Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my dds logs,Cant kill 0acess


  • This topic is locked This topic is locked
14 replies to this topic

#1 Oliviaaugust

Oliviaaugust

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 17 July 2013 - 11:09 AM

Edit: AII topic

http://www.bleepingcomputer.com/forums/t/501223/unable-to-download-says-virus-detected-deleted/page-2#entry3106433

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 8/29/2011 12:17:45 PM
System Uptime: 7/17/2013 6:53:02 AM (3 hours ago)
.
Motherboard: LENOVO |  | Emerald Lake
Processor: Intel® Pentium® CPU B940 @ 2.00GHz | CPU | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 422 GiB total, 359.048 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 28.905 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ROOT\SYSTEM\0001
Manufacturer: 
Name: 
PNP Device ID: ROOT\SYSTEM\0001
Service: 
.
==== System Restore Points ===================
.
RP292: 7/15/2013 8:39:15 PM - Windows Update
RP294: 7/15/2013 8:47:06 PM - Windows Backup
RP295: 7/15/2013 10:35:32 PM - Removed Microsoft Silverlight
RP296: 7/15/2013 10:36:19 PM - Removed Bonjour
RP297: 7/15/2013 10:37:07 PM - Removed ASPCA Reminder by We-Care.com v4.1.22.1
RP298: 7/15/2013 11:11:29 PM - Windows Update
RP299: 7/15/2013 11:31:38 PM - Removed Microsoft Silverlight
RP300: 7/15/2013 11:32:18 PM - Removed Microsoft Silverlight
RP301: 7/16/2013 2:38:10 PM - avast! Free Antivirus Setup
RP302: 7/16/2013 7:37:25 PM - Installed Java 7 Update 25
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
aioprnt
aioscnnr
Atheros Client Installation Program
Best Buy pc app
BioExcess
C4USelfUpdater
center
Cobian Backup 11 Gravity
CyberLink YouCam
D3DX10
DAEMON Tools Pro
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EgisTec ES603 WDM Driver
Energy Management
ES603 WDM Driver
ESET Online Scanner v3
essentials
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java 7 Update 25
Java Auto Updater
Java™ SE Development Kit 6
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
ksDIP
Lenovo EasyCamera
Lenovo EE Boot Optimizer
Lenovo OneKey Recovery
Lenovo Security Suite
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
ocr
Port Locker
PreReq
Quick PDF Reader
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Spybot - Search & Destroy
swMSM
Synaptics Pointing Device Driver
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VeriFace
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
.
==== End Of File ===========================
 
 


DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Maeco at 9:06:53 on 2013-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4010.2077 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k apphost
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\windows\system32\mqsvc.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Users\Maeco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\WebCam\S6000\S6000Mnt.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uSearchAssistant = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [FDPRO-516] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Spotify Web Helper] "C:\Users\Maeco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleChromeAutoLaunch_539E5F7AAB7CD9CB9BD735DFF8991BC5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [S6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [ShopAtHomeWatcher] C:\Users\Maeco\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
mRun: [kbdsprt] <no file>
StartupFolder: C:\Users\Maeco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A6EE62A3-89EF-4807-828B-4570C37AC275} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A6EE62A3-89EF-4807-828B-4570C37AC275}\144545133363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A6EE62A3-89EF-4807-828B-4570C37AC275}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A6EE62A3-89EF-4807-828B-4570C37AC275}\E45445745414252333 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Run: [EKIJ5000StatusMonitor] C:\windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-6-18 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-6-18 39008]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-6-18 13408]
R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-6-18 55880]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-6-18 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-6-18 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-6-18 62584]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-7-17 67584]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-18 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-14 317440]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-6-18 307304]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-18 333928]
R3 S6000KNT;S6000KNT_WebCam Driver;C:\windows\System32\drivers\S6000KNT.sys [2011-6-18 3293272]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-7-16 1153368]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 NisSrv;NisSrv;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-9-1 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\Winword.exe - HKCR\Unknown\Shell=C:\windows\System32\rundll32.exe C:\windows\System32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
.
=============== Created Last 30 ================
.
2013-07-17 15:56:30 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2013-07-17 15:37:49 -------- d-----w- C:\windows\ERUNT
2013-07-17 06:25:25 292 ----a-w- C:\windows\DeleteOnReboot.bat
2013-07-17 03:40:46 -------- d-----w- C:\Program Files (x86)\ESET
2013-07-17 02:38:53 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-17 02:13:21 -------- d--h--w- C:\windows\msdownld.tmp
2013-07-17 00:58:04 -------- d-s---w- C:\windows\SysWow64\Microsoft
2013-07-16 21:48:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-07-16 21:48:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-07-16 21:45:49 -------- d-----w- C:\Users\Maeco\AppData\Roaming\Malwarebytes
2013-07-16 21:45:35 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-16 21:45:05 -------- d-----w- C:\Users\Maeco\AppData\Local\Programs
2013-07-16 21:38:32 -------- d-----w- C:\Program Files\AVAST Software
2013-07-16 21:38:00 -------- d-----w- C:\ProgramData\AVAST Software
2013-07-16 06:29:19 -------- d-----w- C:\Program Files\office.tmp
2013-07-16 06:11:57 -------- d-----w- C:\windows\System32\MRT
2013-07-16 02:09:05 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-16 02:09:05 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-16 02:09:02 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-16 02:09:02 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-16 02:08:04 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-16 02:07:58 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-16 02:07:58 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-16 02:07:58 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-16 02:07:58 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-16 02:07:57 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-16 02:07:03 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-07-11 20:19:46 261632 ----a-w- C:\windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2013-07-11 20:11:11 -------- d-----w- C:\ProgramData\Visan
2013-07-11 20:10:39 -------- d-----w- C:\Users\Maeco\AppData\Local\Eastman_Kodak_Company
2013-07-11 20:08:48 -------- d-----w- C:\windows\SysWow64\spool
2013-07-11 20:07:33 -------- d-----w- C:\Users\Maeco\AppData\Roaming\KODAK AiO Home Center1040797609
2013-07-11 20:02:41 -------- d-----w- C:\ProgramData\Eastman Kodak Company
2013-07-11 20:02:40 -------- d-----w- C:\Users\Maeco\AppData\Local\Eastman Kodak Company
2013-07-11 20:01:47 -------- d-----w- C:\windows\SysWow64\kodak
2013-07-11 20:01:32 -------- d-----w- C:\Program Files (x86)\Kodak
2013-07-11 19:51:41 -------- d-----w- C:\Users\Maeco\AppData\Roaming\Temp
2013-07-11 19:50:35 33958 ----a-w- C:\ProgramData\uninstaller.exe
2013-07-10 17:58:17 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-02 23:32:27 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD8A252C-A3C0-4606-8417-323B884B75F7}\offreg.dll
2013-07-02 16:49:01 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD8A252C-A3C0-4606-8417-323B884B75F7}\mpengine.dll
2013-07-01 15:11:35 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 02:50:03 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0356A491-7873-48D5-A300-5685F1AC14AB}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-07-17 02:38:40 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-07-17 02:38:40 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-06-12 03:33:00 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 03:33:00 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-22 15:21:06 4325376 ----a-w- C:\ProgramData\ReadOnlyInstaller.msi
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
.
============= FINISH:  9:07:22.25 ===============


