Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected computer .how to remove it?


  • This topic is locked This topic is locked
12 replies to this topic

#1 rocky14321

rocky14321

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 18 June 2013 - 03:44 AM

i clicked a link when i was chatting online it displayed a blank page and that time onwards it was indifferent . someone was monitoring my online activity.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16671  BrowserJavaVersion: 10.21.2
Run by gates at 13:52:00 on 2013-06-18
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2036.879 [GMT 5.5:30]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\gates\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\sysWOW64\wbem\WmiPrvSE.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDzztDyEzzyD0C0AyB0EtB0FyD0AtBtN0D0Tzu0CyDtAtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=520872118&ir=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [uTorrent] "C:\Users\gates\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
StartupFolder: C:\Users\gates\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\gates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{73D24425-F0A8-4CAB-A489-D239831A806C} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDzztDyEzzyD0C0AyB0EtB0FyD0AtBtN0D0Tzu0CyDtAtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=520872118&ir=
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\gates\AppData\Roaming\Mozilla\Firefox\Profiles\0o1aq10g.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.in/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Users\gates\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\gates\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\gates\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\gates\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-11 08:44; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-06-11 08:44; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-06-11 08:44; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-06-11 08:44; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-06-11 08:44; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-14 14456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-13 283200]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-3-20 55056]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-2-1 19232]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-3-20 356376]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-2-21 165112]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-13 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-13 701512]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe [2006-8-28 92952]
R2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-4-3 625304]
R2 PrmBackAgent;Primavera Background Agent;C:\Program Files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe [2007-3-30 673280]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-3-20 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-3-20 29528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-13 25928]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-11 51712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-3-23 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-3-23 9800]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-3-7 1432400]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-6-14 39504]
.
=============== Created Last 30 ================
.
2013-06-16 08:08:01    --------    d-----w-    C:\Windows\System32\catroot2
2013-06-15 14:03:37    --------    d-----w-    C:\Program Files\Lavasoft
2013-06-15 13:53:36    69152    ----a-w-    C:\Windows\System32\drivers\Lbd.sys
2013-06-15 13:19:31    --------    d-----w-    C:\Program Files (x86)\Lavasoft
2013-06-14 14:47:00    39504    ----a-w-    C:\Windows\System32\drivers\gfiark.sys
2013-06-14 13:37:21    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-06-14 10:39:32    --------    d-----w-    C:\ProgramData\Ad-Aware Antivirus
2013-06-14 10:37:43    --------    d-----w-    C:\Users\gates\AppData\Roaming\LavasoftStatistics
2013-06-14 10:07:30    --------    d-----w-    C:\Program Files (x86)\Ad-Aware Antivirus
2013-06-14 10:06:56    --------    d-----w-    C:\ProgramData\Downloaded Installations
2013-06-14 09:57:57    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
2013-06-14 09:57:56    --------    d-----w-    C:\Users\gates\AppData\Roaming\Ad-Aware Antivirus
2013-06-14 07:34:59    --------    d-----w-    C:\ProgramData\F-Secure
2013-06-14 07:31:49    --------    d-----w-    C:\ProgramData\boost_interprocess
2013-06-13 18:12:59    --------    d-----w-    C:\Windows\SysWow64\Tweaking.com - Remove Policies Set By Infections
2013-06-13 17:28:58    --------    d-----w-    C:\Tweaking.com_Windows_Repair_Logs
2013-06-13 17:25:30    --------    d-----w-    C:\Program Files (x86)\Enigma Software Group
2013-06-13 17:16:48    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-13 15:07:53    --------    d-----w-    C:\Users\gates\AppData\Roaming\Malwarebytes
2013-06-13 15:07:51    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-06-13 15:07:51    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-06-13 15:07:51    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-13 13:22:01    --------    d-----w-    C:\Program Files (x86)\TornTV.com
2013-06-10 16:45:14    64856    ----a-w-    C:\Windows\System32\klfphc.dll
2013-06-10 16:44:10    --------    d-----w-    C:\Windows\ELAMBKUP
2013-06-10 16:44:06    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2013-06-10 16:44:06    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2013-06-10 16:43:55    90208    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2013-06-10 13:07:22    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-10 07:35:50    --------    d-----w-    C:\Users\gates\AppData\Local\Macromedia
2013-06-10 07:27:47    --------    d-----w-    C:\Users\gates\AppData\Local\Mozilla
2013-06-10 07:23:57    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-06 15:44:41    --------    d-----w-    C:\Users\gates\AppData\Local\Computers and Structures
2013-06-06 15:42:29    --------    d-----w-    C:\Program Files (x86)\Computers and Structures
2013-06-06 15:16:46    --------    d-----w-    C:\Users\gates\AppData\Roaming\GoforFiles
2013-06-06 15:13:08    561179    ----a-w-    C:\Windows\SysWow64\dao360.dll
2013-06-06 15:12:55    --------    d-----w-    C:\Program Files (x86)\Softlogic Innovations
2013-06-02 16:34:37    98816    ----a-w-    C:\Windows\sed.exe
2013-06-02 16:34:37    256000    ----a-w-    C:\Windows\PEV.exe
2013-06-02 16:34:37    208896    ----a-w-    C:\Windows\MBR.exe
2013-05-26 09:36:14    --------    d-----w-    C:\Users\gates\AppData\Roaming\Wireshark
.
==================== Find3M  ====================
.
2013-06-14 09:53:36    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 09:53:36    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 03:14:16    55056    ----a-w-    C:\Windows\System32\drivers\kltdi.sys
2013-06-11 03:14:16    178448    ----a-w-    C:\Windows\System32\drivers\kneps.sys
2013-04-16 15:29:04    708608    ----a-w-    C:\Windows\SysWow64\Resecure60.dll
2013-04-16 15:29:04    458752    ----a-w-    C:\Windows\SysWow64\LiveUpdate.dll
2013-04-16 15:29:04    1290240    ----a-w-    C:\Windows\SysWow64\NGWinSys.dll
2013-04-02 14:09:52    4550656    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
2013-04-02 13:32:28    26624    ----a-w-    C:\Windows\SysWow64\wukmvzx.dll
2013-04-02 13:32:28    1024    ----a-w-    C:\Windows\SysWow64\grcauth2.dll
2013-04-02 13:32:28    1024    ----a-w-    C:\Windows\SysWow64\grcauth1.dll
2013-04-02 13:32:28    1024    ----a-w-    C:\Windows\SysWow64\clauth2.dll
2013-04-02 13:32:28    1024    ----a-w-    C:\Windows\SysWow64\clauth1.dll
2013-03-27 08:33:14    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-27 08:33:14    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-20 18:05:08    29528    ----a-w-    C:\Windows\System32\drivers\klmouflt.sys
2013-03-20 18:05:08    29016    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
.
============= FINISH: 13:52:49.12 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 22 June 2013 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 rocky14321

