Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

had bizcoach.info,trojan/agent-multi network adapter & wifi gets disabled


  • This topic is locked This topic is locked
30 replies to this topic

#1 heavenseden

heavenseden

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 July 2013 - 07:28 AM

Please help me

i keep loosing internet connection the network adapter becomes disabled and the wifi is switched off.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by eden at 8:05:10 on 2013-07-16
.
============== Running Processes ================
.
c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: sayfe ssauve: {CF4E2374-560F-F1FE-F94D-589775D9B379} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{43B54FE7-1C5F-4131-9F6E-21461B0A57FE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C7FB6A25-371B-4BDF-B1A7-1A910E081CF6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DAF30779-2D32-4EA5-8CF7-5764F90082F7} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [InstantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Atheros\Bluetooth Suite\btvstack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Atheros\Bluetooth Suite\athbttray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\eden\AppData\Roaming\Mozilla\Firefox\Profiles\ank3ww7i.default-1373935361490\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R? AthBTPort;Atheros Virtual Bluetooth Class
R? BBSvc;Bing Bar Update Service
R? BTATH_A2DP;Bluetooth A2DP Audio Driver
R? btath_avdt;Atheros Bluetooth AVDT Service
R? BTATH_HCRP;Bluetooth HCRP Server driver
R? BTATH_LWFLT;Bluetooth LWFLT Device
R? BTATH_RCP;Bluetooth AVRCP Device
R? BtFilter;BtFilter
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? EgisTec Ticket Service;EgisTec Ticket Service
R? GamesAppService;GamesAppService
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? SkypeUpdate;Skype Updater
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies Service
R? WDC_SAM;WD SCSI Pass Thru driver
R? wlcrasvc;Windows Live Mesh remote connections service
S? !SASCORE;SAS Core Service
S? AtherosSvc;AtherosSvc
S? BBUpdate;BBUpdate
S? BTATH_BUS;Atheros Bluetooth Bus
S? cvhsvc;Client Virtualization Handler
S? DsiWMIService;Dritek WMI Service
S? ePowerSvc;ePower Service
S? GREGService;GREGService
S? IntcDAud;Intel® Display Audio
S? Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface
S? Intel® ME Service;Intel® ME Service
S? iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver
S? iusb3hub;Intel® USB 3.0 Hub Driver
S? iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver
S? jhi_service;Intel® Dynamic Application Loader Host Interface Service
S? Live Updater Service;Live Updater Service
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MpFilter;Microsoft Malware Protection Driver
S? mwlPSDFilter;mwlPSDFilter
S? mwlPSDNServ;mwlPSDNServ
S? mwlPSDVDisk;mwlPSDVDisk
S? NOBU;Norton Online Backup
S? NTI IScheduleSvc;NTI IScheduleSvc
S? RSBASTOR;Realtek PCIE CardReader Driver - BA
S? RTL8167;Realtek 8167 NT Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? UNS;Intel® Management and Security Application User Notification Service
S? ZAtheros Wlan Agent;ZAtheros Wlan Agent
.
=============== File Associations ===============
.
FileExt: .chm: PDFlite.Document="C:\Program Files (x86)\PDFlite\pdflite.exe" "%1"
.
=============== Created Last 30 ================
.
2013-07-16 02:48:36    --------    d-----w-    C:\Users\eden\AppData\Roaming\SUPERAntiSpyware.com
2013-07-16 02:48:28    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-07-16 02:48:27    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-07-16 00:27:23    --------    d-----w-    C:\Users\eden\AppData\Local\Apps
2013-07-16 00:25:40    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50ED2A38-158A-4319-92F3-8BE593EC7A8E}\mpengine.dll
2013-07-14 07:50:31    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA4CE24E-A6DD-47E6-B294-5207C5286A56}\gapaengine.dll
2013-07-14 07:49:32    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-14 07:18:48    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-07-14 07:18:40    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-07-14 06:51:02    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-07-14 06:51:01    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 08:53:58    --------    d-----w-    C:\ProgramData\Samsung
2013-07-12 17:57:11    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{781F7977-9577-4F57-8B51-E06E786E1893}\mpengine.dll
2013-07-12 04:42:17    --------    d-----w-    C:\ProgramData\Atheros
2013-07-12 04:23:31    --------    d-----w-    C:\Users\eden\AppData\Roaming\Atheros
2013-07-12 04:23:12    --------    d-----w-    C:\Program Files (x86)\Common Files\Atheros
2013-07-12 04:19:32    --------    d-----w-    C:\ProgramData\Qualcomm Atheros
2013-07-11 23:47:34    9216    ----a-w-    C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 23:47:34    54784    ----a-w-    C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 23:47:34    4608    ----a-w-    C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 23:47:34    392704    ----a-w-    C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 23:47:33    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 23:47:33    314880    ----a-w-    C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 23:47:33    1011712    ----a-w-    C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 23:47:24    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-07-11 23:47:22    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-07-11 23:47:09    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-11 23:47:09    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 23:46:37    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-07-11 23:46:21    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 23:46:17    1732608    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 23:46:17    1402880    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 23:46:17    1393152    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 23:46:17    1367040    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 23:45:19    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-07-11 23:45:17    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-07-11 23:03:21    --------    d-----w-    C:\Users\eden\AppData\Local\ElevatedDiagnostics
2013-06-23 00:10:45    --------    d-----w-    C:\Program Files (x86)\Cisco Systems
2013-06-22 23:48:57    --------    d-----w-    C:\ProgramData\Cisco Systems
2013-06-18 06:35:07    --------    d-----w-    C:\Users\eden\AppData\Roaming\EZDownloader
2013-06-18 06:29:52    --------    d-----w-    C:\ProgramData\StarApp
.
==================== Find3M  ====================
.
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-28 20:57:17    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-28 20:57:17    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
.
============= FINISH:  8:05:46.56 ===============
 