I cant enable my firewall and I am unable to download anything on internet explorer

Edited by boopme, 17 July 2013 - 11:35 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 PM

Posted 19 July 2013 - 06:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 Oliviaaugust

Oliviaaugust
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 19 July 2013 - 10:56 AM

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Maeco [Admin rights]
Mode : Remove -- Date : 07/19/2013 08:49:47
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : ShopAtHomeWatcher (C:\Users\Maeco\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [x]) -> DELETED
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4666 : wscript.exe - C:\Users\Maeco\AppData\Local\Temp\launchie.vbs //B -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] Backup : C:\Program Files\Microsoft Security Client\Backup >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] DbgHelp.dll : C:\Program Files\Microsoft Security Client\DbgHelp.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] Drivers : C:\Program Files\Microsoft Security Client\Drivers >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] en-us : C:\Program Files\Microsoft Security Client\en-us >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] EppManifest.dll : C:\Program Files\Microsoft Security Client\EppManifest.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Microsoft Security Client\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Microsoft Security Client\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Microsoft Security Client\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Microsoft Security Client\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] mpevmsg.dll : C:\Program Files\Microsoft Security Client\mpevmsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpOAv.dll : C:\Program Files\Microsoft Security Client\MpOAv.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Microsoft Security Client\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Microsoft Security Client\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MSESysprep.dll : C:\Program Files\Microsoft Security Client\MSESysprep.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Microsoft Security Client\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpEng.exe : C:\Program Files\Microsoft Security Client\MsMpEng.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Microsoft Security Client\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Microsoft Security Client\MsMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] msseces.exe : C:\Program Files\Microsoft Security Client\msseces.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] msseoobe.exe : C:\Program Files\Microsoft Security Client\msseoobe.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] msseooberes.dll : C:\Program Files\Microsoft Security Client\msseooberes.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsseWat.dll : C:\Program Files\Microsoft Security Client\MsseWat.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] NisIpsPlugin.dll : C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] NisLog.dll : C:\Program Files\Microsoft Security Client\NisLog.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] NisSrv.exe : C:\Program Files\Microsoft Security Client\NisSrv.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] NisWFP.dll : C:\Program Files\Microsoft Security Client\NisWFP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] Setup.exe : C:\Program Files\Microsoft Security Client\Setup.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] SetupRes.dll : C:\Program Files\Microsoft Security Client\SetupRes.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] shellext.dll : C:\Program Files\Microsoft Security Client\shellext.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] SqmApi.dll : C:\Program Files\Microsoft Security Client\SqmApi.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] SymSrv.dll : C:\Program Files\Microsoft Security Client\SymSrv.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Microsoft Security Client\SymSrv.yes >> \systemroot\system32\config [-] --> Junction DELETED
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: HITACHI HTS547550A9E384 +++++
--- User ---
[MBR] deeae7146a9d4b142de553ed4669691d
[BSP] 800c33bb1e599447154404392d757bbe : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_07192013_084947.txt >>
RKreport[0]_S_07192013_084932.txt


#4 Oliviaaugust

Oliviaaugust
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 19 July 2013 - 11:27 AM