rocky14321
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 23 June 2013 - 01:51 AM

hi nasdaq first of all thanks for your caring. i've taken the reports log in the order of adwcleaner , junk removal tool , combo fix , security check.

 

adw cleaner log:

 

# AdwCleaner v2.303 - Logfile created 06/23/2013 at 11:30:15
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : gates - GATES-PC
# Boot Mode : Normal
# Running from : C:\Users\gates\Downloads\Programs\adwcleaner_4.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\gates\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\Mysearchdial.xml
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Users\gates\AppData\Local\APN
Folder Deleted : C:\Users\gates\AppData\Local\PackageAware
Folder Deleted : C:\Users\gates\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\gates\AppData\Roaming\DSite
Folder Deleted : C:\Users\gates\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\53e8b8de239bd43
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDzztDyEzzyD0C0AyB0EtB0FyD0AtBtN0D0Tzu0CyDtAtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=520872118&ir= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDzztDyEzzyD0C0AyB0EtB0FyD0AtBtN0D0Tzu0CyDtAtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=520872118&ir= --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\gates\AppData\Roaming\Mozilla\Firefox\Profiles\0o1aq10g.default\prefs.js

[OK] File is clean.

File : C:\Users\gates\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js

C:\Users\gates\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1[...]
Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

-\\ Google Chrome v28.0.1500.44

File : C:\Users\gates\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3002] : urls_to_restore_on_startup = [ "hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1[...]

