Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

exploit java/cve-2013-1493


  • This topic is locked This topic is locked
10 replies to this topic

#1 brikster

brikster

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 14 July 2013 - 11:01 PM

This exploit and another have shown up a few times on MSE scan even though I updated java several months ago. I have removed them through MSE but am concerned that someone may have accessed my computer while it was compromised. Here are the FRST and addition logs: As always, thanks for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by Brikster (administrator) on 14-07-2013 23:38:13
Running from C:\Users\Brikster\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(AlhareryIT) C:\Program Files (x86)\Rater Time Tracker\LF Time Tracker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Brikster\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-09-06] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-12-31] (IDT, Inc.)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-08-07] ()
HKCU\...\Run: [Google Update] - "C:\Users\Brikster\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-09] (Google Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-11] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [111640 2010-07-23] ()
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Brikster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Brikster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=insDate12142011
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll (Drowse)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft.Search.HRSToolBar.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775d} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll (Drowse)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing HRS Toolbar - {c9a6357b-25cc-4bcf-96c1-78736985d414} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-05-14] (EasyBits Software Corp.)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
 
FireFox:
========
FF ProfilePath: C:\Users\Brikster\AppData\Roaming\Mozilla\Firefox\Profiles\565rz0gf.default
FF Keyword.URL: hxxp://www.google.com/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Brikster\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Brikster\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Brikster\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Brikster\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Brikster\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: All-in-One Gestures - C:\Users\Brikster\AppData\Roaming\Mozilla\Firefox\Profiles\565rz0gf.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF Extension: Evernote Web Clipper - C:\Users\Brikster\AppData\Roaming\Mozilla\Firefox\Profiles\565rz0gf.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: uriloader - C:\Users\Brikster\AppData\Roaming\Mozilla\Firefox\Profiles\565rz0gf.default\Extensions\uriloader@pdf.js.xpi
FF Extension: No Name - C:\Users\Brikster\AppData\Roaming\Mozilla\Firefox\Profiles\565rz0gf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files (x86)\T-Mobile\T-Mobile Connection Manager\Bin\addon
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Brikster\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Brikster\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Brikster\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Brikster\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Brikster\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Brikster\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Brikster\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Brikster\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (Smooth Gestures) - C:\Users\Brikster\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.17.7_0
CHR Extension: (Illimitux) - C:\Users\Brikster\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0
CHR Extension: (Evernote Web Clipper) - C:\Users\Brikster\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.19_0
CHR Extension: (Gmail) - C:\Users\Brikster\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
==================== Services (Whitelisted) =================
 
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-04] (Alcatel-Lucent)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 t_mobile_zte_cdc_acm; C:\Windows\System32\DRIVERS\t_mobile_zte_cdc_acm.sys [77824 2011-01-18] (T-Mobile)
S3 t_mobile_zte_cdc_ecm; C:\Windows\System32\DRIVERS\t_mobile_zte_cdc_ecm.sys [52224 2011-01-18] (T-Mobile)
S3 t_mobile_zte_cpo; C:\Windows\System32\DRIVERS\t_mobile_zte_cpo.sys [14336 2011-01-18] (T-Mobile)
S3 t_mobile_zte_ecm_enum; C:\Windows\System32\DRIVERS\t_mobile_zte_ecm_enum.sys [52224 2011-01-18] (T-Mobile)
S3 t_mobile_zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\t_mobile_zte_ecm_enum_filter.sys [52224 2011-01-18] (T-Mobile)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-14 23:37 - 2013-07-14 23:37 - 01777839 _____ (Farbar) C:\Users\Brikster\Desktop\FRST64.exe
2013-07-11 03:17 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 03:17 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 03:17 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 03:17 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 03:17 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 03:17 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 03:17 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 03:17 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 03:17 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 03:17 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 03:17 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 03:17 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 03:17 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 03:17 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 03:16 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 03:16 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 03:16 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 03:16 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 03:16 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 03:16 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 03:16 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 03:16 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 03:16 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 03:16 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 03:16 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 03:16 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 03:16 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 03:16 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 03:16 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 03:16 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 03:16 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 15:13 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 15:13 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 15:13 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 15:13 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 15:13 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 15:13 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 15:13 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-06 17:09 - 2013-07-06 17:11 - 00000000 ____D C:\Users\Brikster\AppData\Local\Screencast-O-Matic
2013-07-04 23:17 - 2013-07-04 23:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-28 21:55 - 2013-06-28 21:55 - 00000000 ____D C:\Users\Brikster\Desktop\New folder
2013-06-27 12:33 - 2013-06-27 12:34 - 00000000 ____D C:\Users\Brikster\Desktop\MASTER SOCIAL WORK
2013-06-19 23:53 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 23:52 - 2013-06-19 23:52 - 00004802 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 23:52 - 2013-06-12 21:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 23:52 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 23:52 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
 
