scsi\a7w8r9lp1Port1Path0Target0Lun0                                                          fffffa80081642c0
Device  \Driver\agc5gndd \Device\Scsi\agc5gndd1                                                                               fffffa800817a2c0
Device  \Driver\a7w8r9lp \Device\Scsi\a7w8r9lp1                                                                               fffffa80081642c0
Device  \Driver\agc5gndd \Device\Scsi\agc5gndd1Port2Path0Target0Lun0                                                          fffffa800817a2c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                fffffa8005b212c0
Device  \FileSystem\fastfat \Fat                                                                                              fffffa80084062c0
Device  \Driver\usbehci \Device\USBPDO-1                                                                                      fffffa80080902c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{F8B8A02D-D24C-4116-8FAE-8FE375200945}                                              fffffa80062dc2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{D2325D65-4948-41B6-95C5-AAD4695E177E}                                              fffffa80062dc2c0
Device  \Driver\cdrom \Device\CdRom0                                                                                          fffffa8007fbf2c0
Device  \Driver\cdrom \Device\CdRom1                                                                                          fffffa8007fbf2c0
Device  \Driver\cdrom \Device\CdRom2                                                                                          fffffa8007fbf2c0
Device  \Driver\usbehci \Device\USBFDO-0                                                                                      fffffa80080902c0
Device  \Driver\usbehci \Device\USBFDO-1                                                                                      fffffa80080902c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{7D30FE8A-4DEB-4A75-94B5-BFE231650FD0}                                              fffffa80062dc2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{4C19EC9B-C58E-4958-A2A5-D8250C6A247C}                                              fffffa80062dc2c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                               fffffa80062dc2c0
Device  \Driver\usbehci \Device\USBPDO-0                                                                                      fffffa80080902c0
Device  \Driver\a7w8r9lp \Device\ScsiPort1                                                                                    fffffa80081642c0
Device  \Driver\agc5gndd \Device\ScsiPort2                                                                                    fffffa800817a2c0
 
---- Modules - GMER 2.1 ----
 
Module  \SystemRoot\System32\Drivers\a7w8r9lp.SYS                                                                             fffff8800536e000-fffff880053ba000 (311296 bytes)
Module  \SystemRoot\System32\Drivers\agc5gndd.SYS                                                                             fffff8800631f000-fffff88006370000 (331776 bytes)
 
---- Registry - GMER 2.1 ----
 
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   1
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xB7 0xB1 0xDC 0xA1 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x8C 0x42 0x5B 0x93 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0xBE 0x3E 0x77 0x2D ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                   C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                   0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                   0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                0xA8 0xAD 0x2C 0x11 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                          0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                       0x1C 0xF9 0xD6 0x78 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                  0x74 0xDF 0x3C 0x15 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       1
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xB7 0xB1 0xDC 0xA1 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x8C 0x42 0x5B 0x93 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xBE 0x3E 0x77 0x2D ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                  
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                       C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                       0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                       0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0x66 0xA9 0x66 0xCE ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)         
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                           0x1C 0xF9 0xD6 0x78 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)    
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                      0x74 0xDF 0x3C 0x15 ...
 
---- EOF - GMER 2.1 ----


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 11 June 2013 - 04:27 PM

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Zerflamveil

Zerflamveil
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 11 June 2013 - 05:27 PM

The combofix is taking a long time. Is this normal? In a blue cmd prompt it's saying that it's preparing the log report and it's been like that for at least 30 minutes.



#6 Zerflamveil

Zerflamveil
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 11 June 2013 - 06:28 PM

This is the second scan, the first scan was stalled so ii closed it and restarted my computer.

 

 

