Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ISP informed me of a BOT, both PC's are infected.


  • This topic is locked This topic is locked
34 replies to this topic

#1 FrickinThing

FrickinThing

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 16 June 2013 - 03:26 PM

Hey everyone, so I finally made it here..

 

A few days ago I was trading, (I'm a Forex trader) all of the sudden the screen went black for a few seconds and my ISP sent me an email directly after my screen recovered, everything browser related froze and after hard-closing I reopened my email and my ISP said that I've been infected with a BOT, AWESOME! So I went to my ISP's website to check just to make sure as they have a URL you can access that will scan for BOTS and this is what came up.

 

Screenshot:

 

OR71Fy1.png

 

It also has an option to Export Data to a .CSV file and this is what it shows when opened.

 

LanDcEg.png

 

 

 

 

 

I get this notice on both of my computers. I've tried the following in and out of Safemode.

 

Malwarebytes PRO

Ad-Aware Antivirus

HitmanPro

Spybot S&D

Security Essentials

 

Removed anything that came up, but nothing that shows this BOT. A search on Google doesn't even show anything about it. I can't afford to have my bank accounts and trading accounts compromised, I constantly check logging IP's on anything I can and so far I'm the only one, the name of the BOT sounds terrifying and I have no idea how or why it got there in the first place. I don't share connections with anyone, all my stuff is protected and the only other PC in the house that has this connection is my own that only I use. I did a netstat -a just out of curiosity and got a few strange results I can post if needed but am probably just paranoid.

 

So that's where I'm at. S.O.S!

 

Thanks guys.

 

 

DDS Info from Main PC:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.21.2
Run by Anonymous at 17:07:28 on 2013-06-16
Microsoft Windows 7 Home Premium   6.1.7600.1.1252.1.1033.18.4093.2290 [GMT -7:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Explorer.EXE
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mSearchAssistant = about:blank
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\justin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Browser Infrastructure Helper] c:\users\justin\appdata\local\smartbar\application\QuickShare.exe startup
mRun: [OEM05Mon.exe] c:\windows\OEM05Mon.exe
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [OEM05Cfg.exe] OEM05Cfg.exe /d:5
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{06AB286F-CA48-430B-B168-7F3D9043E18B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{06AB286F-CA48-430B-B168-7F3D9043E18B}\86F6D6560236F6D60757475627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{06AB286F-CA48-430B-B168-7F3D9043E18B}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{06AB286F-CA48-430B-B168-7F3D9043E18B}\D4F42514E445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{06AB286F-CA48-430B-B168-7F3D9043E18B}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E7C999EC-8168-4F0D-8AB4-E1D2CBEF6C1A} : DHCPNameServer = 10.11.0.1
TCP: Interfaces\{F15596AD-6AC0-43BF-A7D0-49BE4148B7C3} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\justin\appdata\roaming\mozilla\firefox\profiles\xao4hxgu.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=US&userid=9520c83d-3189-49a7-bd29-39fc0fa9bc6d&searchtype=hp&installDate=01/01/1970
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=US&userid=9520c83d-3189-49a7-bd29-39fc0fa9bc6d&searchtype=ds&installDate=01/01/1970&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\battlelog web plugins\1.140.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\2.1.2\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\justin\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\justin\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\justin\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-12 13560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-6-26 21728]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-4-25 20384]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-20 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2012-6-26 268768]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2007-3-5 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2007-7-20 235616]
R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\drivers\SaiK0CCB.sys [2011-9-5 138760]
R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\drivers\SaiU0CCB.sys [2011-9-5 35336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-16 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-16 701512]
S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-6-26 1501696]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2012-6-26 960992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-16 22856]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-11-11 97552]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2007-6-8 141376]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-5 1343400]
.
=============== Created Last 30 ================
.
2013-06-16 18:49:40 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-16 18:44:43 -------- d-----w- c:\program files\HitmanPro
2013-06-16 18:44:10 -------- d-----w- c:\programdata\HitmanPro
2013-06-16 08:34:15 -------- d-----w- c:\users\justin\appdata\roaming\Malwarebytes
2013-06-16 08:32:58 -------- d-----w- c:\programdata\Malwarebytes
2013-06-16 08:32:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-16 08:32:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-16 08:32:37 -------- d-----w- c:\users\justin\appdata\local\Programs
2013-06-16 06:05:52 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f3ee3515-2c60-4801-9687-4697d974fa73}\mpengine.dll
2013-06-14 21:43:47 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9727e7ee-a255-4114-8e81-60d878b5e7b8}\gapaengine.dll
2013-06-14 21:43:32 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-13 20:30:16 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2013-06-13 03:17:41 30921 ----a-w- c:\windows\system32\drivers\SQCaptur.sys
2013-06-13 03:17:41 25449 ----a-w- c:\windows\system32\drivers\SQCamD.sys
2013-06-13 02:50:20 -------- d-----w- c:\program files\PhoTags Express
2013-06-13 02:31:24 -------- d-----w- c:\users\justin\appdata\local\{69882F92-E348-43ED-9F47-6F85C0FAB62D}
2013-06-12 21:20:39 -------- d-----w- c:\users\justin\appdata\roaming\LavasoftStatistics
2013-06-12 21:20:37 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-06-12 21:18:12 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-06-12 21:18:03 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-12 21:18:02 -------- d-----w- c:\users\justin\appdata\local\adawarebp
2013-06-12 21:18:02 -------- d-----w- c:\programdata\adawaretb
2013-06-12 21:18:01 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-06-12 21:17:52 -------- d-----w- c:\program files\adawaretb
2013-06-12 21:17:49 -------- d-----w- c:\program files\Toolbar Cleaner
2013-06-12 21:16:27 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-06-12 21:16:27 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-12 21:16:26 -------- d-----w- c:\users\justin\appdata\roaming\Ad-Aware Antivirus
2013-06-12 10:44:59 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-06-12 10:44:55 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-06-12 10:44:55 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-06-12 10:44:55 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 10:44:53 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-06-12 10:43:03 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-06-12 02:02:45 -------- d-----w- c:\users\justin\.oanda
2013-06-12 02:00:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-05 00:10:59 -------- d-----w- c:\programdata\StarApp
2013-06-05 00:06:19 -------- d-----w- c:\program files\ContinueToSave
2013-06-05 00:06:11 -------- d-----w- c:\programdata\contiinUEEtosaVe
2013-06-05 00:03:40 -------- d-----w- c:\programdata\InstallMate
2013-06-04 05:52:57 -------- d-----w- c:\program files\DivX
2013-06-04 05:51:47 -------- d-----w- c:\programdata\DivX
2013-06-04 00:48:33 -------- d-----w- c:\users\justin\appdata\local\{803B7F75-B41E-498A-8158-8855F663A6BD}
2013-06-03 20:58:52 38937 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2013-06-03 20:58:52 24382 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2013-06-02 23:15:52 -------- d-----w- c:\users\justin\appdata\local\{920BF2FA-834F-4DCE-9FEC-BD16206AA6E4}
.
==================== Find3M  ====================
.
2013-06-15 21:52:57 137992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-06-15 21:52:48 291088 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-06-15 21:52:48 291088 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-06-15 21:52:37 283304 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-06-12 01:59:57 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-12 01:59:57 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
.
============= FINISH: 17:08:18.05 ===============