ComboFix 13-07-18.04 - Maeco 07/19/2013   9:06.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4010.2436 [GMT -7:00]
Running from: c:\users\Maeco\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\uninstaller.exe
c:\users\Maeco\Documents\~WRL2111.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-19 to 2013-07-19  )))))))))))))))))))))))))))))))
.
.
2013-07-19 16:14 . 2013-07-19 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-17 15:56 . 2013-07-17 15:56 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2013-07-17 15:37 . 2013-07-17 15:37 -------- d-----w- c:\windows\ERUNT
2013-07-17 06:25 . 2013-07-17 06:25 292 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-17 03:40 . 2013-07-17 03:40 -------- d-----w- c:\program files (x86)\ESET
2013-07-17 02:38 . 2013-07-17 02:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-17 02:13 . 2013-07-17 02:13 -------- d--h--w- c:\windows\msdownld.tmp
2013-07-17 00:58 . 2013-07-17 00:58 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-07-16 21:48 . 2013-07-16 22:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-16 21:48 . 2013-07-16 21:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-07-16 21:45 . 2013-07-16 21:45 -------- d-----w- c:\users\Maeco\AppData\Roaming\Malwarebytes
2013-07-16 21:45 . 2013-07-16 21:45 -------- d-----w- c:\programdata\Malwarebytes
2013-07-16 21:45 . 2013-07-16 21:45 -------- d-----w- c:\users\Maeco\AppData\Local\Programs
2013-07-16 21:39 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-07-16 21:38 . 2013-07-17 01:11 -------- d-----w- c:\program files\AVAST Software
2013-07-16 21:38 . 2013-07-17 00:58 -------- d-----w- c:\programdata\AVAST Software
2013-07-16 06:29 . 2013-07-16 06:34 -------- d-----w- c:\program files\office.tmp
2013-07-16 06:11 . 2013-07-16 06:14 -------- d-----w- c:\windows\system32\MRT
2013-07-16 02:09 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-16 02:09 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-16 02:09 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-16 02:09 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-16 02:08 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-16 02:07 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-16 02:07 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-16 02:07 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-16 02:07 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-16 02:07 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-16 02:07 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 20:19 . 2012-10-08 17:06 261632 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2013-07-11 20:11 . 2013-07-11 20:11 -------- d-----w- c:\programdata\Visan
2013-07-11 20:10 . 2013-07-16 03:31 -------- d-----w- c:\users\Maeco\AppData\Local\Eastman_Kodak_Company
2013-07-11 20:08 . 2013-07-11 20:08 -------- d-----w- c:\windows\SysWow64\spool
2013-07-11 20:07 . 2013-07-11 20:07 -------- d-----w- c:\users\Maeco\AppData\Roaming\KODAK AiO Home Center1040797609
2013-07-11 20:02 . 2013-07-11 20:02 -------- d-----w- c:\programdata\Eastman Kodak Company
2013-07-11 20:02 . 2013-07-11 20:10 -------- d-----w- c:\users\Maeco\AppData\Local\Eastman Kodak Company
2013-07-11 20:01 . 2013-07-11 20:09 -------- d-----w- c:\windows\SysWow64\kodak
2013-07-11 20:01 . 2013-07-11 20:08 -------- d-----w- c:\program files (x86)\Kodak
2013-07-11 20:01 . 2013-07-11 20:01 -------- d-----w- c:\programdata\Apple
2013-07-10 17:58 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-02 16:49 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 02:50 . 2013-06-21 02:49 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0356A491-7873-48D5-A300-5685F1AC14AB}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 16:16 . 2012-01-22 03:40 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-07-17 02:38 . 2013-04-02 03:50 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-17 02:38 . 2012-03-18 21:05 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-16 03:55 . 2013-05-08 22:53 564432 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-06-24 07:57 . 2011-09-26 01:44 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 03:33 . 2012-05-03 19:57 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 03:33 . 2011-09-06 04:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-22 15:21 . 2013-05-22 15:21 4325376 ----a-w- c:\programdata\ReadOnlyInstaller.msi
2013-05-21 09:52 . 2013-05-21 09:52 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-16 15:14 . 2010-06-24 11:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 21:58 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 21:58 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 21:58 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 21:58 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 21:58 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 21:58 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 21:58 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 21:58 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 21:58 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 21:58 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 21:59 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 21:59 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 21:59 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 15:16 . 2013-04-30 15:16 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 15:16 . 2013-04-30 15:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 15:16 . 2013-04-30 15:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 15:16 . 2013-04-30 15:16 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 15:16 . 2013-04-30 15:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 15:16 . 2013-04-30 15:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 15:16 . 2013-04-30 15:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 15:16 . 2013-04-30 15:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 15:16 . 2013-04-30 15:16 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 15:16 . 2013-04-30 15:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 15:16 . 2013-04-30 15:16 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 15:16 . 2013-04-30 15:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 15:16 . 2013-04-30 15:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 15:16 . 2013-04-30 15:16 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 15:16 . 2013-04-30 15:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 15:16 . 2013-04-30 15:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 15:16 . 2013-04-30 15:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 15:16 . 2013-04-30 15:16 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 15:16 . 2013-04-30 15:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 15:16 . 2013-04-30 15:16 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 15:16 . 2013-04-30 15:16 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 15:16 . 2013-04-30 15:16 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 15:16 . 2013-04-30 15:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 15:16 . 2013-04-30 15:16 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 15:16 . 2013-04-30 15:16 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 15:16 . 2013-04-30 15:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 15:16 . 2013-04-30 15:16 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 15:16 . 2013-04-30 15:16 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 15:16 . 2013-04-30 15:16 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 15:16 . 2013-04-30 15:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 15:16 . 2013-04-30 15:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 15:16 . 2013-04-30 15:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 15:16 . 2013-04-30 15:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 15:16 . 2013-04-30 15:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 15:16 . 2013-04-30 15:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 15:16 . 2013-04-30 15:16 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 15:16 . 2013-04-30 15:16 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 15:16 . 2013-04-30 15:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 15:16 . 2013-04-30 15:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 15:16 . 2013-04-30 15:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 15:16 . 2013-04-30 15:16 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 15:16 . 2013-04-30 15:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 15:16 . 2013-04-30 15:16 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 15:16 . 2013-04-30 15:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 15:16 . 2013-04-30 15:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 15:16 . 2013-04-30 15:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 15:16 . 2013-04-30 15:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 15:16 . 2013-04-30 15:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 15:16 . 2013-04-30 15:16 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-26 05:51 . 2013-06-12 21:59 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 21:59 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 21:58 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Maeco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-03-12 1199000]
"GoogleChromeAutoLaunch_539E5F7AAB7CD9CB9BD735DFF8991BC5"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096]
"PLTSR"="c:\program files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [2010-10-22 364400]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-06-18 329056]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 gxubxeme;gxubxeme;c:\windows\system32\drivers\gxubxeme.sys;c:\windows\SYSNATIVE\drivers\gxubxeme.sys [x]
R1 qurpkkhi;qurpkkhi;c:\windows\system32\drivers\qurpkkhi.sys;c:\windows\SYSNATIVE\drivers\qurpkkhi.sys [x]
R1 vnsrlzgi;vnsrlzgi;c:\windows\system32\drivers\vnsrlzgi.sys;c:\windows\SYSNATIVE\drivers\vnsrlzgi.sys [x]
R1 vulzrvcp;vulzrvcp;c:\windows\system32\drivers\vulzrvcp.sys;c:\windows\SYSNATIVE\drivers\vulzrvcp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys;c:\windows\SYSNATIVE\DRIVERS\EgisTecFF.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys;c:\windows\SYSNATIVE\Drivers\S6000KNT.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-16 03:57 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 03:33]
.
2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-13 16:36]
.
2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-13 16:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-06-18 16:19 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-06-18 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-06-18 5908928]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-06-18 114688]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = about:blank
Trusted Zone: csumentor.edu\secure
TCP: DhcpNameServer = 192.168.1.1
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-!{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
Wow6432Node-HKCU-Run-FDPRO-516 - c:\program files (x86)\Fighters\FighterLauncher.exe
Wow6432Node-HKCU-Run-DAEMON Tools Pro Agent - c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe
Wow6432Node-HKLM-Run-S6000Mnt - S6000Rmv.dll
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
Wow6432Node-HKLM-Run-kbdsprt - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
c:\users\Maeco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe
Toolbar-Locked - (no file)
Toolbar-!{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{42435041-2D53-4154-00A7-7A786E7484D7} - (no file)
WebBrowser-{42435041-3300-A76A-76A7-7A786E7484D7} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-DAEMON Tools Pro - c:\program files (x86)\DAEMON Tools Pro\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-07-19  09:22:44 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-19 16:22
.
Pre-Run: 385,500,565,504 bytes free
Post-Run: 385,094,557,696 bytes free
.
- - End Of File - - 7E9375A12811D9D20524CF4248A5E297
D41D8CD98F00B204E9800998ECF8427E


#5 Oliviaaugust

Oliviaaugust
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 19 July 2013 - 11:33 AM

Ok so I am now able to download files using internet explorer. THANK YOU!!!! I do have a lot of new programs on my computer. How do I keep my computer clean to prevent these problems again ie what programs do I need to keep on my computer and how often should I run them?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 PM

Posted 19 July 2013 - 12:14 PM


Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Will take care of the cleanup after this.

Edited by nasdaq, 19 July 2013 - 12:15 PM.


#7 Oliviaaugust

Oliviaaugust
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 19 July 2013 - 12:57 PM

 Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 25  
 Java™ SE Development Kit 6 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 PM

Posted 19 July 2013 - 01:38 PM

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===
Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#9 Oliviaaugust

Oliviaaugust
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 19 July 2013 - 01:51 PM

Thank You so much for all your help!!



#10 Oliviaaugust

Oliviaaugust
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 19 July 2013 - 07:08 PM

Everything was fine until i restarted my computer now all i am getting is a black screen i can only log in in safe mode dont know what the problem is now 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 PM

Posted 20 July 2013 - 06:30 AM

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#12 Oliviaaugust

Oliviaaugust
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 23 July 2013 - 01:13 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by Maeco (administrator) on 23-07-2013 11:10:39
Running from C:\Users\Maeco\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\windows\system32\mqsvc.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Spotify Ltd) C:\Users\Maeco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(BitTorrent Inc.) C:\Users\Maeco\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-06-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-06-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-06-18] (Lenovo)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Maeco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199000 2013-03-11] (Spotify Ltd)
HKCU\...\Run: [GoogleChromeAutoLaunch_539E5F7AAB7CD9CB9BD735DFF8991BC5] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288 2013-07-12] (Google Inc.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [PLTSR] - "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-06-18] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Administrator\...\Policies\system: [LogonHoursAction] 2
HKU\Administrator\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - !{f999a48b-1950-4d81-9971-79018f807b4b} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} -  No File
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
Toolbar: HKCU - No Name - {42435041-2D53-4154-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {42435041-3300-A76A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @ei.Retrogamer_4w.com/Plugin - C:\Program Files (x86)\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Maeco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\bingober70723115.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\bingober74562113.xml
FF Extension: uTorrentBar Community Toolbar - \Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Retrogamer Installer Plugin Stub) - C:\Program Files (x86)\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Unity Player) - C:\Users\Maeco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (avast! Online Security) - C:\Users\Maeco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Maeco\AppData\Local\Temp\crx13E.tmp
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Maeco\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
 