ComboFix 13-06-08.02 - Shio Fung Zhu 06/11/2013  19:07:03.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6052.4227 [GMT -4:00]
Running from: c:\users\Shio Fung Zhu\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\CFLog
c:\cflog\CrashLog_20110426.txt
c:\cflog\CrashLog_20110428.txt
c:\cflog\CrashLog_20110509.txt
c:\cflog\CrashLog_20110602.txt
c:\cflog\CrashLog_20110619.txt
c:\cflog\CrashLog_20110620.txt
c:\cflog\CrashLog_20110628.txt
c:\cflog\CrashLog_20110915.txt
c:\cflog\CrashLog_20110917.txt
C:\install.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-11 to 2013-06-11  )))))))))))))))))))))))))))))))
.
.
2013-06-11 23:23 . 2013-06-11 23:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-11 23:23 . 2013-06-11 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-11 21:36 . 2013-06-11 21:36 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 21:27 . 2013-06-11 21:27 -------- d-----w- c:\programdata\CheckPoint
2013-05-29 21:13 . 2013-06-11 20:46 -------- d-----w- c:\users\Shio Fung Zhu\AppData\Roaming\.minecraft
2013-05-23 21:00 . 2013-06-11 20:08 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-05-20 22:43 . 2013-06-11 23:03 -------- d-----r- c:\users\Shio Fung Zhu\Dropbox
2013-05-20 22:39 . 2013-06-11 23:03 -------- d-----w- c:\users\Shio Fung Zhu\AppData\Roaming\Dropbox
2013-05-15 02:33 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 20:36 . 2012-04-09 13:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 20:36 . 2011-05-16 19:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-20 20:05 . 2012-09-04 14:36 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-05-15 02:46 . 2011-04-26 02:05 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-13 03:11 . 2010-06-24 15:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 02:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 02:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 02:33 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 02:33 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 02:33 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 02:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 15:41 . 2013-05-03 01:37 237840 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-04-12 15:41 . 2013-04-12 15:41 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-04-12 15:40 . 2013-05-03 01:37 120080 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-04-12 15:40 . 2013-04-12 15:40 146704 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-04-12 15:40 . 2013-04-12 15:40 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-04-12 14:45 . 2013-04-23 20:10 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 09:35 . 2013-04-21 03:24 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 21:57 . 2012-07-07 00:19 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-30 21:57 . 2011-05-03 00:04 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-30 19:07 . 2013-03-30 19:07 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-03-29 04:17 . 2013-03-29 04:17 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-29 04:17 . 2013-03-29 04:17 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-29 04:17 . 2013-03-29 04:17 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-29 04:17 . 2013-03-29 04:17 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 04:17 . 2013-03-29 04:17 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 04:17 . 2013-03-29 04:17 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-29 04:17 . 2013-03-29 04:17 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-29 04:17 . 2013-03-29 04:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-29 04:17 . 2013-03-29 04:17 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-29 04:17 . 2013-03-29 04:17 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-29 04:17 . 2013-03-29 04:17 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-29 04:17 . 2013-03-29 04:17 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 04:17 . 2013-03-29 04:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-29 04:17 . 2013-03-29 04:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 04:17 . 2013-03-29 04:17 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-29 04:17 . 2013-03-29 04:17 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-29 04:17 . 2013-03-29 04:17 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-29 04:17 . 2013-03-29 04:17 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-29 04:17 . 2013-03-29 04:17 441856 ----a-w- c:\windows\system32\html.iec
2013-03-29 04:17 . 2013-03-29 04:17 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-29 04:17 . 2013-03-29 04:17 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-29 04:17 . 2013-03-29 04:17 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-29 04:17 . 2013-03-29 04:17 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-29 04:17 . 2013-03-29 04:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-29 04:17 . 2013-03-29 04:17 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-29 04:17 . 2013-03-29 04:17 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-29 04:17 . 2013-03-29 04:17 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-29 04:17 . 2013-03-29 04:17 235008 ----a-w- c:\windows\system32\url.dll
2013-03-29 04:17 . 2013-03-29 04:17 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-29 04:17 . 2013-03-29 04:17 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-29 04:17 . 2013-03-29 04:17 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-29 04:17 . 2013-03-29 04:17 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-29 04:17 . 2013-03-29 04:17 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-29 04:17 . 2013-03-29 04:17 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-29 04:17 . 2013-03-29 04:17 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-29 04:17 . 2013-03-29 04:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-29 04:17 . 2013-03-29 04:17 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-29 04:17 . 2013-03-29 04:17 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-29 04:17 . 2013-03-29 04:17 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 04:17 . 2013-03-29 04:17 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-29 04:17 . 2013-03-29 04:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-29 04:17 . 2013-03-29 04:17 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-29 04:17 . 2013-03-29 04:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-29 04:17 . 2013-03-29 04:17 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-29 04:17 . 2013-03-29 04:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-29 04:17 . 2013-03-29 04:17 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-29 04:17 . 