==================== One Month Modified Files and Folders =======
 
2013-07-14 23:37 - 2013-07-14 23:37 - 01777839 _____ (Farbar) C:\Users\Brikster\Desktop\FRST64.exe
2013-07-14 23:31 - 2013-04-08 22:05 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 23:31 - 2011-11-09 23:03 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524650898-1263125743-1100025167-1001UA.job
2013-07-14 23:16 - 2013-04-03 00:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 21:50 - 2013-01-13 22:58 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBrikster
2013-07-14 21:50 - 2013-01-13 22:58 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForBrikster.job
2013-07-14 21:30 - 2012-07-25 19:53 - 00000000 ____D C:\Users\Brikster\Desktop\securtiy
2013-07-14 21:25 - 2011-12-30 04:35 - 01705183 _____ C:\Windows\WindowsUpdate.log
2013-07-14 16:10 - 2011-08-03 22:22 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E73E5794-BAC1-42FC-845B-99AF204B0DDF}
2013-07-14 15:31 - 2013-04-08 22:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-14 15:31 - 2011-11-09 23:03 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524650898-1263125743-1100025167-1001Core.job
2013-07-13 15:26 - 2013-04-08 22:05 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 15:26 - 2013-04-08 22:05 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 15:26 - 2011-11-09 23:03 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524650898-1263125743-1100025167-1001UA
2013-07-13 15:26 - 2011-11-09 23:03 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524650898-1263125743-1100025167-1001Core
2013-07-12 16:02 - 2012-09-25 23:17 - 00000000 ____D C:\Users\Brikster\AppData\Roaming\Spotify
2013-07-12 13:14 - 2013-04-23 22:36 - 00000000 ____D C:\Users\Brikster\Desktop\FAU APP
2013-07-11 13:19 - 2009-07-14 01:13 - 00780172 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 03:58 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 03:58 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 03:51 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-11 03:51 - 2009-07-14 00:51 - 00089688 _____ C:\Windows\setupact.log
2013-07-11 03:50 - 2012-05-13 00:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 03:50 - 2009-07-14 00:45 - 04885288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 03:49 - 2012-05-13 00:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 03:48 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 03:48 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 03:20 - 2011-08-04 00:11 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 21:42 - 2011-08-03 22:33 - 00000000 ____D C:\Users\Brikster\AppData\Roaming\Mozilla
2013-07-09 23:36 - 2012-03-22 22:58 - 00000000 ____D C:\Users\Brikster\Desktop\lionbridge
2013-07-09 11:08 - 2012-06-07 14:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-09 11:08 - 2009-07-14 01:08 - 00032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-08 16:08 - 2012-09-25 23:18 - 00000000 ____D C:\Users\Brikster\AppData\Local\Spotify
2013-07-07 23:00 - 2011-08-03 22:13 - 00000000 ____D C:\Users\Brikster
2013-07-06 17:11 - 2013-07-06 17:09 - 00000000 ____D C:\Users\Brikster\AppData\Local\Screencast-O-Matic
2013-07-05 20:19 - 2012-01-21 23:10 - 00000000 ____D C:\Users\Brikster\AppData\Roaming\Dropbox
2013-07-05 20:14 - 2012-01-21 23:12 - 00000000 ___RD C:\Users\Brikster\Dropbox
2013-07-04 23:17 - 2013-07-04 23:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-04 23:17 - 2013-04-02 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 13:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-02 23:49 - 2011-08-04 21:05 - 00000000 ____D C:\Users\Brikster\AppData\Roaming\SoftGrid Client
2013-07-02 11:14 - 2011-08-04 21:03 - 00774388 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-28 21:55 - 2013-06-28 21:55 - 00000000 ____D C:\Users\Brikster\Desktop\New folder
2013-06-27 22:52 - 2012-07-20 00:03 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-06-27 12:34 - 2013-06-27 12:33 - 00000000 ____D C:\Users\Brikster\Desktop\MASTER SOCIAL WORK
2013-06-26 11:51 - 2011-11-26 12:46 - 00000000 ____D C:\Users\Brikster\AppData\Roaming\Azureus
2013-06-25 00:50 - 2012-01-21 23:10 - 00000000 ____D C:\Users\Brikster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-19 23:52 - 2013-06-19 23:52 - 00004802 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 23:52 - 2011-05-14 16:42 - 00000000 ____D C:\Program Files (x86)\Java
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-13 19:08
 