Edited by FrickinThing, 16 June 2013 - 08:54 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 17 June 2013 - 01:12 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

 

 

 

 

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 FrickinThing

FrickinThing
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 18 June 2013 - 02:48 PM

I'm going to get started on this right away and report back, thank you for helping.



#4 FrickinThing

FrickinThing
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 19 June 2013 - 03:17 PM

I've attached the file as requested.

 

As for the logs from the scan with MalwareBytes, there are none, but they were all tracking cookies. I saw nothing that suggested a virus, malware, or trojan or any kind.

 

 

Attached Files

  • Attached File  ark.txt   589bytes   3 downloads


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 19 June 2013 - 11:51 PM

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.

 

 

 

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 FrickinThing

FrickinThing
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 June 2013 - 04:55 PM

Ok I'm going to start this now. Seems we are from different time zones but that's ok and I'll update you asap with the results, thank you.



#7 FrickinThing

FrickinThing
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 June 2013 - 07:24 PM

Here are the results, I skimmed over them and saw the name of the BOT I have removed. I have not gone to MY ISP's site yet to verify if it's still there as I'm trying to follow your directions best I can.
 
I did notice all of my Google Chrome settings have been removed, upon opening chrome it said all of my user preferences had been removed.
 
The bookmarks bar is gone, Bookmarks in the Bookmarks spot are there but every Bookmarked site I put in the app/most visited pages are gone as I had 2 pages of bookmarks, the ones you can see when you open a new tab and hit the arrow next to the Chrome Store Icon, instead of putting them in address bars/folders you can open a new tab and drag them down to the page and fill about 5 columns, I had 2 pages and they are gone. I don't care, just telling you. I will somehow find what I had there. Every single one of my extensions are gone also, I had at least 10+.
 
 
Question # 1
 
Since this BOT shows on my other computer also, how do I save all browser related extensions and Bookmarks so I can re-load them after running these programs on my other PC?
 
Question # 2
 
How was this BOT spread to my other compute and where did it come from?
 
Question # 3
 
What is the purpose of this BOT?
 
When first scanned on my ISP's BOT-Checking website (https://amibotted.comcast.net) it shows that the number of times this BOT had been seen was 20. When I check last a few days ago while posting this thread that number had more than doubled in a matter of days, so I'm thinking it's a new type of BOT? Nothing could be found about it on Google, I tried every combinations of the words and nothing came up anywhere.
 
 
Question # 4

 

Do I need to repeat these steps on my other PC also to remove this BOT?

 

 

 

 
ADW Cleaner Results:
 
Note: I have highlighted the Sprotector, (partial name of the BOT) in the ADW Log below for easy finding.
 
 
# AdwCleaner v2.303 - Logfile created 06/20/2013 at 15:59:55
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Anonymous - Anonymous
# Boot Mode : Normal
# Running from : C:\Users\Justin\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\END
File Deleted : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\searchplugins\Web Search.xml
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\continuetosave
Folder Deleted : C:\ProgramData\adawaretb
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\contiinUEEtosaVe
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Justin\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\adawaretb
Folder Deleted : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\extensions\staged
Folder Deleted : C:\Users\Justin\AppData\Roaming\OpenCandy
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v12.0 (en-US)
 
File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\prefs.js
 
Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=US&use[...]
Deleted : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Deleted : user_pref("extensions.facemoods.dfltSrch", true);
Deleted : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
Deleted : user_pref("extensions.facemoods.dnsErr", true);
Deleted : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.first_time", false);
Deleted : user_pref("extensions.facemoods.hmpg", true);
Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Deleted : user_pref("extensions.facemoods.id", "_#78bb0613000000000000e691f54082ba");
Deleted : user_pref("extensions.facemoods.instlDay", "_#15317");
Deleted : user_pref("extensions.facemoods.mntz", "");
Deleted : user_pref("extensions.facemoods.newTab", true);
Deleted : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=2");
Deleted : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Deleted : user_pref("extensions.facemoods.searchProviderAdded", true);
Deleted : user_pref("extensions.facemoods.sid", "_#c9349a4f0db045dd95630d0d5a58e1ab");
Deleted : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Deleted : user_pref("extensions.facemoods.update", "_#v1.4.0");
Deleted : user_pref("extensions.facemoods.vrsn", "_#1.4.17.11");
Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=US&userid=9520c83d-[...]
Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Deleted : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=US&userid=95[...]
 