*************************

AdwCleaner[R1].txt - [10833 octets] - [14/06/2013 11:44:26]
AdwCleaner[R2].txt - [10920 octets] - [14/06/2013 11:59:00]
AdwCleaner[R3].txt - [11895 octets] - [14/06/2013 16:57:55]
AdwCleaner[R4].txt - [3654 octets] - [23/06/2013 11:28:57]
AdwCleaner[S1].txt - [393 octets] - [14/06/2013 11:46:08]
AdwCleaner[S2].txt - [348 octets] - [14/06/2013 11:59:28]
AdwCleaner[S3].txt - [313 octets] - [14/06/2013 16:59:03]
AdwCleaner[S4].txt - [3689 octets] - [23/06/2013 11:30:15]

########## EOF - C:\AdwCleaner[S4].txt - [3749 octets] ##########

 

 

junk removal tool log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by gates on Sun 06/23/2013 at 11:23:18.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2612669
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D22DDE74-BB04-43E7-9E52-01EBE8C5DB97}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\gates\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\gates\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\gates\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Folder] "C:\Users\gates\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\gates\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"



~~~ FireFox

Emptied folder: C:\Users\gates\AppData\Roaming\mozilla\firefox\profiles\0o1aq10g.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/23/2013 at 11:27:24.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

combo fix log:

 

ComboFix 13-06-22.01 - gates 06/23/2013  11:45:53.3.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2036.786 [GMT 5.5:30]
Running from: c:\users\gates\Downloads\Programs\ComboFix_2.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\prsgrc.dll
c:\windows\SysWow64\ssprs.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-23 to 2013-06-23  )))))))))))))))))))))))))))))))
.
.
2013-06-23 06:25 . 2013-06-23 06:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-23 05:53 . 2013-06-23 05:53    --------    d-----w-    c:\windows\ERUNT
2013-06-23 05:50 . 2013-06-23 05:53    --------    d-----w-    C:\JRT
2013-06-18 15:52 . 2013-06-18 15:54    --------    d-----w-    c:\windows\system32\catroot2
2013-06-18 13:39 . 2013-06-18 13:39    982912    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-06-18 13:17 . 2013-06-16 20:40    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF3D5E43-A294-4829-8645-57ED009671CB}\mpengine.dll
2013-06-18 13:09 . 2013-06-02 11:41    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-06-18 13:07 . 2012-12-16 16:52    46080    ----a-w-    c:\windows\system32\atmlib.dll
2013-06-18 13:07 . 2012-12-16 14:40    367616    ----a-w-    c:\windows\system32\atmfd.dll
2013-06-18 13:07 . 2012-12-16 14:25    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2013-06-18 13:07 . 2012-12-16 14:25    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2013-06-18 12:59 . 2012-03-01 06:54    22896    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-06-18 12:59 . 2012-03-01 06:40    80896    ----a-w-    c:\windows\system32\imagehlp.dll
2013-06-18 12:59 . 2012-03-01 06:35    5120    ----a-w-    c:\windows\system32\wmi.dll
2013-06-18 12:59 . 2012-03-01 05:45    158720    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-06-18 12:59 . 2012-03-01 05:40    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2013-06-18 11:09 . 2010-10-16 05:17    720896    ----a-w-    c:\windows\system32\odbc32.dll
2013-06-18 11:09 . 2010-10-16 05:16    495616    ----a-w-    c:\program files\Common Files\System\ado\msadox.dll
2013-06-18 11:09 . 2010-10-16 05:16    466944    ----a-w-    c:\program files\Common Files\System\ado\msadomd.dll
2013-06-18 11:09 . 2010-10-16 05:16    258048    ----a-w-    c:\program files\Common Files\System\msadc\msadco.dll
2013-06-18 11:09 . 2010-10-16 04:34    573440    ----a-w-    c:\windows\SysWow64\odbc32.dll
2013-06-18 11:09 . 2010-10-16 04:33    372736    ----a-w-    c:\program files (x86)\Common Files\System\ado\msadox.dll
2013-06-18 11:09 . 2010-10-16 04:33    352256    ----a-w-    c:\program files (x86)\Common Files\System\ado\msadomd.dll