.
==== Installed Programs ======================
.
 clear.fi SDK- Movie 2
 clear.fi SDK - MVP 2
µTorrent
7-Zip 9.20 (x64 edition)
AC3Filter (remove only)
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Instant Update Service
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5) MUI
Agatha Christie - Death on the Nile
Atheros Bluetooth Suite (64)
azzCardfile 4.1
Backup Manager V3
Bejeweled 3
Bing Bar
Chronicles of Albian
Chuzzle Deluxe
Cisco Connect
clear.fi Media
clear.fi Photo
Cradle of Rome 2
CyberLink MediaEspresso
D3DX10
Direct Show Ogg Vorbis Filter (remove only)
DivX Setup
Dolby Advanced Audio v2
Dora's World Adventure
eBay Worldwide
Evernote v. 4.5.2
FATE
Final Drive: Nitro
Fooz Kids
Fooz Kids Platform
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Update Helper
Governor of Poker 2 Premium Edition
GPL MPEG-1/2 DirectShow Decoder Filter
Identity Card
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
newsXpresso
NOOK for PC
Norton Online Backup
NTI Media Maker 9
OpenOffice.org 3.4.1
PDFlite 0.9.0.0
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Qualcomm Atheros WLAN and Bluetooth Client Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shared C Run-time for x64
Shredder
Skype™ 5.10
SUPERAntiSpyware
Synaptics Pointing Device Driver
Tales of Lagoona
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Veoh Web Player
Virtual Villagers 5 - New Believers
Welcome Center
WildTangent Games App
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Zuma's Revenge
.
==== End Of File ===========================
 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 16 July 2013 - 07:37 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 heavenseden

heavenseden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 July 2013 - 08:51 AM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-16 09:45:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: rne4qu1f.exe; Driver: C:\Users\eden\AppData\Local\Temp\kgldapog.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{546C2F47-B402-4FC8-AC4F-934BB7C3118C}\Connection@Name  isatap.{8B05E29F-1446-4BE2-BDF9-433BF1873969}
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{546C2F47-B402-4FC8-AC4F-934BB7C3118C}?\Device\{4B933133-6BCE-4A47-B610-8EB3501DF73B}?\Device\{6884BB36-7F37-483D-BC91-59737D97063A}?\Device\{4919EFD3-0037-40FF-AECA-FFFC6984CA73}?
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{546C2F47-B402-4FC8-AC4F-934BB7C3118C}"?"{4B933133-6BCE-4A47-B610-8EB3501DF73B}"?"{6884BB36-7F37-483D-BC91-59737D97063A}"?"{4919EFD3-0037-40FF-AECA-FFFC6984CA73}"?
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{546C2F47-B402-4FC8-AC4F-934BB7C3118C}?\Device\TCPIP6TUNNEL_{4B933133-6BCE-4A47-B610-8EB3501DF73B}?\Device\TCPIP6TUNNEL_{6884BB36-7F37-483D-BC91-59737D97063A}?\Device\TCPIP6TUNNEL_{4919EFD3-0037-40FF-AECA-FFFC6984CA73}?
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c018855b6f38                                                                  
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e006e6aabe54                                                                  
Reg  HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{546C2F47-B402-4FC8-AC4F-934BB7C3118C}@InterfaceName                       isatap.{8B05E29F-1446-4BE2-BDF9-433BF1873969}
Reg  HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{546C2F47-B402-4FC8-AC4F-934BB7C3118C}@ReusableType                        0
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c018855b6f38 (not active ControlSet)                                              
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e006e6aabe54 (not active ControlSet)                                              