File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.4922] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/#inbox", "chrome://newtab/" [...]
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.4922] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/#inbox", "chrome://newtab/" [...]
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.4922] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/#inbox", "chrome://newtab/" [...]
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.4922] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/#inbox", "chrome://newtab/" [...]
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.4922] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/#inbox", "chrome://newtab/" [...]
 
-\\ Chromium v    _signature: ZNdQ6KDe6dpET6THB+xXbaf1ed9BDZhBeXkztHaHnFA=
 
File : C:\Users\Justin\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [324 octets] - [20/06/2013 15:43:48]
AdwCleaner[S2].txt - [7379 octets] - [20/06/2013 15:59:55]
 
########## EOF - C:\AdwCleaner[S2].txt - [7439 octets] ##########
 
 
 
 
 
ComboFix Results:
 
 
 
 
ComboFix 13-06-20.01 - Frost 06/20/2013  16:30:04.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7600.1.1252.1.1033.18.4093.2864 [GMT -7:00]
Running from: c:\users\Justin\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\frapsvid.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-20 to 2013-06-20  )))))))))))))))))))))))))))))))
.
.
2013-06-20 23:35 . 2013-06-20 23:37 -------- d-----w- c:\users\Justin\AppData\Local\temp
2013-06-20 18:26 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F124C3A6-030D-4DAF-8D84-69DFF1D37A96}\mpengine.dll
2013-06-19 11:12 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-16 18:49 . 2013-06-16 18:49 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-16 18:44 . 2013-06-16 18:44 -------- d-----w- c:\program files\HitmanPro
2013-06-16 18:44 . 2013-06-16 18:49 -------- d-----w- c:\programdata\HitmanPro
2013-06-16 08:34 . 2013-06-16 08:34 -------- d-----w- c:\users\Justin\AppData\Roaming\Malwarebytes
2013-06-16 08:32 . 2013-06-16 08:32 -------- d-----w- c:\programdata\Malwarebytes
2013-06-16 08:32 . 2013-06-16 08:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-16 08:32 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-16 08:32 . 2013-06-16 08:32 -------- d-----w- c:\users\Justin\AppData\Local\Programs
2013-06-14 21:43 . 2013-06-13 20:29 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9727E7EE-A255-4114-8E81-60D878B5E7B8}\gapaengine.dll
2013-06-13 20:30 . 2013-06-13 20:29 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-13 03:17 . 2003-01-10 17:56 30921 ----a-w- c:\windows\system32\drivers\SQCaptur.sys
2013-06-13 03:17 . 2003-01-10 16:30 25449 ----a-w- c:\windows\system32\drivers\SQCamD.sys
2013-06-13 02:50 . 2013-06-16 10:33 -------- d-----w- c:\program files\PhoTags Express
2013-06-12 21:20 . 2013-06-12 21:20 -------- d-----w- c:\users\Justin\AppData\Roaming\LavasoftStatistics
2013-06-12 21:20 . 2013-06-12 21:20 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-06-12 21:18 . 2013-06-12 21:18 -------- d-----w- c:\programdata\Lavasoft
2013-06-12 21:18 . 2013-06-12 21:20 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-06-12 21:18 . 2013-06-12 21:18 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-12 21:18 . 2013-06-12 21:18 -------- d-----w- c:\users\Justin\AppData\Local\adawarebp
2013-06-12 21:18 . 2013-06-12 21:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-06-12 21:17 . 2013-06-12 21:17 -------- d-----w- c:\program files\Toolbar Cleaner
2013-06-12 21:16 . 2013-06-12 21:16 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-06-12 21:16 . 2013-06-12 21:16 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-12 21:16 . 2013-06-16 08:24 -------- d-----w- c:\users\Justin\AppData\Roaming\Ad-Aware Antivirus
2013-06-12 10:44 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-06-12 10:44 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 10:44 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-06-12 10:44 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-06-12 10:44 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-06-12 10:43 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-06-12 02:02 . 2013-06-12 02:02 -------- d-----w- c:\users\Justin\.oanda
2013-06-12 02:01 . 2013-06-12 02:01 -------- d-----w- c:\program files\Common Files\Java
2013-06-12 02:00 . 2013-06-12 01:59 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-05 00:10 . 2013-06-05 00:10 -------- d-----w- c:\programdata\StarApp
2013-06-04 05:52 . 2013-06-04 05:52 -------- d-----w- c:\program files\DivX
2013-06-04 05:51 . 2013-06-04 05:51 -------- d-----w- c:\programdata\DivX
2013-06-03 20:58 . 2005-03-25 00:21 38937 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2013-06-03 20:58 . 2004-05-07 22:31 24382 ----a-w- c:\windows\system32\drivers\Camd905c.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-15 21:52 . 2012-01-04 21:32 137992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-06-15 21:52 . 2012-01-04 21:32 291088 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-06-15 21:52 . 2011-09-08 21:08 291088 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-06-15 21:52 . 2012-01-04 21:32 283304 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-06-12 01:59 . 2012-12-10 19:39 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-12 01:59 . 2011-09-11 18:45 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-20 03:27 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:28 . 2011-09-05 22:48 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2012-10-18 02:56 . 2011-09-08 17:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 227840]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 123392]
"OEM05Cfg.exe"="OEM05Cfg.exe" [2007-07-20 28672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-12-12 692224]
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2012-6-26 4573664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-03-09 1501696]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 171096]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1324120]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 72792]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-30 97552]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-06-08 141376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1343400]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-06-12 13560]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 21728]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-05-15 20384]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2013-03-18 1236336]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [2010-03-23 268768]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 171096]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1324120]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 72792]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-03-06 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-07-20 235616]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2010-08-10 138760]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2010-08-10 35336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-29 06:48]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-29 06:48]
.
2013-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663328073-1032584046-3232852828-1000Core1ce471a2ef011d0.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 01:02]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663328073-1032584046-3232852828-1000UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 01:02]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
AddRemove-WinRAR 4.01 - c:\program files\WinRAR\Uninstall.exe
AddRemove-{8E127F68-BE01-7CD2-FD27-3EC800CEC072} - c:\progra~3\INSTAL~1\{9D9C5~1\Setup.exe
AddRemove-{A5142764-AB5B-9E00-19DB-65955477856A} - c:\progra~3\INSTAL~1\{41866~1\Setup.exe
AddRemove-Planet Side 2 - z:\planet side 2\Uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3504)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-06-20  16:39:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-20 23:39
.
Pre-Run: 43,415,572,480 bytes free
Post-Run: 43,347,161,088 bytes free
.
- - End Of File - - C99E50713773DFDBFADF7DB787C57580
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
Edited for spelling/better understanding/bold for you for easier finding/reading.