2013-06-18 11:09 . 2010-10-16 04:33    208896    ----a-w-    c:\program files (x86)\Common Files\System\msadc\msadco.dll
2013-06-18 11:06 . 2012-11-09 05:34    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-06-18 11:06 . 2012-11-09 04:49    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-06-18 11:03 . 2012-04-28 03:50    204800    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2013-06-18 11:03 . 2012-11-02 05:30    2001408    ----a-w-    c:\windows\system32\msxml6.dll
2013-06-18 11:03 . 2012-11-02 05:30    1880064    ----a-w-    c:\windows\system32\msxml3.dll
2013-06-18 11:03 . 2012-11-02 04:50    1388544    ----a-w-    c:\windows\SysWow64\msxml6.dll
2013-06-18 11:03 . 2012-11-02 04:50    1236992    ----a-w-    c:\windows\SysWow64\msxml3.dll
2013-06-18 10:58 . 2013-02-12 15:37    3138048    ----a-w-    c:\windows\system32\mstscax.dll
2013-06-18 10:58 . 2013-02-12 15:13    2691072    ----a-w-    c:\windows\SysWow64\mstscax.dll
2013-06-18 10:58 . 2013-02-12 15:42    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2013-06-18 10:58 . 2013-02-12 15:31    158208    ----a-w-    c:\windows\system32\aaclient.dll
2013-06-18 10:58 . 2013-02-12 15:07    131072    ----a-w-    c:\windows\SysWow64\aaclient.dll
2013-06-18 10:58 . 2013-02-12 13:59    36864    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2013-06-18 10:53 . 2010-12-23 06:07    1118720    ----a-w-    c:\windows\system32\sbe.dll
2013-06-18 10:53 . 2010-12-23 06:07    961024    ----a-w-    c:\windows\system32\CPFilters.dll
2013-06-18 10:53 . 2010-12-23 06:02    259072    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-06-18 10:53 . 2010-12-23 05:28    850432    ----a-w-    c:\windows\SysWow64\sbe.dll
2013-06-18 10:53 . 2010-12-23 05:28    642048    ----a-w-    c:\windows\SysWow64\CPFilters.dll
2013-06-18 10:53 . 2010-12-23 05:24    199680    ----a-w-    c:\windows\SysWow64\mpg2splt.ax
2013-06-18 10:53 . 2013-01-04 05:41    1893224    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-18 10:53 . 2013-01-04 05:40    287576    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-06-18 10:52 . 2012-06-06 05:50    1425408    ----a-w-    c:\program files\Common Files\System\ado\msado15.dll
2013-06-18 10:52 . 2012-06-06 05:09    987136    ----a-w-    c:\program files (x86)\Common Files\System\ado\msado15.dll
2013-06-18 10:50 . 2011-11-17 07:12    395776    ----a-w-    c:\windows\system32\webio.dll
2013-06-18 10:50 . 2011-11-17 05:39    314368    ----a-w-    c:\windows\SysWow64\webio.dll
2013-06-18 10:48 . 2011-11-17 07:14    1739160    ----a-w-    c:\windows\system32\ntdll.dll
2013-06-18 10:48 . 2011-11-17 05:41    1292592    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-06-18 10:45 . 2012-02-15 06:27    1031680    ----a-w-    c:\windows\system32\rdpcore.dll
2013-06-18 10:45 . 2012-02-15 05:44    826368    ----a-w-    c:\windows\SysWow64\rdpcore.dll
2013-06-18 10:45 . 2012-02-15 04:46    23552    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2013-06-18 10:43 . 2013-03-19 06:19    5497688    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-06-18 10:41 . 2012-08-11 00:53    714752    ----a-w-    c:\windows\system32\kerberos.dll
2013-06-18 10:41 . 2012-08-10 23:54    541184    ----a-w-    c:\windows\SysWow64\kerberos.dll
2013-06-18 10:41 . 2011-10-15 06:25    723456    ----a-w-    c:\windows\system32\EncDec.dll
2013-06-18 10:41 . 2011-10-15 05:48    534528    ----a-w-    c:\windows\SysWow64\EncDec.dll
2013-06-18 10:40 . 2011-03-03 06:17    182272    ----a-w-    c:\windows\system32\dnsrslvr.dll
2013-06-18 10:40 . 2011-03-03 06:17    356352    ----a-w-    c:\windows\system32\dnsapi.dll
2013-06-18 10:40 . 2011-03-03 06:14    30208    ----a-w-    c:\windows\system32\dnscacheugc.exe
2013-06-18 10:40 . 2011-03-03 05:27    28672    ----a-w-    c:\windows\SysWow64\dnscacheugc.exe
2013-06-18 10:40 . 2012-05-14 05:20    956416    ----a-w-    c:\windows\system32\localspl.dll
2013-06-18 10:38 . 2013-04-12 14:36    1653096    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-06-18 10:38 . 2011-12-28 03:59    499200    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-06-18 10:38 . 2011-02-12 06:14    267776    ----a-w-    c:\windows\system32\FXSCOVER.exe