---- EOF - GMER 2.1 ----
 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-16 09:45:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: rne4qu1f.exe; Driver: C:\Users\eden\AppData\Local\Temp\kgldapog.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{546C2F47-B402-4FC8-AC4F-934BB7C3118C}\Connection@Name  isatap.{8B05E29F-1446-4BE2-BDF9-433BF1873969}
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{546C2F47-B402-4FC8-AC4F-934BB7C3118C}?\Device\{4B933133-6BCE-4A47-B610-8EB3501DF73B}?\Device\{6884BB36-7F37-483D-BC91-59737D97063A}?\Device\{4919EFD3-0037-40FF-AECA-FFFC6984CA73}?
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{546C2F47-B402-4FC8-AC4F-934BB7C3118C}"?"{4B933133-6BCE-4A47-B610-8EB3501DF73B}"?"{6884BB36-7F37-483D-BC91-59737D97063A}"?"{4919EFD3-0037-40FF-AECA-FFFC6984CA73}"?
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{546C2F47-B402-4FC8-AC4F-934BB7C3118C}?\Device\TCPIP6TUNNEL_{4B933133-6BCE-4A47-B610-8EB3501DF73B}?\Device\TCPIP6TUNNEL_{6884BB36-7F37-483D-BC91-59737D97063A}?\Device\TCPIP6TUNNEL_{4919EFD3-0037-40FF-AECA-FFFC6984CA73}?
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c018855b6f38                                                                  
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e006e6aabe54                                                                  
Reg  HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{546C2F47-B402-4FC8-AC4F-934BB7C3118C}@InterfaceName                       isatap.{8B05E29F-1446-4BE2-BDF9-433BF1873969}
Reg  HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{546C2F47-B402-4FC8-AC4F-934BB7C3118C}@ReusableType                        0
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c018855b6f38 (not active ControlSet)                                              
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e006e6aabe54 (not active ControlSet)                                              

---- EOF - GMER 2.1 ----
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 16 July 2013 - 08:53 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 heavenseden

heavenseden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 July 2013 - 09:26 AM