==================== Services (Whitelisted) =================
 
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)
U3 BcmSqlStartupSvc; 
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
S1 gxubxeme; \??\C:\windows\system32\drivers\gxubxeme.sys [x]
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
S1 qurpkkhi; \??\C:\windows\system32\drivers\qurpkkhi.sys [x]
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 
S1 vnsrlzgi; \??\C:\windows\system32\drivers\vnsrlzgi.sys [x]
S1 vulzrvcp; \??\C:\windows\system32\drivers\vulzrvcp.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-23 11:10 - 2013-07-23 11:10 - 00000000 ____D C:\FRST
2013-07-23 11:09 - 2013-07-23 11:11 - 00000000 ____D C:\Users\Maeco\Downloads\Boy Meets World Season 1 - 7 DVDRip
2013-07-23 11:09 - 2013-07-23 11:09 - 01779757 _____ (Farbar) C:\Users\Maeco\Desktop\FRST64.exe
2013-07-20 11:15 - 2013-07-20 11:15 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2013-07-20 11:15 - 2013-07-20 11:15 - 00000000 ____D C:\Users\DefaultAppPool
2013-07-20 11:15 - 2013-05-11 03:05 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2013-07-20 11:15 - 2011-06-18 09:31 - 00002104 _____ C:\Users\DefaultAppPool\Desktop\OneKey Recovery.lnk
2013-07-20 11:15 - 2010-12-18 22:31 - 00000189 _____ C:\Users\DefaultAppPool\Desktop\Lenovo Telephony Start Now.url
2013-07-19 18:09 - 2013-07-19 20:16 - 00000000 ____D C:\Users\Secondary
2013-07-19 18:09 - 2013-05-11 03:05 - 00000000 ____D C:\Users\Secondary\AppData\Local\Microsoft Help
2013-07-19 18:09 - 2010-12-18 22:31 - 00000189 _____ C:\Users\Secondary\Desktop\Lenovo Telephony Start Now.url
2013-07-19 17:56 - 2013-07-19 20:16 - 00000000 ____D C:\ProgramData\PrintProjects
2013-07-19 17:56 - 2013-07-19 20:16 - 00000000 ____D C:\Program Files (x86)\PrintProjects
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\Users\Maeco\AppData\Local\Privatefirewall
2013-07-19 13:57 - 2013-07-19 15:12 - 00000000 ____D C:\Users\Administrator
2013-07-19 13:57 - 2013-05-11 03:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-07-19 13:57 - 2010-12-18 22:31 - 00000189 _____ C:\Users\Administrator\Desktop\Lenovo Telephony Start Now.url
2013-07-19 13:24 - 2013-07-19 13:24 - 00000000 ____D C:\ProgramData\Privacyware
2013-07-19 13:24 - 2013-07-19 13:24 - 00000000 ____D C:\Program Files (x86)\Privacyware
2013-07-19 11:55 - 2013-07-19 11:59 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-07-19 11:53 - 2013-07-19 20:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 11:45 - 2013-07-19 20:16 - 00000000 ___SD C:\ComboFix
2013-07-19 11:35 - 2013-07-19 11:35 - 00001413 _____ C:\Users\Maeco\Desktop\Internet Explorer.lnk
2013-07-19 11:05 - 2013-07-19 11:05 - 00891062 _____ C:\Users\Maeco\Desktop\SecurityCheck (1).exe
2013-07-19 11:04 - 2013-07-19 11:04 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-19 11:03 - 2013-07-19 11:03 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-19 10:53 - 2013-07-19 10:54 - 00891062 _____ C:\Users\Maeco\Desktop\SecurityCheck.exe
2013-07-19 09:53 - 2013-07-19 09:53 - 00000857 _____ C:\Users\Maeco\Desktop\µTorrent.lnk
2013-07-19 09:53 - 2013-07-19 09:53 - 00000837 _____ C:\Users\Maeco\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-19 09:52 - 2013-07-19 09:52 - 01129552 _____ (BitTorrent Inc.) C:\Users\Maeco\Desktop\utorrent.exe
2013-07-19 09:22 - 2013-07-19 09:22 - 00031186 _____ C:\ComboFix.txt
2013-07-19 09:03 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-19 09:01 - 2013-07-19 09:01 - 00002117 _____ C:\Users\Maeco\Desktop\Microsoft Security Essentials.lnk
2013-07-19 08:57 - 2013-07-19 11:45 - 00000000 ____D C:\windows\erdnt
2013-07-19 08:47 - 2013-07-19 20:16 - 00000000 ____D C:\Users\Maeco\Desktop\RK_Quarantine
2013-07-19 08:46 - 2013-07-19 08:46 - 03778560 _____ C:\Users\Maeco\Desktop\RogueKillerX64.exe
2013-07-17 09:06 - 2013-07-17 09:06 - 00688992 ____R (Swearware) C:\Users\Maeco\Desktop\dds.com
2013-07-17 08:56 - 2013-07-17 08:56 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-07-17 08:54 - 2013-07-17 08:55 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Maeco\Desktop\cbSetup.exe
2013-07-17 08:37 - 2013-07-17 08:37 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\Maeco\Desktop\JRT.exe
2013-07-17 08:37 - 2013-07-17 08:37 - 00000000 ____D C:\windows\ERUNT
2013-07-16 23:25 - 2013-07-16 23:25 - 00011093 _____ C:\AdwCleaner[S2].txt
2013-07-16 23:25 - 2013-07-16 23:25 - 00000292 _____ C:\windows\DeleteOnReboot.bat
2013-07-16 22:11 - 2013-07-16 22:11 - 00000324 _____ C:\AdwCleaner[S1].txt
2013-07-16 22:09 - 2013-07-16 22:09 - 00011024 _____ C:\AdwCleaner[R1].txt
2013-07-16 20:46 - 2013-07-16 20:46 - 00662345 _____ C:\Users\Maeco\Desktop\AdwCleaner.exe
2013-07-16 20:40 - 2013-07-16 20:40 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-16 20:36 - 2013-07-16 20:36 - 02347384 _____ (ESET) C:\Users\Maeco\Desktop\esetsmartinstaller_enu.exe
2013-07-16 20:35 - 2013-07-16 20:35 - 04745728 _____ (AVAST Software) C:\Users\Maeco\Desktop\aswMBR.exe
2013-07-16 20:35 - 2013-07-16 20:35 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Maeco\Desktop\tdsskiller.exe
2013-07-16 19:50 - 2013-07-16 19:36 - 00450026 ____R C:\windows\system32\Drivers\etc\hosts.20130716-195053.backup
2013-07-16 19:38 - 2013-07-16 19:38 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-07-16 19:38 - 2013-07-16 19:38 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-07-16 19:38 - 2013-07-16 19:38 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-07-16 19:38 - 2013-07-16 19:38 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-16 19:13 - 2013-07-16 19:13 - 00000000 ___HD C:\windows\msdownld.tmp
2013-07-16 15:37 - 2013-07-16 15:35 - 00450026 ____R C:\windows\system32\Drivers\etc\hosts.20130716-153738.backup
2013-07-16 15:35 - 2009-06-10 14:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts.20130716-153517.backup
2013-07-16 15:31 - 2013-07-16 15:31 - 00000545 _____ C:\windows\wininit.ini
2013-07-16 14:49 - 2013-07-16 14:49 - 00001258 _____ C:\Users\Maeco\Desktop\Spybot - Search & Destroy.lnk
2013-07-16 14:48 - 2013-07-19 21:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-16 14:48 - 2013-07-19 20:16 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-07-16 14:45 - 2013-07-19 17:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-16 14:45 - 2013-07-16 14:45 - 00000000 ____D C:\Users\Maeco\AppData\Roaming\Malwarebytes
2013-07-16 14:39 - 2013-07-16 14:39 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Maeco\Desktop\rkill.com
2013-07-16 14:39 - 2013-07-16 14:39 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-16 14:39 - 2013-07-16 14:39 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-16 14:39 - 2013-07-16 14:39 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-16 14:39 - 2013-07-16 14:39 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-16 14:39 - 2013-07-16 14:39 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-16 14:39 - 2013-05-09 01:58 - 00287840 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-07-16 14:38 - 2013-07-16 18:11 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-16 14:38 - 2013-07-16 17:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-15 23:29 - 2013-07-15 23:34 - 00000000 ____D C:\Program Files\office.tmp
2013-07-15 23:11 - 2013-07-15 23:14 - 00000000 ____D C:\windows\system32\MRT
2013-07-15 21:05 - 2013-06-11 16:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-15 21:05 - 2013-06-11 16:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-15 21:05 - 2013-06-11 16:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-15 21:05 - 2013-06-11 16:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-15 21:05 - 2013-06-11 16:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-15 21:05 - 2013-06-11 16:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-15 21:05 - 2013-06-11 16:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-15 21:05 - 2013-06-11 16:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-15 21:05 - 2013-06-11 16:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-15 21:05 - 2013-06-11 16:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-15 21:05 - 2013-06-11 16:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-15 21:05 - 2013-06-11 16:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-15 21:05 - 2013-06-11 16:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-15 21:05 - 2013-06-11 16:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-15 21:05 - 2013-06-11 16:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-15 21:05 - 2013-06-11 16:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-15 21:05 - 2013-06-11 16:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-15 21:05 - 2013-06-11 16:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-15 21:05 - 2013-06-11 16:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-15 21:05 - 2013-06-11 16:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-15 21:05 - 2013-06-11 16:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-15 21:05 - 2013-06-11 16:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-15 21:05 - 2013-06-11 16:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-15 21:05 - 2013-06-11 16:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-15 21:05 - 2013-06-11 16:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-15 21:05 - 2013-06-11 16:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-15 21:05 - 2013-06-11 16:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-15 21:05 - 2013-06-11 15:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-15 21:05 - 2013-06-11 15:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-15 21:05 - 2013-06-06 20:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-15 21:05 - 2013-06-06 19:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-15 19:09 - 2013-06-03 23:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-15 19:09 - 2013-06-03 21:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-15 19:09 - 2013-05-05 23:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-15 19:09 - 2013-05-05 21:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-15 19:08 - 2013-06-04 20:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-15 19:07 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-11 13:11 - 2013-07-11 13:11 - 00000000 ____D C:\ProgramData\Visan
2013-07-11 13:10 - 2013-07-19 20:16 - 00000000 ____D C:\Users\Maeco\AppData\Local\Eastman_Kodak_Company
2013-07-11 13:10 - 2013-07-11 13:10 - 00002156 _____ C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
2013-07-11 13:08 - 2013-07-11 13:08 - 00000000 ____D C:\windows\SysWOW64\spool
2013-07-11 13:07 - 2013-07-11 13:07 - 00000000 ____D C:\Users\Maeco\AppData\Roaming\KODAK AiO Home Center1040797609
2013-07-11 13:06 - 2013-07-11 13:06 - 00000183 _____ C:\Users\Maeco\AppData\Local\LaunchHomeCenter.log
2013-07-11 13:02 - 2013-07-19 17:56 - 00000000 ____D C:\Users\Maeco\AppData\Local\Eastman Kodak Company
2013-07-11 13:02 - 2013-07-11 13:07 - 00000926 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-07-11 13:01 - 2013-07-19 20:16 - 00000000 ____D C:\Program Files (x86)\Kodak
2013-07-11 13:01 - 2013-07-11 13:09 - 00000000 ____D C:\windows\SysWOW64\kodak
2013-07-11 13:01 - 2013-07-11 13:01 - 00000000 ____D C:\ProgramData\Apple
2013-07-11 12:51 - 2013-07-11 12:51 - 01452072 _____ (Eastman Kodak Company) C:\Users\Maeco\Downloads\aio_install.exe
2013-07-11 12:39 - 2013-07-11 12:39 - 00003126 _____ C:\windows\System32\Tasks\{0B08BAD4-F06E-4D1C-818A-F77B38FB6C55}
2013-07-10 10:58 - 2013-04-02 15:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-05 17:06 - 2013-07-19 20:16 - 00000000 ____D C:\Users\Maeco\Downloads\This.Is.The.End.2013.TS.READNFO.XViD-JUSTiCE
 