==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by Brikster at 2013-07-14 23:39:07
Running from C:\Users\Brikster\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
7-Zip 9.20 (x32)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Download Assistant (x32 Version: 1.0.6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.2) MUI (x32 Version: 10.1.2)
Adobe Reader X (10.1.4) (x32 Version: 10.1.4)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Apple Application Support (x32 Version: 2.2.2)
Apple Software Update (x32 Version: 2.1.3.127)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bejeweled 3 (x32 Version: 2.2.0.95)
Bing HRS Toolbar (x32 Version: 3.9.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Cfont Pro v4 (x32)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Comcast Desktop Software (v1.2.1) (x32 Version: 24)
CyberLink YouCam (x32 Version: 3.5.1.3922)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
DriveImage XML (Private Edition) (x32 Version: 2.30)
Dropbox (HKCU Version: 2.0.22)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.6.6 (x32 Version: 4.6.6.8360)
Farm Frenzy (x32 Version: 2.2.0.95)
FastStone Image Viewer 4.6 (x32 Version: 4.6)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
GIMP 2.6.11 (x32 Version: 2.6.11)
G'MIC for GIMP version 1.5.0.0 (x32 Version: 1.5.0.0)
Google Chrome (x32 Version: 28.0.1500.72)
Google Talk Plugin (x32 Version: 4.2.1.14031)
Google Update Helper (x32 Version: 1.3.21.153)
GoToMeeting 5.5.0.1132 (HKCU Version: 5.5.0.1132)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.0.12656.3472)
HP Connection Manager (x32 Version: 4.1.25.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Games (x32 Version: 1.0.2.4)
HP MovieStore (x32 Version: 1.0.047)
HP MovieStore (x32 Version: 2.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.4)
HP Quick Launch (x32 Version: 2.4.4)
HP Setup (x32 Version: 8.6.4530.3651)
HP Setup Manager (x32 Version: 1.1.13253.3682)
HP Software Framework (x32 Version: 4.1.13.1)
HP Support Assistant (x32 Version: 6.0.5.4)
IDT Audio (x32 Version: 1.0.6365.0)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Processor Graphics (x32 Version: 8.15.10.2372)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004)
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kies Air Discovery Service (HKCU)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.62.0.1300 (x32 Version: 1.62.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Access database engine 2010 (English) (x32 Version: 14.0.6029.1000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.202)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Streets & Trips 2011 (x32 Version: 18.0.1)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mouse Gestures for Internet Explorer (x64) (x32 Version: 2.1.2.2)
Mouse Gestures for Internet Explorer (x86) (x32 Version: 2.1.0.3)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mp3tag v2.55a (x32 Version: v2.55a)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Manager (HKCU)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
OverDrive Media Console (x32 Version: 3.2.5)
Penguins! (x32 Version: 2.2.0.95)
PL-2303 USB-to-Serial (x32 Version: 1.00.000)
PL-2303 USB-to-Serial (x32 Version: 1.8.0)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
QuickTime (x32 Version: 7.70.80.34)
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.02.02.0)
Rater Time Tracker (x32 Version: 5.0.0)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)
Recovery Manager (x32 Version: 2.0.0)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Samsung Kies (x32 Version: 2.3.2.12074_13)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Slingo Supreme (x32 Version: 2.2.0.95)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Spybot - Search & Destroy (x32 Version: 1.6.2)
SpywareBlaster 5.0 (x32 Version: 5.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.11.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
VLC media player 1.0.1 (x32 Version: 1.0.1)
Vuze (x32 Version: 4.7)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.25)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR 4.11 (32-bit) (x32 Version: 4.11.0)
Zip Motion Block Video codec (Remove Only) (x32)
Zuma Deluxe (x32 Version: 2.2.0.95)
 