ComboFix 13-07-15.01 - eden 07/16/2013  10:01:11.2.2 - x64
Running from: c:\users\eden\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-16 to 2013-07-16  )))))))))))))))))))))))))))))))
.
.
2013-07-16 14:10 . 2013-07-16 14:10    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-07-16 14:10 . 2013-07-16 14:10    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-16 02:48 . 2013-07-16 02:48    --------    d-----w-    c:\users\eden\AppData\Roaming\SUPERAntiSpyware.com
2013-07-16 02:48 . 2013-07-16 02:48    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-07-16 02:48 . 2013-07-16 02:48    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-07-16 00:27 . 2013-07-16 00:27    --------    d-----w-    c:\users\eden\AppData\Local\Apps
2013-07-16 00:25 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50ED2A38-158A-4319-92F3-8BE593EC7A8E}\mpengine.dll
2013-07-14 07:50 . 2013-06-19 09:02    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA4CE24E-A6DD-47E6-B294-5207C5286A56}\gapaengine.dll
2013-07-14 07:49 . 2013-06-17 06:10    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-14 07:18 . 2013-07-14 07:18    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-07-14 07:18 . 2013-07-14 07:19    --------    d-----w-    c:\program files\Microsoft Security Client
2013-07-14 06:51 . 2013-04-04 18:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-14 06:51 . 2013-07-14 06:51    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-13 08:53 . 2013-07-13 08:53    --------    d-----w-    c:\programdata\Samsung
2013-07-12 17:57 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{781F7977-9577-4F57-8B51-E06E786E1893}\mpengine.dll
2013-07-12 04:42 . 2013-07-12 04:42    --------    d-----w-    c:\programdata\Atheros
2013-07-12 04:23 . 2013-07-12 04:23    --------    d-----w-    c:\users\eden\AppData\Roaming\Atheros
2013-07-12 04:23 . 2013-07-12 04:23    --------    d-----w-    c:\program files (x86)\Common Files\Atheros
2013-07-12 04:19 . 2013-07-12 04:21    --------    d-----w-    c:\programdata\Qualcomm Atheros
2013-07-11 23:47 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 23:47 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 23:47 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 23:47 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 23:47 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-11 23:47 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-11 23:47 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2013-07-11 23:47 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-07-11 23:47 . 2013-06-04 06:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-07-11 23:47 . 2013-05-06 06:03    1887744    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-11 23:47 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 23:46 . 2013-06-05 03:34    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-07-11 23:46 . 2013-04-10 05:03    936448    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 23:46 . 2013-04-10 05:48    1732608    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 23:46 . 2013-04-10 05:46    1402880    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 23:46 . 2013-04-10 05:46    1393152    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 23:46 . 2013-04-10 05:46    1367040    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 23:45 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-11 23:45 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-11 23:03 . 2013-07-13 03:31    --------    d-----w-    c:\users\eden\AppData\Local\ElevatedDiagnostics
2013-06-23 00:10 . 2013-07-11 23:17    --------    d-----w-    c:\program files (x86)\Cisco Systems
2013-06-22 23:48 . 2013-06-22 23:48    --------    d-----w-    c:\programdata\Cisco Systems
2013-06-18 06:35 . 2013-06-18 06:35    --------    d-----w-    c:\users\eden\AppData\Roaming\EZDownloader
2013-06-18 06:29 . 2013-06-18 06:29    --------    d-----w-    c:\programdata\StarApp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 20:57 . 2012-03-29 01:52    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-28 20:57 . 2012-03-29 01:52    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 18:01 . 2011-03-29 01:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 12:50    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 12:50    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 12:50    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 12:50    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 12:50    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 12:50    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 12:50    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 12:50    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:50    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:50    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 12:50    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 12:50    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 12:50    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-30 07:10 . 2013-04-30 07:10    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 07:10 . 2013-04-30 07:10    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-04-30 07:10 . 2013-04-30 07:10    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-04-30 07:10 . 2013-04-30 07:10    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-04-30 07:10 . 2013-04-30 07:10    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 07:10 . 2013-04-30 07:10    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-04-30 07:10 . 2013-04-30 07:10    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-04-30 07:10 . 2013-04-30 07:10    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-04-30 07:10 . 2013-04-30 07:10    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-04-30 07:10 . 2013-04-30 07:10    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-04-30 07:10 . 2013-04-30 07:10    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-04-30 07:10 . 2013-04-30 07:10    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 07:10 . 2013-04-30 07:10    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 07:10 . 2013-04-30 07:10    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-04-30 07:10 . 2013-04-30 07:10    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-04-30 07:10 . 2013-04-30 07:10    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-04-30 07:10 . 2013-04-30 07:10    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-04-30 07:10 . 2013-04-30 07:10    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-04-30 07:10 . 2013-04-30 07:10    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-04-30 07:10 . 2013-04-30 07:10    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-04-30 07:10 . 2013-04-30 07:10    441856    ----a-w-    c:\windows\system32\html.iec
2013-04-30 07:10 . 2013-04-30 07:10    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-04-30 07:10 . 2013-04-30 07:10    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-04-30 07:10 . 2013-04-30 07:10    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-04-30 07:10 . 2013-04-30 07:10    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-04-30 07:10 . 2013-04-30 07:10    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-04-30 07:10 . 2013-04-30 07:10    235008    ----a-w-    c:\windows\system32\url.dll
2013-04-30 07:10 . 2013-04-30 07:10    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-04-30 07:10 . 2013-04-30 07:10    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-04-30 07:10 . 2013-04-30 07:10    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-30 07:10 . 2013-04-30 07:10    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-30 07:10 . 2013-04-30 07:10    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-04-30 07:10 . 2013-04-30 07:10    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-04-30 07:10 . 2013-04-30 07:10    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-04-30 07:10 . 2013-04-30 07:10    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-04-30 07:10 . 2013-04-30 07:10    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-04-30 07:10 . 2013-04-30 07:10    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-04-30 07:10 . 2013-04-30 07:10    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-30 07:10 . 2013-04-30 07:10    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-04-30 07:10 . 2013-04-30 07:10    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-04-30 07:10 . 2013-04-30 07:10    149504    ----a-w-    c:\windows\system32\occache.dll
2013-04-30 07:10 . 2013-04-30 07:10    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-04-30 07:10 . 2013-04-30 07:10    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-04-30 07:10 . 2013-04-30 07:10    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 07:10 . 2013-04-30 07:10    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-04-30 07:10 . 2013-04-30 07:10    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-04-30 07:10 . 2013-04-30 07:10    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-04-30 07:10 . 2013-04-30 07:10    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-04-30 07:10 . 2013-04-30 07:10    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-04-26 05:51 . 2013-06-12 12:50    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 12:50    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 12:49    1505280    ----a-w-    c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-11-28 4686848]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-24 1105488]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-16 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2012-02-29 08:19]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 02:48]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 02:48]
.
2013-07-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-07-14 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-22 12452456]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768]
"InstantUpdate"="c:\program files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe" [2012-04-07 124520]
"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\btvstack.exe" [2012-12-27 1023104]
"AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\athbttray.exe" [2012-12-27 801920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\eden\AppData\Roaming\Mozilla\Firefox\Profiles\ank3ww7i.default-1373935361490\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{CF4E2374-560F-F1FE-F94D-589775D9B379} - c:\programdata\sayfe ssauve\51c00991a5c3c.dll
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
AddRemove-{1FAB6406-40D5-75DB-5D82-062F40577333} - c:\progra~3\INSTAL~2\{AA6FD~1\Setup.exe
AddRemove-{A02893FE-69A2-28D8-A019-D1C4F6F992C2} - c:\progra~3\INSTAL~2\{0FDA2~1\Setup.exe
AddRemove-{D71ED893-3C83-988B-36CC-51209E80C6F5} - c:\progra~3\INSTAL~2\{D28F3~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-07-16  10:16:26 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-16 14:16
ComboFix2.txt  2013-02-03 20:35
.
Pre-Run: 47,503,851,520 bytes free
Post-Run: 47,512,932,352 bytes free
.
- - End Of File - - 63D2729620532A777C02ADE7A012EF6E
D41D8CD98F00B204E9800998ECF8427E
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 16 July 2013 - 11:49 PM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 heavenseden