==================== One Month Modified Files and Folders =======
 
2013-07-23 11:12 - 2012-11-04 19:00 - 00000000 ____D C:\Users\Maeco\AppData\Roaming\uTorrent
2013-07-23 11:11 - 2013-07-23 11:09 - 00000000 ____D C:\Users\Maeco\Downloads\Boy Meets World Season 1 - 7 DVDRip
2013-07-23 11:10 - 2013-07-23 11:10 - 00000000 ____D C:\FRST
2013-07-23 11:09 - 2013-07-23 11:09 - 01779757 _____ (Farbar) C:\Users\Maeco\Desktop\FRST64.exe
2013-07-23 11:03 - 2011-09-01 23:18 - 00003950 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{4FF5F663-1D4E-4EC5-811A-8742E3F5E9A0}
2013-07-23 10:36 - 2012-09-13 09:36 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 10:29 - 2012-05-03 12:57 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 05:52 - 2011-06-18 08:45 - 01780600 _____ C:\windows\WindowsUpdate.log
2013-07-22 21:22 - 2012-03-27 22:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-22 21:09 - 2011-09-03 17:54 - 00000000 ____D C:\ProgramData\Kodak
2013-07-22 16:49 - 2011-06-18 09:19 - 04515311 _____ C:\FaceProv.log
2013-07-22 16:49 - 2011-06-18 09:19 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-22 16:36 - 2012-09-13 09:36 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-22 08:55 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-22 08:55 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-20 12:57 - 2011-08-29 12:19 - 00000000 ____D C:\Users\Maeco\AppData\Local\Google
2013-07-20 11:15 - 2013-07-20 11:15 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2013-07-20 11:15 - 2013-07-20 11:15 - 00000000 ____D C:\Users\DefaultAppPool
2013-07-20 08:43 - 2009-07-13 21:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 08:43 - 2009-07-13 21:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 21:42 - 2011-06-18 09:30 - 00000000 ____D C:\ProgramData\Google
2013-07-19 21:09 - 2009-07-13 22:13 - 00859094 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-19 21:03 - 2013-07-16 14:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-19 21:02 - 2011-08-29 12:17 - 00000000 ____D C:\Users\Maeco
2013-07-19 21:02 - 2011-06-18 09:33 - 00169987 _____ C:\windows\system32\fastboot.set
2013-07-19 21:01 - 2013-02-27 12:46 - 00011845 _____ C:\windows\setupact.log
2013-07-19 21:01 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-19 20:16 - 2013-07-19 18:09 - 00000000 ____D C:\Users\Secondary
2013-07-19 20:16 - 2013-07-19 17:56 - 00000000 ____D C:\ProgramData\PrintProjects
2013-07-19 20:16 - 2013-07-19 17:56 - 00000000 ____D C:\Program Files (x86)\PrintProjects
2013-07-19 20:16 - 2013-07-19 11:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 20:16 - 2013-07-19 11:45 - 00000000 ___SD C:\ComboFix
2013-07-19 20:16 - 2013-07-19 08:47 - 00000000 ____D C:\Users\Maeco\Desktop\RK_Quarantine
2013-07-19 20:16 - 2013-07-16 14:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-07-19 20:16 - 2013-07-11 13:10 - 00000000 ____D C:\Users\Maeco\AppData\Local\Eastman_Kodak_Company
2013-07-19 20:16 - 2013-07-11 13:01 - 00000000 ____D C:\Program Files (x86)\Kodak
2013-07-19 20:16 - 2013-07-05 17:06 - 00000000 ____D C:\Users\Maeco\Downloads\This.Is.The.End.2013.TS.READNFO.XViD-JUSTiCE
2013-07-19 20:16 - 2011-08-29 12:19 - 00000000 ____D C:\Users\Maeco\AppData\Local\BioExcess
2013-07-19 20:16 - 2011-06-18 09:29 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-19 20:16 - 2009-07-13 20:20 - 00000000 ____D C:\windows\registration
2013-07-19 20:15 - 2011-06-18 09:30 - 00000000 ____D C:\Program Files\Google
2013-07-19 18:02 - 2012-12-20 13:42 - 00000000 ____D C:\Users\Maeco\AppData\Local\CrashDumps
2013-07-19 17:56 - 2013-07-11 13:02 - 00000000 ____D C:\Users\Maeco\AppData\Local\Eastman Kodak Company
2013-07-19 17:48 - 2013-07-16 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 15:12 - 2013-07-19 13:57 - 00000000 ____D C:\Users\Administrator
2013-07-19 14:24 - 2013-03-15 13:27 - 00397312 ___SH C:\Users\Maeco\Documents\Thumbs.db
2013-07-19 14:24 - 2012-09-09 11:05 - 04814848 ___SH C:\Users\Maeco\Downloads\Thumbs.db
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\Users\Maeco\AppData\Local\Privatefirewall
2013-07-19 13:24 - 2013-07-19 13:24 - 00000000 ____D C:\ProgramData\Privacyware
2013-07-19 13:24 - 2013-07-19 13:24 - 00000000 ____D C:\Program Files (x86)\Privacyware
2013-07-19 11:59 - 2013-07-19 11:55 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-07-19 11:45 - 2013-07-19 08:57 - 00000000 ____D C:\windows\erdnt
2013-07-19 11:44 - 2012-05-03 12:58 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-19 11:44 - 2012-05-03 12:57 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 11:44 - 2011-09-05 21:43 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 11:43 - 2011-09-09 22:45 - 00000000 ____D C:\Users\Maeco\AppData\Local\Adobe
2013-07-19 11:35 - 2013-07-19 11:35 - 00001413 _____ C:\Users\Maeco\Desktop\Internet Explorer.lnk
2013-07-19 11:05 - 2013-07-19 11:05 - 00891062 _____ C:\Users\Maeco\Desktop\SecurityCheck (1).exe
2013-07-19 11:04 - 2013-07-19 11:04 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-19 11:03 - 2013-07-19 11:03 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-19 11:03 - 2011-06-18 09:13 - 00000000 ____D C:\ProgramData\Adobe
2013-07-19 10:54 - 2013-07-19 10:53 - 00891062 _____ C:\Users\Maeco\Desktop\SecurityCheck.exe
2013-07-19 09:53 - 2013-07-19 09:53 - 00000857 _____ C:\Users\Maeco\Desktop\µTorrent.lnk
2013-07-19 09:53 - 2013-07-19 09:53 - 00000837 _____ C:\Users\Maeco\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-19 09:52 - 2013-07-19 09:52 - 01129552 _____ (BitTorrent Inc.) C:\Users\Maeco\Desktop\utorrent.exe
2013-07-19 09:22 - 2013-07-19 09:22 - 00031186 _____ C:\ComboFix.txt
2013-07-19 09:22 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2013-07-19 09:21 - 2011-08-29 12:17 - 00000000 ___RD C:\Users\Maeco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-19 09:17 - 2009-07-13 19:34 - 00000215 _____ C:\windows\system.ini
2013-07-19 09:15 - 2010-11-20 20:47 - 01486232 _____ C:\windows\PFRO.log
2013-07-19 09:15 - 2009-07-13 19:34 - 79953920 _____ C:\windows\system32\config\SOFTWARE.bak
2013-07-19 09:15 - 2009-07-13 19:34 - 23855104 _____ C:\windows\system32\config\SYSTEM.bak
2013-07-19 09:15 - 2009-07-13 19:34 - 05242880 _____ C:\windows\system32\config\DEFAULT.bak
2013-07-19 09:15 - 2009-07-13 19:34 - 00262144 _____ C:\windows\system32\config\SECURITY.bak
2013-07-19 09:15 - 2009-07-13 19:34 - 00262144 _____ C:\windows\system32\config\SAM.bak
2013-07-19 09:14 - 2011-09-08 19:14 - 00000000 ____D C:\Users\Maeco\AppData\Roaming\SoftGrid Client
2013-07-19 09:01 - 2013-07-19 09:01 - 00002117 _____ C:\Users\Maeco\Desktop\Microsoft Security Essentials.lnk
