Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ewuds.exe? wow64 wierd problem? or am i paranoid?


  • This topic is locked This topic is locked
34 replies to this topic

#1 aljaxon

aljaxon

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 18 July 2013 - 01:52 PM

I mistakenly clicked on a file i'd downloaded thinking it was an avi but it was an exe.
none of my security tools found anything wrong - mse or malwarebytes (which wouldn't run unless I changed its name to a bat and even then It didn't find anything. superantispyware  didn't but Trojan killer gridnsoft or summat found 2 things (aside from all my cookies) but wouldn't delete them as it was an evaluation.
anyway I deleted them manually, it was exuds.exe in roaming/nuuds sorry for vagueness or spelling
 
I ran rkill and aswMBR.exe and tdskiller and then finally this morning I ran combofix.
I have never posted on forums like this instead I have always wiped the hard drive and reinstalled.
I realise I should have posted on here first before running combofix but anyway here goes here is the log.
I have xp on another drive and can switch to that and wipe this win7 os if need be but here is the log
thanks for anyhelp
the only symptom I get it windows takes ages to start up and I just know summat is wrong.
 
 
ComboFix 13-07-16.01 - dadspc7 18/07/2013   7:21.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4095.2374 [GMT 1:00]
Running from: y:\software\antivirus spyware\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
c:\programdata\1937333695
c:\users\dadspc7\AppData\Local\Microsoft\Windows\Temporary Internet Files\{33E79409-DAE3-48BB-953D-6CEE7E04F8D8}.xps
H:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-18 to 2013-07-18  )))))))))))))))))))))))))))))))
.
.
2013-07-18 06:26 . 2013-07-18 06:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-18 05:39 . 2013-07-18 05:41 -------- d-----w- c:\windows\system32\MRT
2013-07-18 05:04 . 2013-07-18 05:04 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88A45BD6-0517-49B8-A065-BF3777963D82}\offreg.dll
2013-07-18 00:38 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88A45BD6-0517-49B8-A065-BF3777963D82}\mpengine.dll
2013-07-17 07:00 . 2013-07-17 06:59 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92C4A8FB-783C-4339-9BA1-F834CAFDB8A2}\gapaengine.dll
2013-07-17 07:00 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-17 06:29 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-17 06:29 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-17 06:29 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-17 06:29 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-17 06:29 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-17 06:29 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-17 06:29 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-17 06:29 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-17 06:29 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-17 06:29 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-17 06:29 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-17 06:28 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-17 06:28 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-17 06:28 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-17 06:28 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-17 06:28 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-17 06:28 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-17 06:28 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-17 06:28 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-14 16:37 . 2013-07-14 16:37 16640 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2013-07-13 16:26 . 2013-07-13 16:26 -------- d-----w- c:\users\dadspc7\AppData\Roaming\SUPERAntiSpyware.com
2013-07-13 16:25 . 2013-07-13 17:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-13 16:25 . 2013-07-13 16:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-10 01:56 . 2013-07-17 20:39 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-07-10 01:39 . 2013-07-10 02:45 -------- d-----w- c:\users\dadspc7\AppData\Roaming\nuuds
2013-06-28 03:56 . 2013-06-28 03:56 -------- d-----w- c:\users\dadspc7\AppData\Local\SCE
2013-06-28 03:54 . 2013-06-28 03:54 -------- d-----w- c:\users\Public\Sony Online Entertainment
2013-06-26 16:52 . 2013-06-26 16:52 -------- d-----w- c:\program files\iPod
2013-06-26 16:52 . 2013-06-26 16:53 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 16:52 . 2013-06-26 16:53 -------- d-----w- c:\program files\iTunes
2013-06-26 16:52 . 2013-06-26 16:53 -------- d-----w- c:\program files (x86)\iTunes
2013-06-23 21:40 . 2013-06-23 21:40 -------- d-----w- C:\Pipe_Dsn
2013-06-23 21:39 . 2013-06-23 21:39 286720 ------w- c:\windows\Setup1.exe
2013-06-23 21:39 . 2013-06-23 21:39 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-06-18 20:50 . 2013-06-18 20:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 23:57 . 2011-04-30 10:52 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-20 22:51 . 2011-05-20 16:45 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-18 20:50 . 2010-10-24 20:25 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-12 02:53 . 2012-10-01 07:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 02:53 . 2011-10-22 06:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-18 03:22 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-16 08:00 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-16 08:00 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-16 08:00 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-16 08:00 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-16 08:00 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-16 08:00 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-16 08:00 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-16 08:00 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-16 08:00 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-16 08:00 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 07:57 . 2013-05-10 07:57 27208 ----a-w- c:\windows\system32\AdobePDFUI.dll
2013-05-10 07:57 . 2013-05-10 07:57 55872 ----a-w- c:\windows\system32\AdobePDF.dll
2013-05-10 05:49 . 2013-06-16 08:00 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-16 08:00 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-16 08:00 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2011-04-30 06:38 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-28 20:46 . 2013-04-28 20:46 715038 ----a-w- c:\windows\unins001.exe
2013-04-26 05:51 . 2013-06-16 08:00 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-16 08:00 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-16 07:59 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-19 22:13 505344 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ProgLauncher"="c:\program files (x86)\ProgDVB\ProgLauncher.exe" [2013-04-29 372136]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-06-21 1093464]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-13 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gtkdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/04/30 17:41];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tbs8920vhid;TBS 8920 VHID Driver;c:\windows\system32\drivers\tbs8920vhid.sys;c:\windows\SYSNATIVE\drivers\tbs8920vhid.sys [x]
S3 TBSCARD;%TBSCard.DVBSDesc%;c:\windows\system32\drivers\tbscards2.sys;c:\windows\SYSNATIVE\drivers\tbscards2.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 16:53 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 02:53]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 18:36]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 18:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-19 22:14 629248 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-08-19 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: garmin.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ewuds.exe - c:\users\dadspc7\AppData\Roaming\nuuds\ewuds.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\dadspc7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-2830257517.go.sky.com - c:\program files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-18  07:30:08
ComboFix-quarantined-files.txt  2013-07-18 06:30
.
Pre-Run: 42,352,734,208 bytes free
Post-Run: 42,742,280,192 bytes free
.
- - End Of File - - 1847D1C2D5B0742FB024CB67126B9B2F
8F558EB6672622401DA993E1E865C861