Edited by FrickinThing, 20 June 2013 - 07:35 PM.


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 21 June 2013 - 01:03 AM

To #1:

You can backup and restore your chrome profile with Google Chrome Backup: http://www.parhelia-tools.com/products/gcb/googlechrome.aspx

To #2:

Malware has many ways to spread and install itself in the background. It will be almost impossible to say where it came from.
A possibillity how it come to your other computer is that the infected machine simply scanned the network and sent itself to all machines responding.

To #3:

As we saw only two remaining reg entries, I cannot say what the purpose of this adware was.
We´ll have a closer look to your system.

To #4:

As each computer is different, we have to do an individual cleanup. Never use the tools and commands you were given on another computer.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :folderfind
    *protect*
    :filefind
    *protect*
    :regfind
    sprotect
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 FrickinThing

FrickinThing
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 June 2013 - 01:20 PM

Ok quick question, are the above System Look instructions to be done on my other computer, or we still working on my current computer?

 

Edit: Going fourth with the Scan on my current computer.


Edited by FrickinThing, 21 June 2013 - 02:08 PM.


#10 FrickinThing

FrickinThing
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 June 2013 - 02:00 PM

Deleted this post, as I followed instructions wrong, forgot to paste the script first.


Edited by FrickinThing, 21 June 2013 - 02:03 PM.


#11 FrickinThing

FrickinThing
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 June 2013 - 02:10 PM

Here are the Results from the PC we've been working on.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 12:04 on 21/06/2013 by Anonymous
Administrator - Elevation successful
 
========== folderfind ==========
 
Searching for "*protect*"
C:\Program Files\EA Games\Battlefield 2\mods\bf2\Objects\Weapons\Handheld\chsht_protecta d------ [10:08 07/01/2012]
C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform d------ [04:40 30/06/2010]
C:\ProgramData\Ad-Aware Browsing Protection d------ [21:18 12/06/2013]
C:\Users\All Users\Ad-Aware Browsing Protection d------ [21:18 12/06/2013]
C:\Users\Justin\AppData\Roaming\Microsoft\Protect d---s-- [21:36 05/09/2011]
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Protect d---s-- [19:46 15/03/2012]
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform d------ [04:34 14/07/2009]
C:\Windows\System32\Microsoft\Protect d---s-- [04:34 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection d------ [04:42 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform d------ [04:37 14/07/2009]
C:\Windows\winsxs\x86_macrovision-protection-safedisc_31bf3856ad364e35_6.1.7600.16385_none_5d832d711e99213d d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-n..essprotection-agent_31bf3856ad364e35_6.1.7600.16385_none_066e8b414ed48c74 d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-n..essprotection-agent_31bf3856ad364e35_6.1.7601.17514_none_089f9f094bc3100e d------ [02:45 08/09/2011]
C:\Windows\winsxs\x86_microsoft-windows-n..essprotection-netsh_31bf3856ad364e35_6.1.7600.16385_none_13c97e21914a0a11 d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-n..protection-statusui_31bf3856ad364e35_6.1.7600.16385_none_3d715a438950ce7b d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-n..sprotection-shvhost_31bf3856ad364e35_6.1.7600.16385_none_df95bbf958108470 d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-n..sprotection-shvhost_31bf3856ad364e35_6.1.7601.17514_none_e1c6cfc154ff080a d------ [08:23 01/10/2011]
C:\Windows\winsxs\x86_microsoft-windows-n..ssprotection-common_31bf3856ad364e35_6.1.7600.16385_none_b43bdfbce0772b7e d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-n..ssprotection-common_31bf3856ad364e35_6.1.7601.17514_none_b66cf384dd65af18 d------ [08:23 01/10/2011]
C:\Windows\winsxs\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.1.7600.16385_none_11e6c4bbf79a5e2b d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.1.7601.17514_none_1417d883f488e1c5 d------ [08:23 01/10/2011]
C:\Windows\winsxs\x86_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_6.1.7600.16385_none_6388acf17dd74912 d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_481f6abd91b25a15 d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-w..sfileprotection-adm_31bf3856ad364e35_6.1.7600.16385_none_248fc5aeeb645080 d------ [04:49 14/07/2009]
 