2013-03-29 04:17 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-29 04:17 . 2013-03-29 04:17 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-29 04:17 . 2013-03-29 04:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-19 06:04 . 2013-04-10 18:32 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 18:32 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 18:32 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 18:32 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 18:32 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 18:32 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-15 05:53 . 2013-04-14 14:54 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-15 05:53 . 2013-04-14 14:54 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-03-15 05:53 . 2013-04-14 14:48 2864144 ----a-w- c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2013-04-14 14:48 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2013-04-14 14:48 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-15 05:53 . 2013-04-14 14:48 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll
2013-03-15 05:53 . 2013-04-14 14:48 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-03-15 05:53 . 2013-04-14 14:48 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll
2013-03-15 05:53 . 2013-04-14 14:48 9414456 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-15 05:53 . 2013-04-14 14:48 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-03-15 05:53 . 2013-04-14 14:48 2913056 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-15 05:53 . 2013-04-14 14:48 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-03-15 05:53 . 2013-04-14 14:48 250504 ----a-w- c:\windows\system32\nvinitx.dll
2013-03-15 05:53 . 2013-04-14 14:48 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-14 14:48 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-03-15 05:53 . 2013-04-14 14:48 205184 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-03-15 05:53 . 2013-04-14 14:48 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-14 14:48 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2013-04-14 14:48 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:53 . 2013-04-14 14:48 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-03-15 05:53 . 2013-04-14 14:48 7573816 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-15 05:53 . 2013-04-14 14:48 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-03-15 05:53 . 2013-04-14 14:48 26956576 ----a-w- c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2013-04-14 14:48 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-05-20 20:05 1991344 ----a-w- c:\program files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2012-07-07 21:33 428712 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-05-20 1991344]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-15 23:49 130736 ----a-w- c:\users\Shio Fung Zhu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-15 23:49 130736 ----a-w- c:\users\Shio Fung Zhu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-15 23:49 130736 ----a-w- c:\users\Shio Fung Zhu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedBitVideoAccelerator"="c:\program files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" [2011-04-24 2098376]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]
"Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-05-20 1226928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
c:\users\Shio Fung Zhu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Shio Fung Zhu\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-24 27776968]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\SHIOFU~1\AppData\Local\Temp\00522EC.tmp;c:\users\SHIOFU~1\AppData\Local\Temp\00522EC.tmp [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 20:36]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 20:48]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 20:48]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516331497-781182017-3778375440-1001Core.job
- c:\users\Shio Fung Zhu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-21 01:14]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516331497-781182017-3778375440-1001UA.job
- c:\users\Shio Fung Zhu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-21 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2011-03-24 16:16 398000 ----a-w- c:\program files (x86)\DAP\DAPIELoader64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-15 23:49 164016 ----a-w- c:\users\Shio Fung Zhu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-15 23:49 164016 ----a-w- c:\users\Shio Fung Zhu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-15 23:49 164016 ----a-w- c:\users\Shio Fung Zhu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-15 23:49 164016 ----a-w- c:\users\Shio Fung Zhu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{4C19EC9B-C58E-4958-A2A5-D8250C6A247C}: NameServer = 4.2.2.5,4.2.2.6
TCP: Interfaces\{D2325D65-4948-41B6-95C5-AAD4695E177E}: NameServer = 4.2.2.5,4.2.2.6,25.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\Shio Fung Zhu\AppData\Roaming\Mozilla\Firefox\Profiles\14f04ytg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?hl=en&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mangafox.me/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc, BRI/1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-TkBellExe - c:\program files (x86)\real\realplayer\Update\realsched.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\SHIOFU~1\AppData\Local\Temp\00522EC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}"=hex:51,66,7a,6c,4c,1d,38,12,28,66,44,
   75,7f,7b,a7,04,d5,fe,72,b2,e9,7c,fb,19
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}"=hex:51,66,7a,6c,4c,1d,38,12,24,e7,33,
   cd,4a,31,0a,0b,c2,c1,e6,30,23,b9,ba,a3
"{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}"=hex:51,66,7a,6c,4c,1d,38,12,1c,49,84,
   d1,2e,86,ad,08,c1,61,eb,e7,be,96,c2,5a
"{FF6C3CF0-4B15-11D1-ABED-709549C10000}"=hex:51,66,7a,6c,4c,1d,38,12,9e,3f,7f,
   fb,27,05,bf,54,d4,fb,33,d5,4c,9f,44,14
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2d,68,bb,88,77,2d,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,f8,15,89,80,7c,f0,49,b1,2f,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,f8,15,89,80,7c,f0,49,b1,2f,ef,\
.
[HKEY_USERS\S-1-5-21-3516331497-781182017-3778375440-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3516331497-781182017-3778375440-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-11  19:25:32
ComboFix-quarantined-files.txt  2013-06-11 23:25
.
Pre-Run: 160,426,360,832 bytes free
Post-Run: 160,004,874,240 bytes free
.
- - End Of File - - 55DA577DCC41A5E5430F8B1F2FC1D33E
D41D8CD98F00B204E9800998ECF8427E