==================== Restore Points  =========================
 
05-07-2013 15:37:27 Windows Update
08-07-2013 20:13:21 Windows Update
09-07-2013 09:49:29 Microsoft Antimalware Checkpoint
11-07-2013 07:00:22 Windows Update
13-07-2013 21:38:12 Microsoft Antimalware Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2012-07-20 00:13 - 00442781 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1657268B-1AB4-48E3-A8D8-D4EC69F186B8} - System32\Tasks\User_Feed_Synchronization-{B0E4FA4E-A7A5-4F2C-97D4-7EDCD402DC90} => C:\Windows\system32\msfeedssync.exe [2013-05-10] (Microsoft Corporation)
Task: {2FF0F1BA-8872-4629-9E77-3F08DD7AA242} - System32\Tasks\{B4C5ABFE-BC62-4642-B022-6B40BA6EA999} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013-06-18] (Mozilla Corporation)
Task: {3691432D-74FB-4473-BB6A-ECB8D357811B} - System32\Tasks\User_Feed_Synchronization-{E73E5794-BAC1-42FC-845B-99AF204B0DDF} => C:\Windows\system32\msfeedssync.exe [2013-05-10] (Microsoft Corporation)
Task: {396A21C8-203D-4242-A80E-19FEEE9E039F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {3B2F44DC-4F84-49A3-88BA-8A0E3CD048C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524650898-1263125743-1100025167-1001Core => C:\Users\Brikster\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09] (Google Inc.)
Task: {4FCC0036-70FF-44FA-BD36-126C679F81ED} - System32\Tasks\HPCeeScheduleForBrikster => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5202DCE1-FD66-4B3E-A128-02F63C364164} - System32\Tasks\User_Feed_Synchronization-{D4A21C66-D057-4583-A452-2B645AEFDC13} => C:\Windows\system32\msfeedssync.exe [2013-05-10] (Microsoft Corporation)
Task: {598AF819-A531-41F7-8DD2-407488ABE9A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {5E624772-D571-4725-9BDA-4C4E277C089C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {6FFDFAF3-DD81-435F-BBDA-B951BC159B48} - System32\Tasks\{CB9877D3-B88A-448F-B659-AECD488A5A32} => C:\Users\Brikster\Downloads\mp3tagv249setup.exe No File
Task: {7449E528-0B3B-4D95-8D39-BC87688724F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {8C9B8590-0529-41AE-9C9B-0DF05E48BB7D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524650898-1263125743-1100025167-1001UA => C:\Users\Brikster\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09] (Google Inc.)
Task: {9381F13E-F2F1-4066-A860-902EF087E2D8} - System32\Tasks\{3E2824AB-26B4-4E6F-BF9E-F12F058AEC43} => C:\Users\Brikster\Downloads\mp3tagv249setup.exe No File
Task: {A87756ED-F1F4-47D8-8516-08F80D51B724} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {AFAD8C48-E450-4196-B8F5-B159692C12A2} - System32\Tasks\{0F099CA2-0703-43C7-B156-66FA6A00B6FF} => C:\AUTOPLAY.EXE No File
Task: {BB50EAEC-B36D-44E3-B8ED-B6C6CC259E20} - System32\Tasks\{185A7CBF-19AB-446A-9A76-80E6E131E5EE} => C:\Users\Brikster\Downloads\mp3tagv249setup.exe No File
Task: {BEDB044E-DED4-4143-8E37-99B8C59EE6C1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {C4C76F67-F1BD-4B0C-8A0D-90779EB1AFCE} - System32\Tasks\User_Feed_Synchronization-{04B612CA-E01E-4AA2-979A-7A2E45807ED0} => C:\Windows\system32\msfeedssync.exe [2013-05-10] (Microsoft Corporation)
Task: {C6AA14B6-4C4C-4B93-B607-93359F46FBA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {C96CA77E-DF3E-4D49-A0EA-4F69B95DF462} - System32\Tasks\{7106471E-1831-4B43-A31A-C401C176B5E7} => C:\Users\Brikster\Downloads\mp3tagv249setup.exe No File
Task: {D0682F4E-1522-4B56-8BE2-C434608C83B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {D81E03FB-FD7B-4591-BE66-1BFFF7CB0159} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-08] (Google Inc.)
Task: {E08095B6-BA8B-44C4-8E20-AF2A331F9033} - System32\Tasks\{AE4F0B05-CCDC-4F7F-9848-539F53AFF512} => C:\Users\Brikster\Downloads\mp3tagv249setup.exe No File
Task: {E1BF7864-73A5-4207-BDB2-B58A9DBBE5F1} - System32\Tasks\{B7BA58BD-992E-4BD7-95E1-51320FE89B2E} => C:\AUTOPLAY.EXE No File
Task: {F3F5F55F-9739-487F-AE2B-5F84244F5558} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524650898-1263125743-1100025167-1001Core.job => C:\Users\Brikster\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524650898-1263125743-1100025167-1001UA.job => C:\Users\Brikster\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBrikster.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/14/2013 05:44:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1030
 
Error: (07/14/2013 05:44:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1030
 
Error: (07/14/2013 05:44:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/14/2013 07:29:22 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (07/13/2013 07:11:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (07/13/2013 05:38:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {342b85ab-31ab-4fc6-9078-2d6c3054a949}
 
Error: (07/12/2013 03:00:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10016
 
Error: (07/12/2013 03:00:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10016
 
Error: (07/12/2013 03:00:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/12/2013 03:00:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017
 
 
System errors:
=============
Error: (07/14/2013 09:24:47 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (07/11/2013 01:11:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service.
 
Error: (07/09/2013 04:46:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service.
 
Error: (07/09/2013 04:46:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service.
 
Error: (07/09/2013 04:45:25 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Error: (07/09/2013 02:08:16 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DAVIDMIRONOV-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A76CE91D-755E-47E9-BD5C-61C8CE7B4466}.
The master browser is stopping or an election is being forced.
 
Error: (07/09/2013 01:56:16 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DAVIDMIRONOV-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A76CE91D-755E-47E9-BD5C-61C8CE7B4466}.
The master browser is stopping or an election is being forced.
 
Error: (07/09/2013 01:32:15 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DAVIDMIRONOV-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A76CE91D-755E-47E9-BD5C-61C8CE7B4466}.
The master browser is stopping or an election is being forced.
 
Error: (07/09/2013 01:28:20 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DAVIDMIRONOV-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A76CE91D-755E-47E9-BD5C-61C8CE7B4466}.
The master browser is stopping or an election is being forced.
 