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:20 PM

Posted 20 July 2013 - 07:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 aljaxon

aljaxon
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 22 July 2013 - 02:34 AM

thanks for reply here is log

# AdwCleaner v2.306 - Logfile created 07/22/2013 at 08:26:49
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : dadspc7 - DADSPC7-PC
# Boot Mode : Normal
# Running from : C:\Users\dadspc7\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\Wondershare
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Users\dadspc7\AppData\Local\Wondershare

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\dadspc7\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1147 octets] - [22/07/2013 08:26:09]
AdwCleaner[S1].txt - [1088 octets] - [22/07/2013 08:26:49]

########## EOF - C:\AdwCleaner[S1].txt - [1148 octets] ##########


just ran it again and I am clean.
will follow next step

#4 aljaxon

aljaxon
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 22 July 2013 - 02:41 AM

here is jrt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.0 (07.21.2013:1)
OS: Windows 7 Home Premium x64
Ran by dadspc7 on 22/07/2013 at 8:36:09.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{0E727DF9-96F2-45F5-842D-3B1B366A5BC2}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{0F37B60B-E58F-47A6-B5C4-9D709128E468}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{27BE210B-0B60-4083-B86F-54798E04233E}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{294C5C74-31F4-4104-841D-FA4563775C1E}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{40F4EB9B-20A9-412F-8D13-86A99902CB8D}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{41192232-EEB7-480D-B2A0-6C9B0ACA179C}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{42C611E8-F08C-45DB-B542-0BB217BF0647}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{43C2711E-3D9B-41BB-B37D-587540A91EEE}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{5A14EFFE-C5D0-462F-BD91-C0D00E157E26}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{5B767C21-4527-4408-A9D8-D6334AB9F529}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{70E391F1-6DA0-41E0-9A41-D4B3236D9B00}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{757D1C9F-7DAF-4FC4-B43C-F26AE08B8A83}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{8107D05E-2F60-407E-B40E-4EA95B5EF37B}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{8AADEB80-F60D-44E7-8799-01C31B8C2365}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{97702F10-07EA-4D82-8E07-8AF4FE28B9D7}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{BD1E099D-1B59-4955-BB03-281B0A94409F}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{C12E1CD1-EA01-4DE6-A193-6D5D028ADA07}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{C444EAE1-3392-4063-A046-611D7268BF60}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{DFEE75F9-6396-444B-A2F7-01E2B7982A25}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{EDA787A3-C536-4EA4-9E44-34766FE4817A}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{F744E3B3-428C-46F9-86FE-FA4AFFD1F9AC}
Successfully deleted: [Empty Folder] C:\Users\dadspc7\appdata\local\{FAC72F0D-B424-4D92-B46C-70DC1B713E8F}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/07/2013 at 8:40:05.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5 aljaxon

aljaxon
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 22 July 2013 - 02:48 AM

here is dds txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by dadspc7 at 8:45:23 on 2013-07-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2590 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ProgDVB\ProgLauncher.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\KMService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ProgLauncher] C:\Program Files (x86)\ProgDVB\ProgLauncher.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: garmin.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E9D51D86-9639-48AE-B529-699745A6C0A0} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-30 55856]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/04/30 17:41:57];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-4-30 148976]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-4-30 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-4-30 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-4-30 312616]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-4-30 75248]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-2-24 78336]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-2-24 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 tbs8920vhid;TBS 8920 VHID Driver;C:\Windows\System32\drivers\Tbs8920vhid.sys [2011-10-22 24528]
R3 TBSCARD;%TBSCard.DVBSDesc%;C:\Windows\System32\drivers\Tbscards2.sys [2011-10-22 281936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-6-21 219992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-5-13 1436424]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-9-16 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-9-16 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-8 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\System32\drivers\gtkdrv.sys [2013-7-14 16640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-8 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-30 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-07-22 07:36:07 -------- d-----w- C:\Windows\ERUNT
2013-07-21 23:29:53 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B63EC826-59EC-4AAC-84D5-816CD82FA73A}\mpengine.dll
2013-07-20 18:31:49 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-20 11:02:57 129536 ----a-w- C:\Windows\System32\E_ILM9IA.DLL
2013-07-20 11:02:55 86528 ----a-w- C:\Windows\System32\E_IBCB9IA.DLL
2013-07-20 11:02:47 -------- d-----w- C:\ProgramData\EPSON
2013-07-19 02:11:16 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-18 06:19:45 98816 ----a-w- C:\Windows\sed.exe
2013-07-18 06:19:45 256000 ----a-w- C:\Windows\PEV.exe
2013-07-18 06:19:45 208896 ----a-w- C:\Windows\MBR.exe
2013-07-18 05:39:45 -------- d-----w- C:\Windows\System32\MRT
2013-07-17 07:00:14 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92C4A8FB-783C-4339-9BA1-F834CAFDB8A2}\gapaengine.dll
2013-07-17 06:29:06 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-17 06:29:06 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-17 06:29:06 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-17 06:29:06 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-17 06:29:05 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-17 06:29:05 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-17 06:29:05 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-17 06:29:01 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-17 06:29:01 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-17 06:29:00 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-17 06:29:00 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-17 06:28:59 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-17 06:28:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-17 06:28:59 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-17 06:28:58 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-17 06:28:58 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-17 06:28:57 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-17 06:28:20 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-17 06:28:20 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-14 16:37:48 16640 ----a-w- C:\Windows\System32\drivers\gtkdrv.sys
2013-07-13 16:26:05 -------- d-----w- C:\Users\dadspc7\AppData\Roaming\SUPERAntiSpyware.com
2013-07-13 16:25:51 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-07-13 16:25:51 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-07-10 01:56:43 -------- d-----w- C:\Program Files\GridinSoft Trojan Killer
2013-07-10 01:39:45 -------- d-----w- C:\Users\dadspc7\AppData\Roaming\nuuds
2013-06-28 03:56:31 -------- d-----w- C:\Users\dadspc7\AppData\Local\SCE
2013-06-26 16:52:59 -------- d-----w- C:\Program Files\iPod
2013-06-26 16:52:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 16:52:58 -------- d-----w- C:\Program Files\iTunes
2013-06-26 16:52:58 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-23 21:40:05 -------- d-----w- C:\Pipe_Dsn
2013-06-23 21:39:55 286720 ------w- C:\Windows\Setup1.exe
2013-06-23 21:39:54 73216 ----a-w- C:\Windows\ST6UNST.EXE
.
==================== Find3M ====================
.
2013-06-18 20:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 20:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-12 02:53:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 02:53:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 07:57:38 27208 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2013-05-10 07:57:34 55872 ----a-w- C:\Windows\System32\AdobePDF.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-09 11:40:23 0 ----a-w- C:\Windows\ativpsrm.bin
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-28 20:46:23 715038 ----a-w- C:\Windows\unins001.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 8:45:53.83 ===============