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 12 June 2013 - 01:22 AM

Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Zerflamveil

Zerflamveil
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 12 June 2013 - 08:17 AM

Do I uninstall combofix? And how do i do it?



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 12 June 2013 - 08:23 AM

Step by step. In case we need combofix again, we would have aproblem, so let´s ensure there is no malware left


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Zerflamveil

Zerflamveil
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 12 June 2013 - 09:54 AM

C:\ProgramData\Ask\APN-Stub\PF\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\ProgramData\SpeedBit\DAP\Offers\VA32_DapSo.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\All Users\Ask\APN-Stub\PF\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\All Users\SpeedBit\DAP\Offers\VA32_DapSo.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Shio Fung Zhu\Desktop\Iso imaging software\Alcohol52_FE_2.0.2.4713.exe Win32/InstallCore.BO application
C:\Users\Shio Fung Zhu\Desktop\Iso imaging software\DTLite4471-0333.exe Win32/OpenCandy application


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 12 June 2013 - 10:31 AM

C:\ProgramData\Ask\APN-Stub\PF\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\ProgramData\SpeedBit\DAP\Offers\VA32_DapSo.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\All Users\Ask\APN-Stub\PF\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\All Users\SpeedBit\DAP\Offers\VA32_DapSo.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Shio Fung Zhu\Desktop\Iso imaging software\Alcohol52_FE_2.0.2.4713.exe Win32/InstallCore.BO application
C:\Users\Shio Fung Zhu\Desktop\Iso imaging software\DTLite4471-0333.exe Win32/OpenCandy application

These files aren´t malware but contain security risks. Delete them immediately.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Zerflamveil

Zerflamveil
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 12 June 2013 - 11:02 AM

how do i delete the security risks?



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 12 June 2013 - 11:03 AM

just navigate to the folders where they are stored in Explorer and delete them


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Zerflamveil

Zerflamveil
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 12 June 2013 - 11:19 AM

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 12:09:40
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Shio Fung Zhu - SHIOFUNGZHU-MSI
# Boot Mode : Normal
# Running from : C:\Users\Shio Fung Zhu\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Shio Fung Zhu\AppData\Roaming\Mozilla\Firefox\Profiles\14f04ytg.default\searchplugins\speedbit.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\Users\Shio Fung Zhu\AppData\Local\APN
Folder Deleted : C:\Users\Shio Fung Zhu\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Shio Fung Zhu\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Shio Fung Zhu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Shio Fung Zhu\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Shio Fung Zhu\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Shio Fung Zhu\AppData\LocalLow\Speedbit
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SpeedBit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Users\Shio Fung Zhu\AppData\Roaming\Mozilla\Firefox\Profiles\14f04ytg.default\prefs.js
 
C:\Users\Shio Fung Zhu\AppData\Roaming\Mozilla\Firefox\Profiles\14f04ytg.default\user.js ... Deleted !
 
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.2.0.5");
Deleted : user_pref("extensions.enabledAddons", "%7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9,%7BF17C1572-C9[...]
Deleted : user_pref("speedbit.dap_installed", true);
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Shio Fung Zhu\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [9595 octets] - [12/06/2013 12:09:40]
 
########## EOF - C:\AdwCleaner[S1].txt - [9655 octets] ##########


#15 Zerflamveil

Zerflamveil
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 12 June 2013 - 11:31 AM

Results of screen317's Security Check version 0.99.64  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.65.1.1000  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Mozilla Firefox (21.0) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users