2013-07-19 08:46 - 2013-07-19 08:46 - 03778560 _____ C:\Users\Maeco\Desktop\RogueKillerX64.exe
2013-07-17 09:06 - 2013-07-17 09:06 - 00688992 ____R (Swearware) C:\Users\Maeco\Desktop\dds.com
2013-07-17 08:56 - 2013-07-17 08:56 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-07-17 08:55 - 2013-07-17 08:54 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Maeco\Desktop\cbSetup.exe
2013-07-17 08:37 - 2013-07-17 08:37 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\Maeco\Desktop\JRT.exe
2013-07-17 08:37 - 2013-07-17 08:37 - 00000000 ____D C:\windows\ERUNT
2013-07-16 23:25 - 2013-07-16 23:25 - 00011093 _____ C:\AdwCleaner[S2].txt
2013-07-16 23:25 - 2013-07-16 23:25 - 00000292 _____ C:\windows\DeleteOnReboot.bat
2013-07-16 22:11 - 2013-07-16 22:11 - 00000324 _____ C:\AdwCleaner[S1].txt
2013-07-16 22:09 - 2013-07-16 22:09 - 00011024 _____ C:\AdwCleaner[R1].txt
2013-07-16 20:46 - 2013-07-16 20:46 - 00662345 _____ C:\Users\Maeco\Desktop\AdwCleaner.exe
2013-07-16 20:40 - 2013-07-16 20:40 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-16 20:36 - 2013-07-16 20:36 - 02347384 _____ (ESET) C:\Users\Maeco\Desktop\esetsmartinstaller_enu.exe
2013-07-16 20:35 - 2013-07-16 20:35 - 04745728 _____ (AVAST Software) C:\Users\Maeco\Desktop\aswMBR.exe
2013-07-16 20:35 - 2013-07-16 20:35 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Maeco\Desktop\tdsskiller.exe
2013-07-16 19:38 - 2013-07-16 19:38 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-07-16 19:38 - 2013-07-16 19:38 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-07-16 19:38 - 2013-07-16 19:38 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-07-16 19:38 - 2013-07-16 19:38 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-16 19:38 - 2013-04-01 20:50 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-07-16 19:38 - 2013-01-05 20:04 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-16 19:38 - 2012-03-18 14:05 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-07-16 19:37 - 2011-06-18 09:14 - 00000000 ____D C:\ProgramData\McAfee
2013-07-16 19:36 - 2013-07-16 19:50 - 00450026 ____R C:\windows\system32\Drivers\etc\hosts.20130716-195053.backup
2013-07-16 19:13 - 2013-07-16 19:13 - 00000000 ___HD C:\windows\msdownld.tmp
2013-07-16 19:13 - 2013-04-30 08:12 - 00014871 _____ C:\windows\IE10_main.log
2013-07-16 19:00 - 2011-09-06 22:13 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-16 18:41 - 2013-05-01 19:36 - 00002243 _____ C:\windows\epplauncher.mif
2013-07-16 18:11 - 2013-07-16 14:38 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-16 17:58 - 2013-07-16 14:38 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-16 17:58 - 2009-07-13 19:34 - 00450026 ____R C:\windows\system32\Drivers\etc\hosts.20130716-193621.backup
2013-07-16 17:39 - 2009-07-13 22:08 - 00032636 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-16 15:37 - 2009-07-13 19:34 - 00450026 ____R C:\windows\system32\Drivers\etc\hosts.20130716-175849.backup
2013-07-16 15:35 - 2013-07-16 15:37 - 00450026 ____R C:\windows\system32\Drivers\etc\hosts.20130716-153738.backup
2013-07-16 15:31 - 2013-07-16 15:31 - 00000545 _____ C:\windows\wininit.ini
2013-07-16 14:59 - 2012-05-22 09:52 - 00000000 ____D C:\Users\Maeco\AppData\Roaming\Music Editor Free
2013-07-16 14:49 - 2013-07-16 14:49 - 00001258 _____ C:\Users\Maeco\Desktop\Spybot - Search & Destroy.lnk
2013-07-16 14:45 - 2013-07-16 14:45 - 00000000 ____D C:\Users\Maeco\AppData\Roaming\Malwarebytes
2013-07-16 14:39 - 2013-07-16 14:39 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Maeco\Desktop\rkill.com
2013-07-16 14:39 - 2013-07-16 14:39 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-16 14:39 - 2013-07-16 14:39 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-16 14:39 - 2013-07-16 14:39 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-16 14:39 - 2013-07-16 14:39 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-16 14:39 - 2013-07-16 14:39 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-16 08:41 - 2012-05-24 19:52 - 00000424 _____ C:\windows\SysWOW64\OSSService.log
2013-07-15 23:34 - 2013-07-15 23:29 - 00000000 ____D C:\Program Files\office.tmp
2013-07-15 23:30 - 2011-06-18 09:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-15 23:14 - 2013-07-15 23:11 - 00000000 ____D C:\windows\system32\MRT
2013-07-15 22:42 - 2009-07-13 21:45 - 00460432 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-15 22:39 - 2012-05-15 11:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-15 22:39 - 2012-05-15 11:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-15 22:38 - 2011-02-22 04:42 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-15 22:34 - 2012-09-23 09:54 - 00003212 _____ C:\windows\System32\Tasks\0
2013-07-15 20:59 - 2013-05-05 21:06 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-15 20:31 - 2011-08-29 12:17 - 00000000 ____D C:\Users\Maeco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-07-15 20:31 - 2011-06-18 09:19 - 00000000 ____D C:\ProgramData\Port Locker
2013-07-15 20:30 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-15 20:21 - 2011-09-08 19:20 - 00000000 __RHD C:\MSOCache
2013-07-12 16:31 - 2012-09-13 09:36 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 16:31 - 2012-09-13 09:36 - 00003640 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 13:11 - 2013-07-11 13:11 - 00000000 ____D C:\ProgramData\Visan
2013-07-11 13:10 - 2013-07-11 13:10 - 00002156 _____ C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
2013-07-11 13:09 - 2013-07-11 13:01 - 00000000 ____D C:\windows\SysWOW64\kodak
2013-07-11 13:08 - 2013-07-11 13:08 - 00000000 ____D C:\windows\SysWOW64\spool
2013-07-11 13:07 - 2013-07-11 13:07 - 00000000 ____D C:\Users\Maeco\AppData\Roaming\KODAK AiO Home Center1040797609
2013-07-11 13:07 - 2013-07-11 13:02 - 00000926 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-07-11 13:06 - 2013-07-11 13:06 - 00000183 _____ C:\Users\Maeco\AppData\Local\LaunchHomeCenter.log
2013-07-11 13:01 - 2013-07-11 13:01 - 00000000 ____D C:\ProgramData\Apple
2013-07-11 13:01 - 2011-06-18 08:55 - 00024966 _____ C:\windows\DPINST.LOG
2013-07-11 12:51 - 2013-07-11 12:51 - 01452072 _____ (Eastman Kodak Company) C:\Users\Maeco\Downloads\aio_install.exe
2013-07-11 12:41 - 2012-12-14 18:38 - 00000000 ____D C:\ProgramData\FilesOpened
2013-07-11 12:39 - 2013-07-11 12:39 - 00003126 _____ C:\windows\System32\Tasks\{0B08BAD4-F06E-4D1C-818A-F77B38FB6C55}
2013-07-03 21:30 - 2012-09-23 11:31 - 00000000 ____D C:\Users\Maeco\AppData\Roaming\dvdcss
2013-06-24 00:57 - 2011-09-25 18:44 - 78277128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-23 00:59
 