========== filefind ==========
 
Searching for "*protect*"
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2013-06-16.txt --a---- 7014 bytes [08:34 16/06/2013] [18:54 16/06/2013] 28B1EBF1086E08DEFB4D73EE7E337DF5
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2013-06-19.txt --a---- 1444 bytes [19:37 19/06/2013] [19:38 19/06/2013] 3B225BBE07F20B66589180EECC071C0B
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2013-06-20.txt --a---- 4452 bytes [23:17 20/06/2013] [23:37 20/06/2013] 74C5EE179F10F9D240D84E31D43CF016
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2013-06-16.txt --a---- 7014 bytes [08:34 16/06/2013] [18:54 16/06/2013] 28B1EBF1086E08DEFB4D73EE7E337DF5
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2013-06-19.txt --a---- 1444 bytes [19:37 19/06/2013] [19:38 19/06/2013] 3B225BBE07F20B66589180EECC071C0B
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2013-06-20.txt --a---- 4452 bytes [23:17 20/06/2013] [23:37 20/06/2013] 74C5EE179F10F9D240D84E31D43CF016
C:\Users\Justin\AppData\Roaming\Ad-Aware Antivirus\protection-status.xml --a---- 96 bytes [02:53 13/06/2013] [23:37 20/06/2013] BA6E46A81F984DB651DC908A61DA1B36
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Recent\protection-log-2013-06-16.lnk --a---- 1253 bytes [23:34 18/06/2013] [23:34 18/06/2013] A1484E7FCEF6054D409D18B2B958774F
C:\Windows\System32\SystemPropertiesProtection.exe --a---- 81920 bytes [23:40 13/07/2009] [01:14 14/07/2009] 637C76FBF5249B75C3E3BA08FFDABF5C
C:\Windows\System32\en-US\SystemPropertiesProtection.exe.mui --a---- 2048 bytes [04:55 14/07/2009] [02:01 14/07/2009] 0F5D5CCB39A5BD98C49E1D5C58B60364
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx --a---- 69632 bytes [21:36 05/09/2011] [21:54 05/09/2011] 4C61332A74FC932E3CF62B0A130A0740
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx --a---- 69632 bytes [21:38 05/09/2011] [21:54 05/09/2011] DDC833411C67D07C626515C9139C584D
C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_481f6abd91b25a15.manifest --a---- 6297 bytes [02:19 14/07/2009] [02:18 14/07/2009] FC44639F0DB514FE29DED6732FBC332E
C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_481f6abd91b25a15_psbase.dll_b29bce30 --a---- 50688 bytes [02:19 14/07/2009] [02:18 14/07/2009] 274992D0945889A6B56D0E1BD4288A6E
C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_481f6abd91b25a15_pstorec.dll_b3635d22 --a---- 42496 bytes [02:19 14/07/2009] [02:18 14/07/2009] B9ADA43CB3FFAF6669D34F432AA44A0F
C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_481f6abd91b25a15_pstorsvc.dll_edc49796 --a---- 23552 bytes [02:19 14/07/2009] [02:18 14/07/2009] 0A3CCB2C4F603D99F34D742FC9544B97
C:\Windows\winsxs\Manifests\x86_macrovision-protection-safedisc_31bf3856ad364e35_6.1.7600.16385_none_5d832d711e99213d.manifest --a---- 2517 bytes [02:03 14/07/2009] [01:50 14/07/2009] AB81635334C3ABE855B039199AFF74E4
C:\Windows\winsxs\Manifests\x86_macrovision-protection_31bf3856ad364e35_6.1.7600.16385_none_60d0264a285d10b0.manifest --a---- 1005 bytes [02:03 14/07/2009] [01:45 14/07/2009] 49BC60B08A2AE56BBD8AB4B915291CA9
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..essprotection-agent_31bf3856ad364e35_6.1.7600.16385_none_066e8b414ed48c74.manifest --a---- 87625 bytes [02:03 14/07/2009] [01:54 14/07/2009] 322A747CB2A268E4AD66A7C33B170266
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..essprotection-agent_31bf3856ad364e35_6.1.7601.17514_none_089f9f094bc3100e.manifest ------- 87625 bytes [02:41 08/09/2011] [12:07 20/11/2010] CCB585ED5981446F62E5957B6B131ADF
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..essprotection-netsh_31bf3856ad364e35_6.1.7600.16385_none_13c97e21914a0a11.manifest --a---- 2786 bytes [02:03 14/07/2009] [01:53 14/07/2009] A65ABF1B796EF1B300687DCC857CA586
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..protection-statusui_31bf3856ad364e35_6.1.7600.16385_none_3d715a438950ce7b.manifest --a---- 2175 bytes [02:03 14/07/2009] [01:50 14/07/2009] 34F555F55BD9577A6D68125F52289ED9
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..sprotection-shvhost_31bf3856ad364e35_6.1.7600.16385_none_df95bbf958108470.manifest --a---- 15791 bytes [02:03 14/07/2009] [01:49 14/07/2009] C9C2252005019CC019A8E769E64C7A62
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..sprotection-shvhost_31bf3856ad364e35_6.1.7601.17514_none_e1c6cfc154ff080a.manifest ------- 15791 bytes [02:41 08/09/2011] [12:04 20/11/2010] 5FDC9A4EBD3AA871C5B2251BFA68ABE3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-client_31bf3856ad364e35_6.1.7600.16385_none_f7338b129465ce6c.manifest --a---- 424 bytes [02:03 14/07/2009] [01:45 14/07/2009] E1DE19A12ACA0EC860F68D6390D195F0
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-common_31bf3856ad364e35_6.1.7600.16385_none_b43bdfbce0772b7e.manifest --a---- 6886 bytes [02:03 14/07/2009] [01:52 14/07/2009] 38E6AF4A3AB62D003EC15F2028E632B1
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-common_31bf3856ad364e35_6.1.7601.17514_none_b66cf384dd65af18.manifest ------- 6886 bytes [02:41 08/09/2011] [12:06 20/11/2010] 8235A2159CF747BA3F3BD383EDCF27AB
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.1.7600.16385_none_11e6c4bbf79a5e2b.manifest --a---- 8707 bytes [02:03 14/07/2009] [01:48 14/07/2009] 287F03923B7FB7CF537B8073BE3B3AA5
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.1.7601.17514_none_1417d883f488e1c5.manifest ------- 8707 bytes [02:41 08/09/2011] [12:03 20/11/2010] D4C1955FA59233F987B47B30F8AEA677
C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_6.1.7600.16385_none_6388acf17dd74912.manifest --a---- 2709 bytes [02:03 14/07/2009] [01:55 14/07/2009] 37B047944ADBA5CCB7F218F2375741DF
C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_481f6abd91b25a15.manifest --a---- 6297 bytes [02:03 14/07/2009] [01:50 14/07/2009] FC44639F0DB514FE29DED6732FBC332E
C:\Windows\winsxs\Manifests\x86_microsoft-windows-w..sfileprotection-adm_31bf3856ad364e35_6.1.7600.16385_none_248fc5aeeb645080.manifest --a---- 2803 bytes [01:53 14/07/2009] [01:53 14/07/2009] D491D2F35C7011F0D6A519F56CD4D7D9
C:\Windows\winsxs\x86_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_6.1.7600.16385_none_6388acf17dd74912\SystemPropertiesProtection.exe --a---- 81920 bytes [23:40 13/07/2009] [01:14 14/07/2009] 637C76FBF5249B75C3E3BA08FFDABF5C
C:\Windows\winsxs\x86_microsoft-windows-s..rotection.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bf744834f155827b\SystemPropertiesProtection.exe.mui --a---- 2048 bytes [04:55 14/07/2009] [02:01 14/07/2009] 0F5D5CCB39A5BD98C49E1D5C58B60364
C:\Windows\winsxs\x86_microsoft-windows-w..ction-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ed6d5b83bd823071\WindowsFileProtection.adml --a---- 4078 bytes [04:55 14/07/2009] [02:04 14/07/2009] 9880110E7C312AC9DA3C9F74B6A532E1
C:\Windows\winsxs\x86_microsoft-windows-w..sfileprotection-adm_31bf3856ad364e35_6.1.7600.16385_none_248fc5aeeb645080\WindowsFileProtection.admx --a---- 3000 bytes [21:47 10/06/2009] [21:47 10/06/2009] C86782A0615825D31BC1BCF2C7DF90FC
 