2013-06-18 10:38 . 2012-08-24 18:05    220160    ----a-w-    c:\windows\system32\wintrust.dll
2013-06-18 10:38 . 2012-08-24 17:10    172544    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-06-18 10:37 . 2011-04-29 03:13    461312    ----a-w-    c:\windows\system32\drivers\srv.sys
2013-06-18 10:37 . 2011-04-29 03:12    399872    ----a-w-    c:\windows\system32\drivers\srv2.sys
2013-06-18 10:37 . 2011-04-29 03:12    161792    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2013-06-18 10:37 . 2011-08-27 05:40    861184    ----a-w-    c:\windows\system32\oleaut32.dll
2013-06-18 10:37 . 2011-08-27 05:40    331776    ----a-w-    c:\windows\system32\oleacc.dll
2013-06-18 10:37 . 2011-08-27 04:43    571904    ----a-w-    c:\windows\SysWow64\oleaut32.dll
2013-06-18 10:37 . 2011-08-27 04:43    233472    ----a-w-    c:\windows\SysWow64\oleacc.dll
2013-06-18 10:36 . 2011-04-09 06:58    142336    ----a-w-    c:\windows\system32\poqexec.exe
2013-06-18 10:36 . 2011-04-09 05:56    123904    ----a-w-    c:\windows\SysWow64\poqexec.exe
2013-06-18 10:36 . 2012-03-17 07:55    75632    ----a-w-    c:\windows\system32\drivers\partmgr.sys
2013-06-18 10:36 . 2013-03-01 03:32    3150848    ----a-w-    c:\windows\system32\win32k.sys
2013-06-18 10:33 . 2010-10-16 05:23    112000    ----a-w-    c:\windows\system32\consent.exe
2013-06-18 10:31 . 2012-09-06 17:38    295792    ----a-w-    c:\windows\system32\drivers\volsnap.sys
2013-06-18 10:31 . 2010-12-18 06:08    1097216    ----a-w-    c:\windows\system32\mstsc.exe
2013-06-18 10:31 . 2010-12-18 05:26    1034240    ----a-w-    c:\windows\SysWow64\mstsc.exe
2013-06-18 10:31 . 2011-03-11 06:19    1395712    ----a-w-    c:\windows\system32\mfc42.dll
2013-06-18 10:31 . 2011-03-11 06:19    1359872    ----a-w-    c:\windows\system32\mfc42u.dll
2013-06-18 10:31 . 2011-03-11 05:40    1164288    ----a-w-    c:\windows\SysWow64\mfc42u.dll
2013-06-18 10:31 . 2011-03-11 05:40    1137664    ----a-w-    c:\windows\SysWow64\mfc42.dll
2013-06-18 10:31 . 2012-07-04 22:04    73216    ----a-w-    c:\windows\system32\netapi32.dll
2013-06-18 10:31 . 2012-07-04 22:01    58880    ----a-w-    c:\windows\system32\browcli.dll
2013-06-18 10:31 . 2012-07-04 22:01    136704    ----a-w-    c:\windows\system32\browser.dll
2013-06-18 10:31 . 2012-07-04 21:23    41472    ----a-w-    c:\windows\SysWow64\browcli.dll
2013-06-18 10:29 . 2011-07-09 02:44    287744    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2013-06-18 10:29 . 2011-05-04 02:51    157696    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2013-06-18 10:29 . 2011-05-04 02:51    126464    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2013-06-18 10:29 . 2011-05-03 05:21    976896    ----a-w-    c:\windows\system32\inetcomm.dll
2013-06-18 10:29 . 2011-05-03 04:50    740864    ----a-w-    c:\windows\SysWow64\inetcomm.dll
2013-06-18 10:28 . 2013-02-12 14:02    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-06-18 10:28 . 2012-11-20 05:55    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-06-18 10:28 . 2012-11-20 05:10    219136    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-06-18 10:28 . 2011-10-01 05:28    886784    ----a-w-    c:\program files\Common Files\System\wab32.dll
2013-06-18 10:28 . 2011-10-01 04:43    708608    ----a-w-    c:\program files (x86)\Common Files\System\wab32.dll
2013-06-18 10:27 . 2011-11-19 15:07    77312    ----a-w-    c:\windows\system32\packager.dll
2013-06-18 10:27 . 2011-11-19 14:06    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2013-06-18 10:21 . 2012-06-02 22:19    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2013-06-18 10:21 . 2012-06-02 22:19    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2013-06-18 10:21 . 2012-06-02 22:19    44056    ----a-w-    c:\windows\system32\wups2.dll
2013-06-18 10:21 . 2012-06-02 22:15    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2013-06-18 10:21 . 2012-06-02 09:49    186752    ----a-w-    c:\windows\system32\wuwebv.dll
2013-06-18 10:21 . 2012-06-02 09:45    36864    ----a-w-    c:\windows\system32\wuapp.exe