#6 aljaxon

aljaxon
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 22 July 2013 - 02:58 AM

Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
MH JavaPipe
Java version out of Date!
Adobe Flash Player 11.7.700.224
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#7 aljaxon

aljaxon
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 22 July 2013 - 03:11 AM

on restarting computer once at desktop it takes 30 seconds for the network to connect.
and when I click internet explorer with google as my home page I get a blank window for 5 seconds. but its not a problem just weird.

after that it opens immediately.

my original infection ewuds.exe I cant find any reference to this on google?
what does it do?

Edited by aljaxon, 22 July 2013 - 03:17 AM.


#8 aljaxon

aljaxon
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 22 July 2013 - 03:17 AM

on startup it seems to take ages to settle down with things loading up etc.
this might be normal but it just feels weird.
thanks for help and I look forward to your recommendations

Edited by aljaxon, 22 July 2013 - 03:17 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:20 PM

Posted 22 July 2013 - 06:56 AM

my original infection ewuds.exe I cant find any reference to this on google?


Unless you have this file in your Recycle bin we cannot get it analyzed.
===

In Internet Explorer try this.

Open the Tools menu > Internet Options > Advanced tab
In the botton reset the Internet Explorer settings.
Click the Apply button if required and restart the computer normally.

Any change?

===

When using Chrome do you have any issues?

#10 aljaxon

aljaxon
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 23 July 2013 - 11:41 AM

on xp I got fed up of ie reporting there was a problem with this tab and it has been recovered or summat like that.
on win 7 I got no such problems
but now on some sites such as ebay I am always getting "trying to recover this website" or summat.
I reset settings and its the same
I got the chance to manage add ons but only had the choiuce of one or two and didn't enable them.

what is the name of the virus/Trojan or infection I have had and what does it do?
it seems to be something to do with wow wondershare?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:20 PM

Posted 23 July 2013 - 12:24 PM

Try this. If the problem persists run the two tools below.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/

Lets see what these tool will find.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#12 aljaxon

aljaxon
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 23 July 2013 - 12:48 PM

done that here is the report

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dadspc7 [Admin rights]
Mode : Remove -- Date : 07/23/2013 18:43:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> E:\windows\system32\config\SYSTEM
 C:\WINDOWS\system32
 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> E:\windows\system32\config\SOFTWARE
 C:\WINDOWS\system32
 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> E:\windows\system32\config\SECURITY
 C:\WINDOWS\system32
 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> E:\windows\system32\config\SAM
 C:\WINDOWS\system32
 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> E:\windows\system32\config\DEFAULT
 C:\WINDOWS\system32
 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> E:\Documents and Settings\Administrator\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> E:\Documents and Settings\alan\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\alan\Start Menu\Programs\Startup
-> E:\Documents and Settings\Default User\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> E:\Documents and Settings\LocalService\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\LocalService\Start Menu\Programs\Startup
-> E:\Documents and Settings\NetworkService\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup
-> F:\Documents and Settings\Administrator\NTUSER.DAT
 
 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> F:\Documents and Settings\alan\NTUSER.DAT
 
 C:\Documents and Settings\alan\Start Menu\Programs\Startup
-> F:\Documents and Settings\Default User\NTUSER.DAT
 
 C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> F:\Documents and Settings\LocalService\NTUSER.DAT
 
 C:\Documents and Settings\LocalService\Start Menu\Programs\Startup
-> F:\Documents and Settings\NetworkService\NTUSER.DAT
 
 C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] 302cd934b667a429cc75de06a6efb6f1
[BSP] 10b5c3fdb721c64408afe47c7b1ccb4e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 120001 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245762370 | Size: 597723 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1469899305 | Size: 595001 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2688461685 | Size: 595001 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] 93a21ccf7578ca7d0849776e9f7ca2a7
[BSP] 1a8045bc3dc4e50644b7d7ab88a97a72 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 115718 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 237197312 | Size: 443868 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1146243009 | Size: 394179 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] f0aa3e3daeb4406c3ad74bfb087a2b24
[BSP] 052aca8aeb882b05e897a3ff207f4ca5 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1107727 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2268626944 | Size: 799999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] cf11f0e82d4e6eab8ec5049a8282f889
[BSP] 03a45fa850b319d7dec245dd9620c600 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 499999 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1023999165 | Size: 499999 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2047998330 | Size: 430797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07232013_184324.txt >>
RKreport[0]_S_07232013_184238.txt

 

just gonna run farbar now



#13 aljaxon

aljaxon
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 23 July 2013 - 12:53 PM