========== regfind ==========
 
Searching for "sprotect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.3g2]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.3gp]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.3gp2]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Musi
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.3gpp]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Musi
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.asf]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dvr-ms]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Media;System.RecordedTV.EpisodeName;System.Music.Artist;System.Media.Year;System.Media.Duration;System.PropGroup.RecordedTV;System.RecordedTV.RecordingTime;System.RecordedTV.NetworkAffiliation;System.RecordedTV.OriginalBroadcastDate;System.RecordedTV.ChannelNumber;System.RecordedTV.StationCallSign;System.RecordedTV.StationName;System.RecordedTV.ProgramDescription;System.RecordedTV.Credits;System.RecordedTV.IsRepeatBroadcast;System.RecordedTV.IsATSCContent;System.RecordedTV.IsDTVContent;System.RecordedTV.IsHDContent;System.RecordedTV.IsClosedCaptioningAvailable;System.RecordedTV.IsSAP;System.RecordedTV.DateContentExpires;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.PropGroup.Video;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameWidth;System.Video.FrameHeight;S
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m1v]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m2t]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m2ts]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Musi
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m2v]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m4a]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Media;System.Music.Artist;System.Music.AlbumArtist;System.Music.AlbumTitle;System.Media.Year;System.Music.TrackNumber;System.Music.Genre;System.Media.Duration;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.PropGroup.Origin;System.Media.Producer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.ContentGroupDescription;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music.BeatsPerMinute;System.DRM.IsProtected;System.Music.IsCompilation;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemTyp
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m4b]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Media;System.Music.Artist;System.Music.AlbumArtist;System.Music.AlbumTitle;System.Media.Year;System.Music.TrackNumber;System.Music.Genre;System.Media.Duration;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.PropGroup.Origin;System.Media.Producer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.ContentGroupDescription;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music.BeatsPerMinute;System.DRM.IsProtected;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemType;System.ItemFolderPathDisp
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m4p]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m4v]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mod]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mov]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mp2]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mp2v]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Musi
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mp3]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Comment;System.PropGroup.Media;System.Music.Artist;System.Music.AlbumArtist;System.Music.AlbumTitle;System.Media.Year;System.Music.TrackNumber;System.Music.Genre;System.Media.Duration;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.PropGroup.Origin;System.Media.Publisher;System.Media.EncodedBy;System.Media.AuthorUrl;System.Copyright;System.PropGroup.Content;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.ContentGroupDescription;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music.BeatsPerMinute;System.DRM.IsProtected;System.Music.IsCompilation;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemType;System.ItemFolderPathDisplay;System.DateCreated;System.DateModified;System.Size;System.FileAttributes;System.OfflineAvailability;System.OfflineStatus;System.Shar
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mp4]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mp4v]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Musi
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpe]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpeg]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Musi
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpg]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpv2]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Musi
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mts]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ts]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tts]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.vob]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wma]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Media;System.Music.Artist;System.Music.AlbumArtist;System.Music.AlbumTitle;System.Media.Year;System.Music.TrackNumber;System.Music.Genre;System.Media.Duration;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.PropGroup.Origin;System.Media.Producer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.ContentGroupDescription;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music.BeatsPerMinute;System.DRM.IsProtected;System.Music.IsCompilation;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemTyp
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wmv]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.Media;System.Music.Artist;System.Media.Year;System.Music.Genre;System.PropGroup.Origin;System.Video.Director;System.Media.Producer;System.Media.Writer;System.Media.Publisher;System.Media.ContentDistributor;System.Media.DateEncoded;System.Media.EncodedBy;System.Media.AuthorUrl;System.Media.PromotionUrl;System.Copyright;System.PropGroup.Content;System.ParentalRating;System.ParentalRatingReason;System.Music.Composer;System.Music.Conductor;System.Music.Period;System.Music.Mood;System.Music.PartOfSet;System.Music.InitialKey;System.Music
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wtv]
"FullDetails"="prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Rating;System.Keywords;System.Comment;System.PropGroup.Media;System.RecordedTV.EpisodeName;System.Music.Artist;System.Media.Year;System.Media.Duration;System.PropGroup.RecordedTV;System.RecordedTV.RecordingTime;System.RecordedTV.NetworkAffiliation;System.RecordedTV.OriginalBroadcastDate;System.RecordedTV.ChannelNumber;System.RecordedTV.StationCallSign;System.RecordedTV.StationName;System.RecordedTV.ProgramDescription;System.RecordedTV.Credits;System.RecordedTV.IsRepeatBroadcast;System.RecordedTV.IsATSCContent;System.RecordedTV.IsDTVContent;System.RecordedTV.IsHDContent;System.RecordedTV.IsClosedCaptioningAvailable;System.RecordedTV.IsSAP;System.RecordedTV.DateContentExpires;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.PropGroup.Video;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameWidth;System.Video.FrameHeight;Syst
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{a1bc4eca-66b2-44e8-9915-be02e84438ba}]
"Type"="Microsoft.Networking.NetworkAccessProtection.Admin.NapClient.NapSnap, napsnap, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{a1bc4ecb-66b2-44e8-9915-be02e84438ba}]