2013-06-15 14:03 . 2013-06-15 14:03    --------    d-----w-    c:\program files\Lavasoft
2013-06-15 13:53 . 2009-09-23 12:55    69152    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2013-06-15 13:19 . 2013-06-15 13:19    --------    d-----w-    c:\program files (x86)\Lavasoft
2013-06-14 14:47 . 2013-04-11 05:36    39504    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-06-14 13:37 . 2013-06-14 14:23    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-06-14 10:39 . 2013-06-14 10:39    --------    d-----w-    c:\programdata\Ad-Aware Antivirus
2013-06-14 10:37 . 2013-06-14 10:37    --------    d-----w-    c:\users\gates\AppData\Roaming\LavasoftStatistics
2013-06-14 10:07 . 2013-06-15 14:39    --------    d-----w-    c:\programdata\Lavasoft
2013-06-14 10:07 . 2013-06-15 13:14    --------    d-----w-    c:\program files (x86)\Ad-Aware Antivirus
2013-06-14 10:06 . 2013-06-14 10:06    --------    d-----w-    c:\programdata\Downloaded Installations
2013-06-14 09:57 . 2013-06-14 09:57    14456    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-06-14 09:57 . 2013-06-14 11:38    --------    d-----w-    c:\users\gates\AppData\Roaming\Ad-Aware Antivirus
2013-06-14 07:34 . 2013-06-14 07:37    --------    d-----w-    c:\programdata\F-Secure
2013-06-13 18:12 . 2013-06-13 18:13    --------    d-----w-    c:\windows\SysWow64\Tweaking.com - Remove Policies Set By Infections
2013-06-13 17:28 . 2013-06-13 17:28    --------    d-----w-    C:\Tweaking.com_Windows_Repair_Logs
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-18 15:49 . 2013-03-23 16:29    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2013-06-18 08:27 . 2013-03-20 18:05    54368    ----a-w-    c:\windows\system32\drivers\kltdi.sys
2013-06-14 09:53 . 2013-03-14 12:55    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 09:53 . 2013-03-14 12:55    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 03:14 . 2012-08-13 11:19    178448    ----a-w-    c:\windows\system32\drivers\kneps.sys
2013-05-01 20:36 . 2013-03-12 13:44    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-16 15:29 . 2013-04-02 13:32    708608    ----a-w-    c:\windows\SysWow64\Resecure60.dll
2013-04-16 15:29 . 2013-04-02 13:32    458752    ----a-w-    c:\windows\SysWow64\LiveUpdate.dll
2013-04-16 15:29 . 2013-04-02 13:32    1290240    ----a-w-    c:\windows\SysWow64\NGWinSys.dll
2013-04-11 10:30 . 2013-04-09 15:56    69632    ----a-r-    c:\users\gates\AppData\Roaming\Microsoft\Installer\{58C91689-85E3-4B25-ADEC-2697986DF817}\ARPPRODUCTICON.exe
2013-04-11 10:30 . 2013-04-09 15:56    49152    ----a-r-    c:\users\gates\AppData\Roaming\Microsoft\Installer\{58C91689-85E3-4B25-ADEC-2697986DF817}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-04-02 14:09 . 2013-04-02 14:09    4550656    ----a-w-    c:\windows\SysWow64\GPhotos.scr
2013-03-27 08:33 . 2013-03-27 08:33    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-27 08:33 . 2013-03-27 08:33    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-02-21 3565432]
"uTorrent"="c:\users\gates\AppData\Roaming\uTorrent\uTorrent.exe" [2013-06-15 884056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-03-20 356376]
.
c:\users\gates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [x]
S2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe;c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe [x]
S2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 PrmBackAgent;Primavera Background Agent;c:\program files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe;c:\program files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 09:53]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 22:52]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 22:52]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4151727906-1726273817-50006096-1000Core.job
- c:\users\gates\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-29 16:33]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4151727906-1726273817-50006096-1000UA.job
- c:\users\gates\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-29 16:33]
.