Attached File  Addition.txt   32.4KB   1 downloadshere is report

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by dadspc7 (administrator) on 23-07-2013 18:49:04
Running from C:\Users\dadspc7\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\ProgDVB\ProgLauncher.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
() C:\Windows\SysWOW64\srvany.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Windows\KMService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-08-19] (IvoSoft)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [ProgLauncher] - C:\Program Files (x86)\ProgDVB\ProgLauncher.exe [372136 2013-04-29] ()
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-06-21] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-07-13] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-07-27] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [RemoteControl11] - "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [234792 2011-04-20] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] - "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113296 2010-03-30] (NEC Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe_ID0EYTHM] - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
StartMenuInternet: IEXPLORE.EXE - c:\program files\interne
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\dadspc7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\dadspc7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\dadspc7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\dadspc7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\dadspc7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\dadspc7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-20] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219992 2013-06-21] (Garmin Ltd or its subsidiaries)
R2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S3 CSRBC; C:\Windows\System32\Drivers\rider64.sys [38400 2012-01-31] (CSR plc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 ntk_PowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [75248 2011-04-20] (Cyberlink Corp.)
R2 ntk_PowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [75248 2011-04-20] (Cyberlink Corp.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tbs8920vhid; C:\Windows\System32\drivers\tbs8920vhid.sys [24528 2011-12-21] (Turbosight Ltd. www.tbsdtv.com)
R3 TBSCARD; C:\Windows\System32\drivers\tbscards2.sys [281936 2011-12-21] (TBS )
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-07-14] (Windows ® Win 7 DDK provider)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink Corp.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 18:48 - 2013-07-23 18:48 - 00000000 ____D C:\FRST
2013-07-23 18:46 - 2013-07-23 18:47 - 01779757 _____ (Farbar) C:\Users\dadspc7\Desktop\FRST64.exe
2013-07-23 18:43 - 2013-07-23 18:43 - 00005614 _____ C:\Users\dadspc7\Desktop\RKreport[0]_D_07232013_184324.txt
2013-07-23 18:42 - 2013-07-23 18:42 - 00005501 _____ C:\Users\dadspc7\Desktop\RKreport[0]_S_07232013_184238.txt
2013-07-23 18:40 - 2013-07-23 18:48 - 00000000 ____D C:\Users\dadspc7\Desktop\RK_Quarantine
2013-07-23 18:35 - 2013-07-23 18:35 - 03778560 _____ C:\Users\dadspc7\Desktop\RogueKillerX64.exe
2013-07-23 14:29 - 2013-07-23 14:29 - 00000252 _____ C:\Users\dadspc7\Desktop\jobs july 2013.txt
2013-07-23 03:47 - 2013-07-23 03:47 - 00326054 _____ C:\Users\dadspc7\Downloads\massage (2).nzb
2013-07-23 03:28 - 2013-07-23 03:28 - 00000623 _____ C:\Users\dadspc7\Downloads\[isoHunt] Adobe_CS5_Activator.5529933.TPB.torrent
2013-07-23 03:19 - 2013-07-23 03:19 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\MainConcept
2013-07-23 03:18 - 2013-07-23 03:18 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MainConcept
2013-07-23 03:13 - 2013-07-23 03:13 - 00002180 _____ C:\Users\Public\Desktop\MainConcept MPEG Pro Toolbox.lnk
2013-07-23 03:02 - 2013-07-23 03:02 - 00265525 _____ C:\Users\dadspc7\Downloads\[isoHunt] Adobe CS5.5 Master Collection [Multi] (With Crack).torrent
2013-07-23 03:00 - 2013-07-23 03:00 - 00001229 _____ C:\Users\dadspc7\Downloads\[isoHunt] ADOBE.CS5.5.MASTER.COLLECTION.KEYGEN.UPDATE.WIN.OSX-XFORCE.6581481.TPB.torrent
2013-07-23 02:34 - 2013-07-23 02:34 - 00000000 ____D C:\ProgramData\Minnetonka Audio Software
2013-07-22 22:58 - 2013-07-22 22:58 - 00000000 ____D C:\ProgramData\ALM
2013-07-22 22:48 - 2013-07-22 22:48 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-22 22:47 - 2013-07-22 22:47 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2013-07-22 22:44 - 2007-02-20 16:04 - 02463976 _____ C:\Windows\SysWOW64\NPSWF32.dll
2013-07-22 22:44 - 2007-02-20 16:04 - 00190696 _____ (Adobe Systems, Inc.) C:\Windows\SysWOW64\NPSWF32_FlashUtil.exe
2013-07-22 22:40 - 2013-07-22 22:40 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-07-22 21:46 - 2013-07-22 21:47 - 00000000 ____D C:\Windows\system32\Drivers\etc\New folder
2013-07-22 21:03 - 2013-07-22 21:03 - 00000029 _____ C:\Users\dadspc7\Desktop\cs5.5 serial.txt
2013-07-22 16:07 - 2013-07-22 11:54 - 00090063 _____ C:\Users\dadspc7\Documents\platefinal.bak
2013-07-22 12:24 - 2013-07-22 12:24 - 00000249 _____ C:\Users\dadspc7\Downloads\Reset_and_Clear_Print_Spooler_Queue.bat
2013-07-22 11:56 - 2013-07-22 11:56 - 00005670 _____ C:\Users\dadspc7\Documents\platefinal.dwf
2013-07-22 11:54 - 2013-07-22 16:07 - 00104458 _____ C:\Users\dadspc7\Documents\platefinal.dwg
2013-07-22 11:51 - 2013-07-22 11:51 - 00000000 ____D C:\autocad
2013-07-22 11:50 - 2013-07-22 11:50 - 00000000 ____D C:\Users\dadspc7\IGC
2013-07-22 11:50 - 2013-07-22 11:50 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\IGC
2013-07-22 11:48 - 2013-07-22 11:48 - 00001766 _____ C:\Users\Public\Desktop\Free DWG Viewer.lnk