"Type"="Microsoft.Networking.NetworkAccessProtection.Admin.NapClient.NapSnapExtension, napsnap, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetworkAccessProtection]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{3f2a72a7-99fa-4ddb-a5a8-c604edf61d6b}\TopViews\{3fa62bd1-b86d-4b21-9931-02086472c3e6}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.Music.TrackNumber;0System.Title;0System.Music.Artist;0System.Music.AlbumTitle;0System.Rating;1System.Music.Genre;1System.Media.Duration;2System.Media.Year;2System.Music.AlbumArtist;2System.Audio.EncodingBitrate;2System.DRM.IsProtected;2System.Music.Conductor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{3f2a72a7-99fa-4ddb-a5a8-c604edf61d6b}\TopViews\{82ba0782-5b7a-4569-b5d7-ec83085f08cc}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.Music.Artist;0(16)System.Music.AlbumTitle;0System.Music.TrackNumber;0(18)System.Title;1System.ItemTypeText;1System.Size;1System.DateCreated;1System.DateModified;1System.ItemFolderPathDisplay;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Rating;1System.Media.Year;2System.Music.Conductor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{3f2a72a7-99fa-4ddb-a5a8-c604edf61d6b}\TopViews\{d34ade43-45bd-44ae-84b7-3bcc998826e2}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.Music.Artist;0(16)System.Music.AlbumTitle;0System.Music.TrackNumber;0(18)System.Title;1System.ItemTypeText;1System.Size;1System.DateCreated;1System.DateModified;1System.ItemFolderPathDisplay;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Rating;1System.Media.Year"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{3f2a72a7-99fa-4ddb-a5a8-c604edf61d6b}\TopViews\{e4823db9-b055-42e1-a218-3b18fd1b24cb}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.Music.Artist;0System.Music.AlbumTitle;0System.Music.TrackNumber;0System.Title;0System.Rating;1System.ItemTypeText;1System.Size;1System.DateCreated;1System.DateModified;1System.ItemFolderPathDisplay;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Media.Year;2System.Music.Conductor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{71689ac1-cc88-45d0-8a22-2943c3e7dfb3}\TopViews\{0167146e-5395-4c48-9048-d584eeaca4f2}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.Music.TrackNumber;0System.Title;0System.Music.Artist;0System.Music.AlbumTitle;0System.Rating;0System.ItemFolderPathDisplayNarrow;1System.Search.Rank;1System.ItemTypeText;1System.Size;1System.DateCreated;1System.DateModified;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Media.Year;2System.Music.Conductor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{71689ac1-cc88-45d0-8a22-2943c3e7dfb3}\TopViews\{05b0d151-f1bd-4fcc-a591-c37a4f36755c}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.Music.Artist;0System.Music.AlbumTitle;0System.Music.TrackNumber;0System.Title;0System.ItemFolderPathDisplayNarrow;1System.Search.Rank;1System.ItemTypeText;1System.Size;1System.DateCreated;1System.DateModified;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Rating;1System.Media.Year;2System.Music.Conductor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{71689ac1-cc88-45d0-8a22-2943c3e7dfb3}\TopViews\{1c655225-b392-4f85-b10e-961228212744}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.Music.TrackNumber;0System.Title;0System.Music.Artist;0System.Music.AlbumTitle;0System.Rating;0System.ItemFolderPathDisplayNarrow;1System.Search.Rank;1System.ItemTypeText;1System.Size;1System.DateCreated;1System.DateModified;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Media.Year;2System.Music.Conductor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{71689ac1-cc88-45d0-8a22-2943c3e7dfb3}\TopViews\{4804caf0-de08-42ec-b811-52350e94c01e}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.DateModified;0System.Music.TrackNumber;0System.Title;0System.Music.Artist;0System.Music.AlbumTitle;0System.Rating;0System.ItemFolderPathDisplay;1System.Search.Rank;1System.ItemTypeText;1System.Size;1System.DateCreated;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Media.Year;2System.Music.Conductor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{71689ac1-cc88-45d0-8a22-2943c3e7dfb3}\TopViews\{86b0cc03-4a60-4705-849d-b6f6768e436f}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.Music.TrackNumber;0System.Title;0System.Music.Artist;0System.Music.AlbumTitle;0System.Rating;0System.ItemFolderPathDisplayNarrow;1System.Search.Rank;1System.ItemTypeText;1System.Size;1System.DateCreated;1System.DateModified;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Media.Year;2System.Music.Conductor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{71689ac1-cc88-45d0-8a22-2943c3e7dfb3}\TopViews\{9df9986a-7b7b-4fb1-bdc1-e333f6eeda55}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.DateModified;0System.Size;0System.Music.Artist;0System.ItemFolderPathDisplayNarrow;1System.Search.Rank;1System.ItemTypeText;1System.DateCreated;1System.DateModified;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Rating;1System.Media.Year"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{71689ac1-cc88-45d0-8a22-2943c3e7dfb3}\TopViews\{bd6ab8cf-c0fd-4d50-bc73-7aad9b067958}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.Music.TrackNumber;0System.Title;0System.Music.Artist;0System.Music.AlbumTitle;0System.Rating;0System.ItemFolderPathDisplayNarrow;1System.Search.Rank;1System.ItemTypeText;1System.Size;1System.DateCreated;1System.DateModified;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Media.Year;2System.Music.Conductor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TopViews\{00000000-0000-0000-0000-000000000000}]
"ColumnList"="prop:0System.ItemNameDisplay;0System.Music.TrackNumber;0System.Title;0System.Music.Artist;0System.Music.AlbumTitle;1System.ItemTypeText;1System.Size;1System.DateCreated;1System.DateModified;1System.Music.AlbumArtist;1System.Audio.EncodingBitrate;1System.Music.Genre;1System.Media.Duration;1System.DRM.IsProtected;1System.Rating;1System.Media.Year"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-n..essprotection-agent_31bf3856ad364e35_none_b47bcb716e3cd77f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-n..essprotection-netsh_31bf3856ad364e35_none_8b6ec9ccbc2fc98a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-n..sprotection-shvhost_31bf3856ad364e35_none_a59be2ac17e0d863]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-n..ssprotection-client_31bf3856ad364e35_none_883612869f659747]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-n..ssprotection-common_31bf3856ad364e35_none_8dc619c896f1e245]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_none_142d80ab2298a3c0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_none_2765dc53a1e73451]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/Operational]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{4ef850d8-bf30-4e64-a917-ee21b9be1f0a}]
@="Microsoft-Windows-NetworkAccessProtection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{4ef850d8-bf30-4e64-a917-ee21b9be1f0a}\ChannelReferences\0]
@="Microsoft-Windows-NetworkAccessProtection/Operational"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{4ef850d8-bf30-4e64-a917-ee21b9be1f0a}\ChannelReferences\1]
@="Microsoft-Windows-NetworkAccessProtection/WHC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{b1bebb9a-24aa-4b83-9e4a-38c2a9a44377}\ChannelReferences\1]
@="Microsoft-Windows-NetworkAccessProtection/Operational"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\NapHelperClass\HelperClasses\NetworkAccessProtection]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\AddressAcquisition\Dependencies]
"NetworkAccessProtection"=""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\NapHelperClass\HelperClasses\NetworkAccessProtection]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\AddressAcquisition\Dependencies]
"NetworkAccessProtection"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\NapHelperClass\HelperClasses\NetworkAccessProtection]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\AddressAcquisition\Dependencies]
"NetworkAccessProtection"=""
 