Error: (07/08/2013 08:46:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
 
Microsoft Office Sessions:
=========================
Error: (07/14/2013 05:44:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1030
 
Error: (07/14/2013 05:44:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1030
 
Error: (07/14/2013 05:44:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/14/2013 07:29:22 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (07/13/2013 07:11:34 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (07/13/2013 05:38:11 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {342b85ab-31ab-4fc6-9078-2d6c3054a949}
 
Error: (07/12/2013 03:00:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10016
 
Error: (07/12/2013 03:00:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10016
 
Error: (07/12/2013 03:00:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/12/2013 03:00:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-07-19 22:17:05.365
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-19 22:17:05.349
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-19 22:17:05.334
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-19 22:17:05.318
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-19 16:59:46.375
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-19 16:59:46.360
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 49%
Total physical RAM: 3893.86 MB
Available physical RAM: 1971.49 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 4792.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:581.99 GB) (Free:418.36 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.88 GB) (Free:1.55 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 (Disk=0 Partition=4)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 69E282F4)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 15 July 2013 - 07:36 AM

It doesn't appear as if anything horrible has invaded the PC, but there are a couple of things that need taking care of:

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it on your desktop as fixlist.txt

(if you saved FRST to a different folder and not your desktop originally, then save fixlist.txt to the same location as FRST was saved)


start
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please attach that log to your reply.

Note: FixList.txt and FRST must be saved to the same location or the fix will not work

Reboot Normally.


NEXT


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 brikster

brikster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 15 July 2013 - 07:08 PM

SOMEHOW I LOST THE ADWCLEANER LOG. :( 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x64
Ran by Brikster on Mon 07/15/2013 at 13:48:41.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4d076ab4-7562-427a-b5d2-bd96e19dee56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{826d7151-8d99-434b-8540-082b8c2ae556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{11549fe4-7c5a-4c17-9fc3-56fc5162a994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96FF05DB-ECF6-4EF7-86E2-8113B9D04F08}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{96FF05DB-ECF6-4EF7-86E2-8113B9D04F08}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} 
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] C:\Windows\syswow64\sho41CF.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho97A6.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB21D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBEC4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFDAF.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{0676B000-9119-4266-BFFF-ACC679359D87}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{371BE6DE-E8DA-4A3C-818D-D1DBCC0189FD}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{3B7417AD-ABBD-47B7-B5E3-9AB967250860}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{3C8EE8DB-B610-456C-8016-511905D2ED44}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{46A9F9D5-3561-4B37-BE7F-565BC860A845}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{47AC0FFA-7C42-4082-93FF-E30E0E6D4477}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{4BFD6086-3F3C-4F33-9CDE-2A2898E801A2}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{4C7F6524-DB52-437C-B383-E4664D7CCD65}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{4C92CB44-65B6-4850-846B-934C646DC188}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{50A9B883-F2F8-448D-AA59-2BAA3F8CE599}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{542B72B9-336B-4BBB-88EA-3E2C61A04854}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{56B1A0FC-1B1D-4EC5-8D28-4186E9EB417F}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{66F7E7D1-6347-4891-AAED-0A6E53C35F1A}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{770A4488-1D11-49A4-A7DD-4491884D183D}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{7991C34E-1BCE-4614-AF10-0D6F8F068007}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{84F7347C-EA0E-4025-9072-89846E99515D}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{891C2BDF-E164-4A4F-9845-770B74C30FEC}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{8EE7F8BA-3E3F-46E6-8D06-27802704BEEE}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{97C6701C-2577-43A5-99B2-1ED61115446D}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{A8A6BD1E-DC51-446B-B219-774B87A075D6}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{AAA75317-28E1-4072-B381-DE3F94DD695D}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{B3A68794-4378-434B-BBF1-3CFE5F49FD48}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{BA68564D-CAA4-4656-894B-6B479A22B3CA}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{BF99FF46-046A-48CC-B8BA-F0E7A00A4A2B}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{C5DF2787-BB61-4EC2-8670-04C32F43D3D4}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{D5362E00-EFFE-446E-88CB-898E359E2ADD}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{D5619346-D93A-44A5-900F-48B4B8BB4944}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{D59B14C6-2110-4261-BC72-D76571E8CFA1}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{E1C53FF1-9C09-43D0-9379-F49800BB565A}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{E2AE769C-31C1-4ED8-AE3F-3B986B1788CB}
Successfully deleted: [Empty Folder] C:\Users\Brikster\appdata\local\{E865D807-1F34-4728-951F-D0181A8AB923}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Brikster\AppData\Roaming\mozilla\firefox\profiles\565rz0gf.default\jetpack
Emptied folder: C:\Users\Brikster\AppData\Roaming\mozilla\firefox\profiles\565rz0gf.default\minidumps [225 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/15/2013 at 13:54:09.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.15.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Brikster :: BRIKSTER-HP [administrator]
 
7/15/2013 2:16:51 PM
mbam-log-2013-07-15 (14-16-51).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246745
Time elapsed: 7 minute(s), 19 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Brikster\AppData\Local\Temp\rFDwJ21H.exe.part (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
 