2013-07-22 11:48 - 2013-07-22 11:48 - 00000000 ____D C:\Program Files (x86)\IGC
2013-07-22 11:47 - 2013-07-22 11:47 - 00003020 _____ C:\Windows\System32\Tasks\{E56A03C4-2164-437E-820C-4ED8CF8244ED}
2013-07-22 11:46 - 2013-07-22 11:46 - 00003020 _____ C:\Windows\System32\Tasks\{F79DDC52-46B7-4B65-A095-1B0AA9340D24}
2013-07-22 11:43 - 2013-07-22 11:43 - 00005663 _____ C:\Users\dadspc7\Documents\plate4a.dwf
2013-07-22 11:32 - 2013-07-22 11:33 - 60282483 _____ (Acresso Software Inc. ) C:\Users\dadspc7\Downloads\FreeDWGViewer (1).exe
2013-07-22 10:19 - 2013-07-22 10:19 - 00005675 _____ C:\Users\dadspc7\Documents\plate4.dwf
2013-07-22 10:16 - 2013-07-22 10:16 - 02649792 _____ (Autodesk, Inc.) C:\Users\dadspc7\Downloads\ExpressViewerSetup_CSY.exe
2013-07-22 09:36 - 2013-07-22 10:20 - 00377815 _____ C:\Users\dadspc7\Documents\plate4.dxf
2013-07-22 09:21 - 2013-07-22 10:20 - 00075115 _____ C:\Users\dadspc7\Documents\plate4a.dwg
2013-07-22 09:21 - 2013-07-22 09:36 - 00377071 _____ C:\Users\dadspc7\Documents\plate4.bak
2013-07-22 09:21 - 2013-07-22 09:32 - 00074772 _____ C:\Users\dadspc7\Documents\plate4.dwg
2013-07-22 09:18 - 2013-07-22 09:18 - 00000973 _____ C:\AdwCleaner[R3].txt
2013-07-22 08:36 - 2013-07-22 08:36 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 08:33 - 2013-07-22 08:33 - 00000914 _____ C:\AdwCleaner[R2].txt
2013-07-22 08:26 - 2013-07-22 08:27 - 00001217 _____ C:\AdwCleaner[S1].txt
2013-07-22 08:26 - 2013-07-22 08:26 - 00001147 _____ C:\AdwCleaner[R1].txt
2013-07-22 08:18 - 2013-07-22 08:19 - 43479392 _____ (GridinSoft LLC) C:\Users\dadspc7\Downloads\gtk-2.1.7.6-setup.exe
2013-07-20 12:23 - 2013-07-20 19:05 - 00093853 _____ C:\Users\dadspc7\Documents\plate3.dwg
2013-07-20 12:12 - 2013-07-22 13:46 - 00002685 _____ C:\Users\dadspc7\Documents\plot.log
2013-07-20 12:02 - 2013-07-20 12:08 - 00000000 ____D C:\ProgramData\EPSON
2013-07-20 12:02 - 2006-12-08 02:04 - 00129536 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILM9IA.DLL
2013-07-20 12:02 - 2006-04-19 02:00 - 00086528 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCB9IA.DLL
2013-07-20 12:01 - 2013-07-20 12:02 - 08595744 _____ C:\Users\dadspc7\Downloads\epson15194.exe
2013-07-20 11:22 - 2013-07-22 10:12 - 00010752 ___SH C:\Users\dadspc7\Documents\Thumbs.db
2013-07-20 11:14 - 2013-07-20 11:19 - 222364016 _____ C:\Users\dadspc7\Downloads\SetupDWGTrueView2012_32bit.exe
2013-07-20 11:14 - 2013-07-20 11:17 - 63104600 _____ (Acresso Software Inc. ) C:\Users\dadspc7\Downloads\freedwgviewer.exe
2013-07-20 07:45 - 2013-07-20 07:45 - 00000033 _____ C:\Users\dadspc7\Desktop\chris car.txt
2013-07-18 23:08 - 2013-07-18 23:08 - 00014773 _____ C:\Users\dadspc7\Downloads\Baseline [2010] DvDrip MXMG-[rarbg.com].torrent
2013-07-18 22:50 - 2013-07-18 22:50 - 00014747 _____ C:\Users\dadspc7\Downloads\[isoHunt] Baseline [2010] DvDrip MXMG.torrent
2013-07-18 21:29 - 2013-07-18 22:19 - 00071643 _____ C:\Users\dadspc7\Documents\plate.bak
2013-07-18 21:13 - 2013-07-20 19:03 - 00093853 _____ C:\Users\dadspc7\Documents\plate2.dwg
2013-07-18 21:13 - 2013-07-20 17:25 - 00088110 _____ C:\Users\dadspc7\Documents\plate2.bak
2013-07-18 21:13 - 2013-07-18 22:31 - 00080856 _____ C:\Users\dadspc7\Documents\plate.dwg
2013-07-18 07:30 - 2013-07-18 07:30 - 00023662 _____ C:\ComboFix.txt
2013-07-18 07:19 - 2013-07-18 07:30 - 00000000 ____D C:\Qoobox
2013-07-18 07:19 - 2013-07-18 07:28 - 00000000 ____D C:\Windows\erdnt
2013-07-18 07:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-18 07:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-18 07:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-18 07:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-18 07:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-18 07:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-18 07:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-18 07:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-18 07:15 - 2013-07-18 07:17 - 00002954 _____ C:\Users\dadspc7\Desktop\Rkill.txt
2013-07-18 07:15 - 2013-07-18 07:15 - 00000000 ____D C:\Users\dadspc7\Desktop\rkill
2013-07-18 07:12 - 2013-07-18 07:12 - 00280072 _____ C:\Windows\Minidump\071813-56799-01.dmp
2013-07-18 07:12 - 2013-07-18 07:12 - 00000000 ____D C:\Windows\Minidump
2013-07-18 07:11 - 2013-07-18 07:11 - 858998660 _____ C:\Windows\MEMORY.DMP
2013-07-18 06:39 - 2013-07-18 06:41 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 07:36 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-17 07:36 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-17 07:36 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-17 07:36 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-17 07:36 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-17 07:36 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-17 07:36 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-17 07:36 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-17 07:36 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-17 07:36 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-17 07:36 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-17 07:36 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-17 07:36 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-17 07:36 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-17 07:36 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-17 07:36 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-17 07:36 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-17 07:36 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-17 07:36 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-17 07:36 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-17 07:36 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-17 