heavenseden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 17 July 2013 - 11:30 AM

problem still happening

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
eden :: EDEN-PC [administrator]

7/17/2013 10:09:49 AM
mbam-log-2013-07-17 (10-09-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 371581
Time elapsed: 58 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#8 heavenseden

heavenseden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 18 July 2013 - 12:47 AM

whats next?



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 18 July 2013 - 01:20 AM

Doesn´t look like a malware related problem...

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 heavenseden

heavenseden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 18 July 2013 - 05:04 AM

C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhhhgfppobjpdcfnjpfljlhlchidbpp\1\51c00991a5a3e1.98470866.js    Win32/Adware.MultiPlug.H application
C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelcnafofmienbbakmghchiggohjnenh\1\5128e111c45789.77334372.js    Win32/Adware.MultiPlug.H application
C:\Users\eden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCWLPAC5\yontoosetup[1].exe    multiple threats
C:\Users\eden\AppData\Local\Temporary Internet Files\Content.IE5\DCWLPAC5\yontoosetup[1].exe    multiple threats
C:\Users\eden\dloads\Roxio_Easy_Media_Creator_Suite_v10_0_044_[h33t][migel].exe    Win32/Adware.1ClickDownload.Y application
C:\Users\eden\dloads\s02e01_-_Meadow_Lake.mp4.exe    Win32/Adware.1ClickDownload.AM application
C:\Users\eden\Downloads\William_Pierce_-_The_Turner_Diaries__Audio_Book.exe    Win32/Adware.1ClickDownload.AM application
C:\Users\eden\Local Settings\Google\Chrome\User Data\Default\Extensions\nnhhhgfppobjpdcfnjpfljlhlchidbpp\1\51c00991a5a3e1.98470866.js    Win32/Adware.MultiPlug.H application
C:\Users\eden\Local Settings\Google\Chrome\User Data\Default\Extensions\oelcnafofmienbbakmghchiggohjnenh\1\5128e111c45789.77334372.js    Win32/Adware.MultiPlug.H application
C:\Users\eden\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCWLPAC5\yontoosetup[1].exe    multiple threats
C:\Users\eden\Local Settings\Temporary Internet Files\Content.IE5\DCWLPAC5\yontoosetup[1].exe    multiple threats
 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 18 July 2013 - 06:14 AM

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 heavenseden

heavenseden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 18 July 2013 - 08:05 AM

Farbar Service Scanner Version: 13-07-2013
Ran by eden (administrator) on 18-07-2013 at 09:03:20
Running from "C:\Users\eden\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 18 July 2013 - 08:12 AM

Nope, your problem isn´t malware related.

Let´s check the system files:

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 heavenseden

heavenseden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 18 July 2013 - 09:01 AM

windows resource protection show no integrity errors.

malware was removed in the i am infected forum before i was insructed to come here.



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 18 July 2013 - 09:28 AM

Windows Repair (all-in-one)

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC by clicking Do it

Capture.gif


On the Start Repairs tab, click Start.
Within the opening window, hit unselect all.
Check only the following:



  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair Windows Firewall
  • Repair Windows Updates


then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users