(end)
 
C:\$RECYCLE.BIN\S-1-5-21-2524650898-1263125743-1100025167-1001\$RG2Q0D6.exe Win32/InstalleRex.E application
C:\$RECYCLE.BIN\S-1-5-21-2524650898-1263125743-1100025167-1001\$RIIGABG.exe Win32/Somoto.A application
C:\$RECYCLE.BIN\S-1-5-21-2524650898-1263125743-1100025167-1001\$RQOVHFS.exe Win32/Adware.1ClickDownload.AM application
C:\$RECYCLE.BIN\S-1-5-21-2524650898-1263125743-1100025167-1001\$RYMEVF4\e4gtauto\copy2tmp\zergrush Android/Exploit.Lotoor.AN trojan
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application
C:\Qoobox\Quarantine\C\Users\Brikster\Downloads\cnet_Pazera_Free_Audio_Extractor_zip.exe.vir a variant of Win32/InstallCore.D application
C:\Users\Brikster\AppData\Local\Temp\5QoDBTZC.exe.part probably a variant of Win32/YourFileDownloader.A application
C:\Users\Brikster\AppData\Local\Temp\8oWEWqJB.exe.part Win32/Somoto.A application
C:\Users\Brikster\AppData\Local\Temp\bundlesweetimsetup.exe probably a variant of Win32/SweetIM.C application
C:\Users\Brikster\AppData\Local\Temp\cO2rxcnL.exe.part a variant of Win32/ExpressFiles.B application
C:\Users\Brikster\AppData\Local\Temp\FastDownload.exe Win32/Duckegg.A application
C:\Users\Brikster\AppData\Local\Temp\Gk_R8MMn.exe.part Win32/DownloadAdmin.D application
C:\Users\Brikster\AppData\Local\Temp\nsTYccTY.exe.part Win32/Somoto.A application
C:\Users\Brikster\AppData\Local\Temp\UDWXJjdN.exe.part Win32/InstalleRex.J application
C:\Users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7602ebf0-11d7e75d Java/Exploit.Agent.OVP trojan
C:\Users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1774bc45-7ffc70ba a variant of Java/Exploit.Agent.OTB trojan
C:\Users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\3bd767f4-7180ded9 multiple threats
C:\Users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\60129035-1f6c85e2 Java/Exploit.Agent.OTT trojan

 

 

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 15 July 2013 - 08:50 PM

the adwcleaner log should be located at the root of the C:\ drive


Please run the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\$RECYCLE.BIN\S-1-5-21-2524650898-1263125743-1100025167-1001\$RG2Q0D6.exe 
C:\$RECYCLE.BIN\S-1-5-21-2524650898-1263125743-1100025167-1001\$RIIGABG.exe 
C:\$RECYCLE.BIN\S-1-5-21-2524650898-1263125743-1100025167-1001\$RQOVHFS.exe 
C:\$RECYCLE.BIN\S-1-5-21-2524650898-1263125743-1100025167-1001\$RYMEVF4\e4gtauto\copy2tmp\zergrush 
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll 
C:\Users\Brikster\AppData\Local\Temp\5QoDBTZC.exe.part 
C:\Users\Brikster\AppData\Local\Temp\8oWEWqJB.exe.part 
C:\Users\Brikster\AppData\Local\Temp\bundlesweetimsetup.exe 
C:\Users\Brikster\AppData\Local\Temp\cO2rxcnL.exe.part 
C:\Users\Brikster\AppData\Local\Temp\FastDownload.exe
C:\Users\Brikster\AppData\Local\Temp\Gk_R8MMn.exe.part 
C:\Users\Brikster\AppData\Local\Temp\nsTYccTY.exe.part
C:\Users\Brikster\AppData\Local\Temp\UDWXJjdN.exe.part
C:\Users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7602ebf0-11d7e75d 
C:\Users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1774bc45-7ffc70ba 
C:\Users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\3bd767f4-7180ded9
C:\Users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\60129035-1f6c85e2 

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 brikster

brikster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 15 July 2013 - 09:17 PM

Thank you. Please see attached AdwCleaner[S1]

 

Also, is there supposed to be a link to Combofix?

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 15 July 2013 - 09:24 PM

sorry,

I saw signs of it in the logs and thought you had it, but that was probably from the previous time:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 brikster

brikster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 15 July 2013 - 09:37 PM

Everything is running fine. Thank you. Out of curiosity, where the 18 things that ESET found a risk? And is that a far more effective tool than MSE?