==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2013
Ran by Maeco at 2013-07-23 11:12:24
Running from C:\Users\Maeco\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
µTorrent (HKCU Version: 3.3.1.29938)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
aioprnt (Version: 5.3.1.0)
aioprnt (x32 Version: 4.00.0000.0000)
aioscnnr (x32 Version: 4.00.0000.0000)
aioscnnr (x32 Version: 5.8.10.0)
aioscnnr (x32 Version: 7.6.13.10)
Atheros Client Installation Program (x32 Version: 7.0)
Best Buy pc app (Version: 3.2.0.0)
Best Buy pc app (x32 Version: 3.2.0.0)
BioExcess (Version: 7.0.67.0)
BioExcess (x32 Version: 7.0.67.0)
C4USelfUpdater (x32 Version: 1.00.0000)
center (x32 Version: 7.7.2.0)
Cobian Backup 11 Gravity (x32)
CyberLink YouCam (x32 Version: 3.1.3623)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Pro (x32 Version: 5.1.0.0333)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
dows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)
EgisTec ES603 WDM Driver (x32 Version: 3.0.10.4)
Energy Management (x32 Version: 6.0.2.1)
ESET Online Scanner v3 (x32)
essentials (x32 Version: 7.7.2.0)
Google Chrome (x32 Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2342)
Intel® Rapid Storage Technology (x32 Version: 10.1.5.1001)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java™ SE Development Kit 6 (x32 Version: 1.6.0.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kodak AIO Printer (Version: 7.7.2.0)
KODAK AiO Software (x32 Version: 7.7.6.0)
ksDIP (x32 Version: 3.20.0000.0000)
Lenovo EasyCamera (x32 Version: 2.16.23.3)
Lenovo EE Boot Optimizer (Version: 0.0.1.6)
Lenovo OneKey Recovery (Version: 7.0.1628)
Lenovo OneKey Recovery (x32 Version: 7.0.1628)
Lenovo Security Suite (x32 Version: 2.0.11.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
ocr (x32 Version: 6.2.3.50)
Port Locker (Version: 1.0.5.24)
Port Locker (x32 Version: 1.0.5.24)
PreReq (x32 Version: 6.2.4.0)
Quick PDF Reader (x32 Version: 0.1)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6282)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008)
Spybot - Search & Destroy (x32 Version: 1.6.2)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.2.7.0)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VeriFace (x32 Version: 4.0.0.1224)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
 