2013-06-23 c:\windows\Tasks\spmonitor.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-03-21 04:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    23496    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\gates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\gates\AppData\Roaming\Mozilla\Firefox\Profiles\0o1aq10g.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.in/
FF - ExtSQL: 2013-06-11 08:44; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-06-11 08:44; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-06-11 08:44; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-06-11 08:44; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-06-11 08:44; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{04E2AE9A-A900-A06B-0F92-B704095C8A0D} - c:\progra~3\INSTAL~2\{7E3E2~1\Setup.exe
AddRemove-{E37A176C-5B98-5FFD-1399-B8A4349FE80C} - c:\progra~3\INSTAL~2\{7864E~1\Setup.exe
AddRemove-{F3DD45D1-2478-71B0-B97E-4DF017A59721} - c:\progra~3\INSTAL~2\{FF4CF~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$PRIMAVERA]
"ImagePath"="\"c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:PRIMAVERA"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\PANDORA.TV\PanService\PanProcess.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2013-06-23  12:00:56 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-23 06:30
ComboFix2.txt  2013-06-13 16:53
.
Pre-Run: 37,823,762,432 bytes free
Post-Run: 37,062,119,424 bytes free
.
- - End Of File - - 4B88F75EA5D7EE288DF98D2F9F4AED24
A36C5E4F47E84449FF07ED3517B43A31
 

 

security check log:

Results of screen317's Security Check version 0.99.67  
 Windows 7  x64 (UAC is disabled!)  
 Out of date service pack!!
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date!
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (22.0)
 Google Chrome 28.0.1500.44  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 2013 x64 wmi64.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 23 June 2013 - 09:15 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 21

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

For you added security install Windows 7 Service Pack 1 (SP1)
http://windows.microsoft.com/installwindows7sp1
Install this SP1 when all is well.

===

#5 rocky14321

rocky14321
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 23 June 2013 - 12:42 PM

is my computer fully protected that malware pum.hijack.homepage is completely removed



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 23 June 2013 - 01:05 PM

Are you getting redirect to that page, or any other sites that you do not visit?

#7 rocky14321

rocky14321
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 24 June 2013 - 12:59 AM

first when i scanned with malware bytes antimalware it detected two malwares "pum.hijack.homepage" and another i dont know the name. it deleted both malwares . now when i open my browser, i get google only.my browser doesnt redirect to any other page.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 24 June 2013 - 08:27 AM

I will keep this topic open for 5 days. If you still have issues let me know.

#9 rocky14321

rocky14321
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 25 June 2013 - 09:34 AM

hi , have you checked the logs what i submitted . Is there any infections you have found in that? Is my pc clean now?



#10 rocky14321

rocky14321
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 25 June 2013 - 09:36 AM

hi , have you checked the logs what i submitted . Is there any infections you have found in that? Is my pc clean now? these are my questions



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 25 June 2013 - 10:25 AM

All that was found was some malware creating the PUB.
Nothing to worry about.

Watch what you are downloading. Free Applications come often with these type of programs creating popups.
===

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#12 rocky14321

rocky14321
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 25 June 2013 - 01:14 PM

then my pc is clean and there is no malicious attacks thankyou very much



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 26 June 2013 - 06:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users