 

ComboFix 13-07-15.01 - Brikster 07/15/2013  22:22:41.3.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1608 [GMT -4:00]
Running from: c:\users\Brikster\Downloads\ComboFix.exe
Command switches used :: c:\users\Brikster\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\$recycle.bin\S-1-5-21-2524650898-1263125743-1100025167-1001\$RG2Q0D6.exe"
"c:\$recycle.bin\S-1-5-21-2524650898-1263125743-1100025167-1001\$RIIGABG.exe"
"c:\$recycle.bin\S-1-5-21-2524650898-1263125743-1100025167-1001\$RQOVHFS.exe"
"c:\$recycle.bin\S-1-5-21-2524650898-1263125743-1100025167-1001\$RYMEVF4\e4gtauto\copy2tmp\zergrush"
"c:\program files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll"
"c:\users\Brikster\AppData\Local\Temp\5QoDBTZC.exe.part"
"c:\users\Brikster\AppData\Local\Temp\8oWEWqJB.exe.part"
"c:\users\Brikster\AppData\Local\Temp\bundlesweetimsetup.exe"
"c:\users\Brikster\AppData\Local\Temp\cO2rxcnL.exe.part"
"c:\users\Brikster\AppData\Local\Temp\FastDownload.exe"
"c:\users\Brikster\AppData\Local\Temp\Gk_R8MMn.exe.part"
"c:\users\Brikster\AppData\Local\Temp\nsTYccTY.exe.part"
"c:\users\Brikster\AppData\Local\Temp\UDWXJjdN.exe.part"
"c:\users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7602ebf0-11d7e75d"
"c:\users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1774bc45-7ffc70ba"
"c:\users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\3bd767f4-7180ded9"
"c:\users\Brikster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\60129035-1f6c85e2"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll
c:\users\Brikster\g2mdlhlpx.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-16 to 2013-07-16  )))))))))))))))))))))))))))))))
.
.
2013-07-16 02:29 . 2013-07-16 02:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-16 02:29 . 2013-07-16 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-16 02:29 . 2013-07-16 02:29 -------- d-----w- c:\users\APPEN\AppData\Local\temp
2013-07-16 00:44 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD1BC897-B907-4FC8-B802-1856FBA2DCF6}\mpengine.dll
2013-07-15 21:06 . 2013-07-15 21:06 -------- d-----w- c:\program files (x86)\ESET
2013-07-15 17:48 . 2013-07-15 17:48 -------- d-----w- c:\windows\ERUNT
2013-07-14 06:28 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-11 07:16 . 2013-06-12 00:23 770648 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2013-07-10 19:13 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-06 21:09 . 2013-07-06 21:11 -------- d-----w- c:\users\Brikster\AppData\Local\Screencast-O-Matic
2013-06-21 01:39 . 2013-06-21 01:38 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE9060AE-990C-461E-94A7-2C7651E89B5E}\gapaengine.dll
2013-06-20 03:52 . 2013-06-13 01:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 17:39 . 2013-04-03 04:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 17:39 . 2013-04-03 04:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-11 07:20 . 2011-08-04 04:11 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-13 01:48 . 2012-07-18 04:58 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-13 01:48 . 2011-05-14 20:42 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-22 00:21 . 2012-10-03 17:30 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-13 05:51 . 2013-06-12 15:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 15:15 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 15:15 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 15:15 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 15:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 15:15 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 15:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 15:15 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 15:15 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 15:15 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-11 02:43 . 2012-08-04 18:08 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-12 15:15 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 04:47 . 2013-05-10 04:47 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-10 04:47 . 2013-05-10 04:47 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-10 04:47 . 2013-05-10 04:47 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-10 04:47 . 2013-05-10 04:47 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-10 04:47 . 2013-05-10 04:47 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-10 04:47 . 2013-05-10 04:47 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-10 04:47 . 2013-05-10 04:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-10 04:47 . 2013-05-10 04:47 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-10 04:47 . 2013-05-10 04:47 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-10 04:47 . 2013-05-10 04:47 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-10 04:47 . 2013-05-10 04:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-10 04:47 . 2013-05-10 04:47 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-10 04:47 . 2013-05-10 04:47 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-10 04:47 . 2013-05-10 04:47 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-10 04:47 . 2013-05-10 04:47 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-10 04:47 . 2013-05-10 04:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-10 04:47 . 2013-05-10 04:47 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-10 04:47 . 2013-05-10 04:47 441856 ----a-w- c:\windows\system32\html.iec
2013-05-10 04:47 . 2013-05-10 04:47 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-10 04:47 . 2013-05-10 04:47 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-10 04:47 . 2013-05-10 04:47 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-10 04:47 . 2013-05-10 04:47 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-10 04:47 . 2013-05-10 04:47 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-10 04:47 . 2013-05-10 04:47 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-10 04:47 . 2013-05-10 04:47 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-10 04:47 . 2013-05-10 04:47 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-10 04:47 . 2013-05-10 04:47 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-10 04:47 . 2013-05-10 04:47 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-10 04:47 . 2013-05-10 04:47 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-10 04:47 . 2013-05-10 04:47 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-10 04:47 . 2013-05-10 04:47 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-10 04:47 . 2013-05-10 04:47 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-10 04:47 . 2013-05-10 04:47 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-10 04:47 . 2013-05-10 04:47 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-10 04:47 . 2013-05-10 04:47 235008 ----a-w- c:\windows\system32\url.dll