07:36 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-17 07:36 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-17 07:36 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-17 07:36 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-17 07:36 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-17 07:36 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-17 07:36 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-17 07:36 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-17 07:36 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-17 07:36 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-17 07:29 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-17 07:29 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-17 07:28 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-17 07:28 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-17 07:28 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-17 07:28 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-17 07:28 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-15 08:57 - 2013-07-15 08:57 - 00028435 _____ C:\Users\dadspc7\Downloads\[isoHunt] The Dreamers - NC-17 Uncut [GeneGeter.com].torrent
2013-07-15 08:33 - 2013-07-15 08:33 - 00028915 _____ C:\Users\dadspc7\Downloads\[isoHunt] Intimacy.Patrice.Chereau.2001.torrent
2013-07-15 00:30 - 2013-07-15 00:30 - 00504563 _____ C:\Users\dadspc7\Downloads\massage (1).nzb
2013-07-15 00:30 - 2013-07-15 00:30 - 00315957 _____ C:\Users\dadspc7\Downloads\massage.nzb
2013-07-15 00:26 - 2013-07-15 00:26 - 00658722 _____ C:\Users\dadspc7\Downloads\69352-A Good Night to Die 2003.nzb
2013-07-15 00:23 - 2013-07-15 00:24 - 00030673 _____ C:\Users\dadspc7\Downloads\[isoHunt] A Good Night To Die.torrent
2013-07-14 17:37 - 2013-07-14 17:37 - 00016640 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2013-07-13 20:16 - 2013-07-13 20:16 - 00440483 _____ C:\Users\dadspc7\Downloads\5110cc1c69cb932c11d3dc4b.nzb
2013-07-13 17:26 - 2013-07-13 17:26 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\SUPERAntiSpyware.com
2013-07-13 17:25 - 2013-07-13 18:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-13 17:25 - 2013-07-13 17:25 - 00001813 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-13 17:25 - 2013-07-13 17:25 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-10 02:56 - 2013-07-18 19:44 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-07-10 02:56 - 2013-07-17 21:38 - 00000949 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-07-10 02:47 - 2013-07-10 02:47 - 00002990 _____ C:\Windows\System32\Tasks\{A2DC1B97-7319-4833-90EA-35DD1B89B7D7}
2013-07-10 02:47 - 2013-07-10 02:47 - 00002990 _____ C:\Windows\System32\Tasks\{416368C9-A4F1-4281-9A5B-D464BEFF1B9A}
2013-07-10 02:39 - 2013-07-10 03:45 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\nuuds
2013-07-10 02:15 - 2013-07-10 02:15 - 00661897 _____ C:\Users\dadspc7\Downloads\A Good Night to Die .nzb
2013-07-09 07:01 - 2013-07-09 07:01 - 00109673 _____ C:\Users\dadspc7\Downloads\Ginta_My_First_Massage_Experience_HD.nzb
2013-07-05 22:17 - 2013-07-05 22:12 - 04697448 _____ (Garmin International) C:\Users\dadspc7\Downloads\GarminMapUpdater.exe
2013-07-04 07:05 - 2013-07-04 07:05 - 00001485 _____ C:\Users\dadspc7\Desktop\The Heavy[2010]DvDrip[Eng]-FXG.avi - Shortcut.lnk
2013-07-01 05:21 - 2013-07-01 05:21 - 00000000 ____D C:\Users\dadspc7\Downloads\N.C
2013-06-30 02:55 - 2013-06-30 02:55 - 00147573 _____ C:\Users\dadspc7\Downloads\39_Natalia_Starr_-_PornPros__Massage_Creep_-_Back_For_More.nzb
2013-06-29 22:29 - 2013-06-29 22:29 - 00071033 _____ C:\Users\dadspc7\Downloads\[isoHunt] [18+]Friend of The Family [1995][DvDrip][Uncut][Unrated][Dual Audio][Hindi+English][OIGXR][BPS].torrent
2013-06-28 04:56 - 2013-06-28 04:56 - 00000000 ____D C:\Users\dadspc7\AppData\Local\SCE
2013-06-28 04:55 - 2013-06-28 04:55 - 00000592 _____ C:\Users\dadspc7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk
2013-06-28 04:54 - 2013-06-28 04:54 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-06-26 17:53 - 2013-06-26 17:53 - 00001788 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-26 17:52 - 2013-06-26 17:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 17:52 - 2013-06-26 17:53 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 17:52 - 2013-06-26 17:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 17:52 - 2013-06-26 17:52 - 00000000 ____D C:\Program Files\iPod
2013-06-25 07:56 - 2013-06-26 01:22 - 00000648 _____ C:\Users\dadspc7\Desktop\rd crank rebuild 2013.txt
2013-06-24 21:52 - 2013-07-20 11:52 - 00000094 _____ C:\Users\dadspc7\Desktop\rd clutch cush.txt
2013-06-24 17:00 - 2013-06-24 17:00 - 00001099 _____ C:\Users\dadspc7\Desktop\A Strangely Isolated Place - Shortcut.lnk
2013-06-23 23:28 - 2013-06-23 23:28 - 00098434 _____ C:\Users\dadspc7\Downloads\[isoHunt] [ www.UsaBit.com ] - Freebird 2008 720p BRRip x264-PLAYNOW.mp4.torrent
2013-06-23 22:40 - 2013-06-23 22:40 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Two Stroke Engine Expansion Chamber Design Utility
2013-06-23 22:40 - 2013-06-23 22:40 - 00000000 ____D C:\Pipe_Dsn
2013-06-23 22:39 - 2013-06-23 22:39 - 01513183 _____ C:\Users\dadspc7\Downloads\pipe_dsn.zip
2013-06-23 22:39 - 2013-06-23 22:39 - 00286720 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-06-23 22:39 - 2013-06-23 22:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-06-23 22:39 - 2013-06-23 22:39 - 00000000 ____D C:\Users\dadspc7\Downloads\pipe_dsn
2013-06-23 08:42 - 2013-06-23 08:42 - 00014839 _____ C:\Users\dadspc7\Documents\BaseCamp 2013-06-23.Backup
2013-06-23 08:06 - 2013-06-23 08:06 - 00000732 _____ C:\Users\dadspc7\Desktop\text docs oct 2012 - Shortcut.lnk