==================== Restore Points  =========================
 
19-07-2013 18:45:52 ComboFix created restore point
19-07-2013 20:22:24 Installed Privatefirewall 7.0
22-07-2013 02:00:57 Windows Backup
22-07-2013 15:55:11 Windows Modules Installer
23-07-2013 08:39:19 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2013-07-19 09:16 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1D9F5812-FD15-40B0-A2AA-1D24EEC278AD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {22D44395-6150-433A-8016-D1F953CC3DDA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {29E1CF4C-3E26-4F57-9BE6-E8551A5EFEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-13] (Google Inc.)
Task: {31F56CB4-3D7C-4F88-A1B6-BC7F58B55603} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-13] (Google Inc.)
Task: {332EDC76-540A-4955-B182-B3FC09DD4C2F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {46D12BB3-EED7-4AA1-928B-5518FB4F5B0D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe No File
Task: {771692D6-46E9-4474-8EFB-74AD7BE8F46A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-19] (Adobe Systems Incorporated)
Task: {7EE30260-49FD-4DF6-AE9C-880A84C8A14F} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {8FCC71FB-5419-4C9E-885B-C6B98934156C} - System32\Tasks\{56781CED-1A76-493C-A16E-A73A6EF27D10} => C:\Program Files (x86)\Lenovo\Boot Optimizer\fbset.exe [2011-06-18] (Lenovo )
Task: {91350DD9-20C8-4878-8037-2FD6F8547028} - System32\Tasks\User_Feed_Synchronization-{2DCC6369-0F0C-4133-A069-32B83C58149C} => C:\windows\system32\msfeedssync.exe [2013-04-30] (Microsoft Corporation)
Task: {973D1560-7D19-470F-A8E1-EDF181D675C7} - System32\Tasks\User_Feed_Synchronization-{76189926-97F1-4299-8CC1-6EADB82643D4} => C:\windows\system32\msfeedssync.exe [2013-04-30] (Microsoft Corporation)
Task: {A43AEB29-D381-4E75-8052-28F8EADD64B2} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe [2013-06-11] (Microsoft Corporation)
Task: {A74EBCBF-3F9C-4EB2-8D6F-270F1F0A9352} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3405609440-1181507218-652884111-1000
Task: {AD6D3EFE-3278-407B-A10C-05D56751E2D1} - System32\Tasks\{A2809B27-BD3A-43A6-813B-320A14FAB253} => C:\Program Files (x86)\Lenovo\Boot Optimizer\fbset.exe [2011-06-18] (Lenovo )
Task: {B35FBEF5-7166-41FD-A4E2-B63899CE05D3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {B5C80D69-062A-4797-B0B5-50358B6F7BAB} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe No File
Task: {BCF1A53A-7B7B-4E48-A4DF-4552C1919098} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {C0974DDB-7C45-4FC5-AAD6-C73BA5DC6444} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\advancedsystemprotector.exe No File
Task: {F5AE8FC2-0F97-4851-BBC2-FCE26A0FF889} - System32\Tasks\User_Feed_Synchronization-{4FF5F663-1D4E-4EC5-811A-8742E3F5E9A0} => C:\windows\system32\msfeedssync.exe [2013-04-30] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/22/2013 10:07:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (07/22/2013 10:06:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/22/2013 08:54:33 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
 
Error: (07/21/2013 08:07:07 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).
 
Error: (07/20/2013 02:32:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (07/20/2013 02:31:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/19/2013 09:03:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/19/2013 09:02:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2013 07:05:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2013 07:04:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (07/22/2013 06:21:33 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (07/22/2013 06:21:33 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (07/22/2013 06:21:32 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (07/22/2013 06:21:32 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (07/22/2013 06:21:33 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
 
Error: (07/22/2013 06:21:32 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
 
Error: (07/22/2013 04:49:06 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (07/22/2013 04:49:06 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (07/22/2013 04:49:06 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (07/22/2013 04:49:06 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
 
Microsoft Office Sessions:
=========================
Error: (07/22/2013 10:07:22 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (07/22/2013 10:06:30 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (07/22/2013 08:54:33 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101
 
Error: (07/21/2013 08:07:07 PM) (Source: Windows Backup)(User: )
Description: There is not enough free space on the backup storage location to back up the data. (0x80780048)
 
Error: (07/20/2013 02:32:54 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (07/20/2013 02:31:59 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (07/19/2013 09:03:27 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Maeco\Desktop\esetsmartinstaller_enu.exe
 
Error: (07/19/2013 09:02:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2013 07:05:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2013 07:04:09 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Maeco\Desktop\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-19 09:13:34.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-19 09:13:33.925
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 73%
Total physical RAM: 4010.17 MB
Available physical RAM: 1077.87 MB
Total Pagefile: 8018.53 MB
Available Pagefile: 4541.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:366.5 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:29 GB) (Free:21.37 GB) NTFS (Disk=0 Partition=4)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A3FDBA98)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
 
==================== End Of Log ============================


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 PM

Posted 24 July 2013 - 07:47 AM

Error: (07/22/2013 08:54:33 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (07/21/2013 08:07:07 PM) (Source: Windows Backup)(User: )
Description: There is not enough free space on the backup storage location to back up the data. (0x80780048)

How much free space do you have on this hard drive.
There seems to be a lack of it and these services are not working correctly.
I would suggest you transfer some important files, pictures to a CD or Flash drive.

Remove these programs using the Add/Remove Programs list.
µTorrent (HKCU Version: 3.3.1.29938)
Best Buy pc app (Version: 3.2.0.0)
Best Buy pc app (x32 Version: 3.2.0.0)

===
 

HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)

The filename should be msseces.exe which is the good file for your Microsoft Security Essentials.

We will remove it with the Farbar tool.

Open Notepad and paste the following in it.

HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Maeco\AppData\Local\Temp\crx13E.tmp
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Maeco\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx


Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

If Microsoft Security Essentials shows any sign of not wroking properly, reinstall the application.

Please let me know what problem persists.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 PM

Posted 30 July 2013 - 10:53 AM

Are you still with me?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 PM

Posted 05 August 2013 - 09:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users