2013-05-10 04:47 . 2013-05-10 04:47 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-10 04:47 . 2013-05-10 04:47 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-10 04:47 . 2013-05-10 04:47 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-10 04:47 . 2013-05-10 04:47 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-10 04:47 . 2013-05-10 04:47 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-10 04:47 . 2013-05-10 04:47 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-10 04:47 . 2013-05-10 04:47 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-10 04:47 . 2013-05-10 04:47 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-10 04:47 . 2013-05-10 04:47 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-10 04:47 . 2013-05-10 04:47 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-10 04:47 . 2013-05-10 04:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-10 04:47 . 2013-05-10 04:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-10 04:47 . 2013-05-10 04:47 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-10 04:47 . 2013-05-10 04:47 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-10 03:20 . 2013-06-12 15:15 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 15:15 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 15:15 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 15:15 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 15:15 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-04-17 07:02 . 2013-06-12 15:15 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24 . 2013-06-12 15:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775d}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c9a6357b-25cc-4bcf-96c1-78736985d414}"= "mscoree.dll" [2010-11-21 297808]
.
[HKEY_CLASSES_ROOT\clsid\{c9a6357b-25cc-4bcf-96c1-78736985d414}]
[HKEY_CLASSES_ROOT\Microsoft.Search.HRSToolBar.HRSToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Brikster\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Brikster\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Brikster\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-07-23 111640]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Brikster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-5-22 1089888]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"HP Quick Launch"=c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Easybits Recovery"=c:\program files (x86)\EasyBits For Kids\ezRecover.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 t_mobile_zte_cdc_acm;T-Mobile webConnect CDC-ACM driver;c:\windows\system32\DRIVERS\t_mobile_zte_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\t_mobile_zte_cdc_acm.sys [x]
R3 t_mobile_zte_cdc_ecm;t_mobile_zte_cdc_ecm;c:\windows\system32\DRIVERS\t_mobile_zte_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\t_mobile_zte_cdc_ecm.sys [x]
R3 t_mobile_zte_cpo;T-Mobile webConnect Install;c:\windows\system32\DRIVERS\t_mobile_zte_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\t_mobile_zte_cpo.sys [x]
R3 t_mobile_zte_ecm_enum;T-Mobile webConnect DC Enumerator;c:\windows\system32\DRIVERS\t_mobile_zte_ecm_enum.sys;c:\windows\SYSNATIVE\DRIVERS\t_mobile_zte_ecm_enum.sys [x]
R3 t_mobile_zte_ecm_enum_filter;t_mobile_zte_ecm_enum_filter;c:\windows\system32\DRIVERS\t_mobile_zte_ecm_enum_filter.sys;c:\windows\SYSNATIVE\DRIVERS\t_mobile_zte_ecm_enum_filter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 19:31 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-03 17:39]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09 02:05]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09 02:05]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524650898-1263125743-1100025167-1001Core.job
- c:\users\Brikster\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 03:03]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524650898-1263125743-1100025167-1001UA.job
- c:\users\Brikster\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 03:03]
.
2013-07-15 c:\windows\Tasks\HPCeeScheduleForBrikster.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Brikster\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Brikster\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Brikster\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Brikster\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-14 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-14 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-31 1424896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.xfinity.com/?cid=insDate12142011
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\users\Brikster\AppData\Roaming\Mozilla\Firefox\Profiles\565rz0gf.default\
FF - prefs.js: browser.startup.homepage - hxxps://news.google.com/nwshp?hl=en&tab=wn
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
- - - - ORPHANS REMOVED - - - -
.
Notify-igfxcui - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\06\09\010%?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-15  22:33:38
ComboFix-quarantined-files.txt  2013-07-16 02:33
ComboFix2.txt  2012-07-20 02:23
ComboFix3.txt  2012-07-19 21:06
.
Pre-Run: 468,620,222,464 bytes free
Post-Run: 469,340,041,216 bytes free
.
- - End Of File - - 839F976B6BACC1C7740066EEDA436304
D41D8CD98F00B204E9800998ECF8427E

Edited by brikster, 15 July 2013 - 09:43 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 15 July 2013 - 09:52 PM

the entries in the temp folders and recycle bin should have been gone, I was just making sure, the other files were installers bundled with adware. The Java exploits you knew about, which would also dissappear emptying Java cache.

ESET is very good, but so is MSE, so it's just a matter of preference and which one works best with your machine. If I was going to buy an AV, I'd probably buy ESET or Kaspersky.

How is the computer running now, are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 brikster

brikster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 15 July 2013 - 09:59 PM

no outstanding issues. I appraciate your help.



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 16 July 2013 - 09:21 AM

we just need to do some housekeeping now, please do the following:

You can delete the FRST and JRT logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    %5BB%5DPC Safety and Security--What Do I Need?.[/b]
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 22 July 2013 - 08:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users