==================== One Month Modified Files and Folders =======

2013-07-23 18:48 - 2013-07-23 18:48 - 00000000 ____D C:\FRST
2013-07-23 18:48 - 2013-07-23 18:40 - 00000000 ____D C:\Users\dadspc7\Desktop\RK_Quarantine
2013-07-23 18:47 - 2013-07-23 18:46 - 01779757 _____ (Farbar) C:\Users\dadspc7\Desktop\FRST64.exe
2013-07-23 18:43 - 2013-07-23 18:43 - 00005614 _____ C:\Users\dadspc7\Desktop\RKreport[0]_D_07232013_184324.txt
2013-07-23 18:42 - 2013-07-23 18:42 - 00005501 _____ C:\Users\dadspc7\Desktop\RKreport[0]_S_07232013_184238.txt
2013-07-23 18:35 - 2013-07-23 18:35 - 03778560 _____ C:\Users\dadspc7\Desktop\RogueKillerX64.exe
2013-07-23 17:53 - 2012-10-01 08:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 17:52 - 2013-05-13 19:37 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 17:52 - 2013-05-13 19:37 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 14:30 - 2009-07-14 05:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 14:30 - 2009-07-14 05:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 14:29 - 2013-07-23 14:29 - 00000252 _____ C:\Users\dadspc7\Desktop\jobs july 2013.txt
2013-07-23 14:27 - 2011-04-30 07:02 - 01480881 _____ C:\Windows\WindowsUpdate.log
2013-07-23 14:22 - 2011-04-30 18:20 - 00000000 ____D C:\ProgramData\Adobe
2013-07-23 14:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 14:22 - 2009-07-14 05:51 - 00059914 _____ C:\Windows\setupact.log
2013-07-23 14:22 - 2009-07-14 05:45 - 05309456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-23 07:16 - 2011-11-07 23:41 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\uTorrent
2013-07-23 03:47 - 2013-07-23 03:47 - 00326054 _____ C:\Users\dadspc7\Downloads\massage (2).nzb
2013-07-23 03:28 - 2013-07-23 03:28 - 00000623 _____ C:\Users\dadspc7\Downloads\[isoHunt] Adobe_CS5_Activator.5529933.TPB.torrent
2013-07-23 03:20 - 2011-04-30 18:13 - 00000000 ____D C:\Users\dadspc7\AppData\Local\Adobe
2013-07-23 03:19 - 2013-07-23 03:19 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\MainConcept
2013-07-23 03:18 - 2013-07-23 03:18 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MainConcept
2013-07-23 03:17 - 2011-04-30 18:21 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 03:13 - 2013-07-23 03:13 - 00002180 _____ C:\Users\Public\Desktop\MainConcept MPEG Pro Toolbox.lnk
2013-07-23 03:13 - 2011-04-30 07:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-23 03:02 - 2013-07-23 03:02 - 00265525 _____ C:\Users\dadspc7\Downloads\[isoHunt] Adobe CS5.5 Master Collection [Multi] (With Crack).torrent
2013-07-23 03:00 - 2013-07-23 03:00 - 00001229 _____ C:\Users\dadspc7\Downloads\[isoHunt] ADOBE.CS5.5.MASTER.COLLECTION.KEYGEN.UPDATE.WIN.OSX-XFORCE.6581481.TPB.torrent
2013-07-23 02:34 - 2013-07-23 02:34 - 00000000 ____D C:\ProgramData\Minnetonka Audio Software
2013-07-23 02:26 - 2011-04-30 07:35 - 00143160 _____ C:\Users\dadspc7\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-23 02:25 - 2013-05-13 15:51 - 00000000 ____D C:\ProgramData\FLEXnet
2013-07-22 23:00 - 2011-04-30 08:45 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\Adobe
2013-07-22 22:58 - 2013-07-22 22:58 - 00000000 ____D C:\ProgramData\ALM
2013-07-22 22:48 - 2013-07-22 22:48 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-22 22:47 - 2013-07-22 22:47 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2013-07-22 22:40 - 2013-07-22 22:40 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-07-22 22:16 - 2011-04-30 13:32 - 00021932 _____ C:\Windows\PFRO.log
2013-07-22 21:58 - 2011-04-30 07:10 - 00000000 ____D C:\Users\dadspc7
2013-07-22 21:47 - 2013-07-22 21:46 - 00000000 ____D C:\Windows\system32\Drivers\etc\New folder
2013-07-22 21:03 - 2013-07-22 21:03 - 00000029 _____ C:\Users\dadspc7\Desktop\cs5.5 serial.txt
2013-07-22 16:07 - 2013-07-22 11:54 - 00104458 _____ C:\Users\dadspc7\Documents\platefinal.dwg
2013-07-22 13:46 - 2013-07-20 12:12 - 00002685 _____ C:\Users\dadspc7\Documents\plot.log
2013-07-22 13:26 - 2009-07-14 06:13 - 00783310 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 12:24 - 2013-07-22 12:24 - 00000249 _____ C:\Users\dadspc7\Downloads\Reset_and_Clear_Print_Spooler_Queue.bat
2013-07-22 11:56 - 2013-07-22 11:56 - 00005670 _____ C:\Users\dadspc7\Documents\platefinal.dwf
2013-07-22 11:54 - 2013-07-22 16:07 - 00090063 _____ C:\Users\dadspc7\Documents\platefinal.bak