-= EOF =-


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 22 June 2013 - 06:47 AM

You have more than one full scale antivirus programs installed.

This harms the security state of your computer so please uninstall all of them but one.

 

CF-Script


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:


FIREFOX::

FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0

CLEARJAVACACHE::



Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 FrickinThing

FrickinThing
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 22 June 2013 - 10:13 PM

The reason for all the anti-virus programs is because when I got the BOT I wanted to get rid of it and nothing was finding it, so I downloaded a bunch of them, trying everything. Which one(s) should I now keep?

 

Also, I only use Google Chrome for my browser even though I have Firefox.

 

 

When I was doing this I accidentally opened ComboFix and it started to scan, it had no close option so I had to crtl alt dlt and I'm pretty sure I closed it before the whole thing could finish doing whatever this does when you just open it.

 

Hope it didn't mess anything up, I attached the log.

 

 

 

 

Attached Files



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 23 June 2013 - 04:45 PM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.
  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.
SecurityCheck

Please download SecurityCheck: %5BB%5DLINK1[/b] %5BB%5DLINK2[/b]
  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 FrickinThing

FrickinThing
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 25 June 2013 - 11:33 PM

ADW-Cleaner deleted all of my stuff again, this time it deleted my extensions AND my app's AND every single bookmark I had.

 

I'm not sure how much I have synced but it shows a significant number of bookmarks and other things, the bad news it I have absolutely no idea what my Google sync password is and the only way to get a new one is to reset sync, where I will probably loose everything stored on their server. I tried the back up program you gave me before I ran ADW, I tried to add 2 of them just in case and when I open them up I get the same empty browser, like it never even did anything, is there any other way? I have 500 bookmarks, a lot business related and a ton of things I wanted to save for a very long time, for research and for a lot of different reasons. I took a picture of all my Apps and Extensions this time prior, as last time it Deleted them and it took me awhile to remember which ones I had. So the only thing bad about that is I have to Download a ton of stuff again, but I really really need these Bookmarks back. I have no idea why the program didn't work. Here are the results you asked for..

 

 

ADW-Cleaner Results:

 

 

# AdwCleaner v2.303 - Logfile created 06/25/2013 at 00:34:51

# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Anonymous - ANONYMOUS
# Boot Mode : Normal
# Running from : C:\Users\Justin\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v12.0 (en-US)
 
File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xao4hxgu.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.3879] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/#inbox", "chrome://newtab/" [...]
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.3879] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/#inbox", "chrome://newtab/" [...]
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.3879] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/#inbox", "chrome://newtab/" [...]
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.3879] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/#inbox", "chrome://newtab/" [...]
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.3879] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/#inbox", "chrome://newtab/" [...]
 
-\\ Chromium v    _signature: ZNdQ6KDe6dpET6THB+xXbaf1ed9BDZhBeXkztHaHnFA=
 
File : C:\Users\Justin\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Justin\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [324 octets] - [20/06/2013 15:43:48]
AdwCleaner[S2].txt - [7508 octets] - [20/06/2013 15:59:55]
AdwCleaner[S3].txt - [3289 octets] - [25/06/2013 00:34:51]
 
########## EOF - C:\AdwCleaner[S3].txt - [3349 octets] ##########
 
_______________________________________________________________________________
 

 

SecurityCheck Results:

 

 

 Results of screen317's Security Check version 0.99.67  

 Windows 7  x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Lavasoft Ad-Aware               
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java™ 6 Update 31  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.4.402.287  
 Mozilla Firefox 12.0 Firefox out of Date!  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 Spybot Teatimer.exe is disabled! 
 Ad-Aware Antivirus AdAwareService.exe   
 Ad-Aware Antivirus SBAMSvc.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users