2013-07-22 11:51 - 2013-07-22 11:51 - 00000000 ____D C:\autocad
2013-07-22 11:50 - 2013-07-22 11:50 - 00000000 ____D C:\Users\dadspc7\IGC
2013-07-22 11:50 - 2013-07-22 11:50 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\IGC
2013-07-22 11:48 - 2013-07-22 11:48 - 00001766 _____ C:\Users\Public\Desktop\Free DWG Viewer.lnk
2013-07-22 11:48 - 2013-07-22 11:48 - 00000000 ____D C:\Program Files (x86)\IGC
2013-07-22 11:47 - 2013-07-22 11:47 - 00003020 _____ C:\Windows\System32\Tasks\{E56A03C4-2164-437E-820C-4ED8CF8244ED}
2013-07-22 11:46 - 2013-07-22 11:46 - 00003020 _____ C:\Windows\System32\Tasks\{F79DDC52-46B7-4B65-A095-1B0AA9340D24}
2013-07-22 11:43 - 2013-07-22 11:43 - 00005663 _____ C:\Users\dadspc7\Documents\plate4a.dwf
2013-07-22 11:33 - 2013-07-22 11:32 - 60282483 _____ (Acresso Software Inc. ) C:\Users\dadspc7\Downloads\FreeDWGViewer (1).exe
2013-07-22 10:20 - 2013-07-22 09:36 - 00377815 _____ C:\Users\dadspc7\Documents\plate4.dxf
2013-07-22 10:20 - 2013-07-22 09:21 - 00075115 _____ C:\Users\dadspc7\Documents\plate4a.dwg
2013-07-22 10:19 - 2013-07-22 10:19 - 00005675 _____ C:\Users\dadspc7\Documents\plate4.dwf
2013-07-22 10:17 - 2013-04-21 23:03 - 00000000 ____D C:\Program Files (x86)\Autodesk
2013-07-22 10:16 - 2013-07-22 10:16 - 02649792 _____ (Autodesk, Inc.) C:\Users\dadspc7\Downloads\ExpressViewerSetup_CSY.exe
2013-07-22 10:12 - 2013-07-20 11:22 - 00010752 ___SH C:\Users\dadspc7\Documents\Thumbs.db
2013-07-22 09:36 - 2013-07-22 09:21 - 00377071 _____ C:\Users\dadspc7\Documents\plate4.bak
2013-07-22 09:33 - 2013-04-21 23:06 - 00000000 ____D C:\Users\dadspc7\AppData\Local\Autodesk
2013-07-22 09:32 - 2013-07-22 09:21 - 00074772 _____ C:\Users\dadspc7\Documents\plate4.dwg
2013-07-22 09:18 - 2013-07-22 09:18 - 00000973 _____ C:\AdwCleaner[R3].txt
2013-07-22 08:36 - 2013-07-22 08:36 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 08:33 - 2013-07-22 08:33 - 00000914 _____ C:\AdwCleaner[R2].txt
2013-07-22 08:27 - 2013-07-22 08:26 - 00001217 _____ C:\AdwCleaner[S1].txt
2013-07-22 08:26 - 2013-07-22 08:26 - 00001147 _____ C:\AdwCleaner[R1].txt
2013-07-22 08:19 - 2013-07-22 08:18 - 43479392 _____ (GridinSoft LLC) C:\Users\dadspc7\Downloads\gtk-2.1.7.6-setup.exe
2013-07-21 11:42 - 2012-09-14 18:28 - 00000445 _____ C:\Users\dadspc7\Desktop\things to do.txt
2013-07-21 00:19 - 2012-09-18 08:33 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\vlc
2013-07-20 19:05 - 2013-07-20 12:23 - 00093853 _____ C:\Users\dadspc7\Documents\plate3.dwg
2013-07-20 19:03 - 2013-07-18 21:13 - 00093853 _____ C:\Users\dadspc7\Documents\plate2.dwg
2013-07-20 17:25 - 2013-07-18 21:13 - 00088110 _____ C:\Users\dadspc7\Documents\plate2.bak
2013-07-20 12:08 - 2013-07-20 12:02 - 00000000 ____D C:\ProgramData\EPSON
2013-07-20 12:02 - 2013-07-20 12:01 - 08595744 _____ C:\Users\dadspc7\Downloads\epson15194.exe
2013-07-20 11:52 - 2013-06-24 21:52 - 00000094 _____ C:\Users\dadspc7\Desktop\rd clutch cush.txt
2013-07-20 11:19 - 2013-07-20 11:14 - 222364016 _____ C:\Users\dadspc7\Downloads\SetupDWGTrueView2012_32bit.exe
2013-07-20 11:17 - 2013-07-20 11:14 - 63104600 _____ (Acresso Software Inc. ) C:\Users\dadspc7\Downloads\freedwgviewer.exe
2013-07-20 07:45 - 2013-07-20 07:45 - 00000033 _____ C:\Users\dadspc7\Desktop\chris car.txt
2013-07-18 23:08 - 2013-07-18 23:08 - 00014773 _____ C:\Users\dadspc7\Downloads\Baseline [2010] DvDrip MXMG-[rarbg.com].torrent
2013-07-18 22:50 - 2013-07-18 22:50 - 00014747 _____ C:\Users\dadspc7\Downloads\[isoHunt] Baseline [2010] DvDrip MXMG.torrent
2013-07-18 22:31 - 2013-07-18 21:13 - 00080856 _____ C:\Users\dadspc7\Documents\plate.dwg
2013-07-18 22:19 - 2013-07-18 21:29 - 00071643 _____ C:\Users\dadspc7\Documents\plate.bak
2013-07-18 19:44 - 2013-07-10 02:56 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-07-18 07:30 - 2013-07-18 07:30 - 00023662 _____ C:\ComboFix.txt
2013-07-18 07:30 - 2013-07-18 07:19 - 00000000 ____D C:\Qoobox
2013-07-18 07:30 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-07-18 07:29 - 2011-04-30 07:10 - 00000000 ___RD C:\Users\dadspc7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-18 07:28 - 2013-07-18 07:19 - 00000000 ____D C:\Windows\erdnt
2013-07-18 07:28 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-07-18 07:17 - 2013-07-18 07:15 - 00002954 _____ C:\Users\dadspc7\Desktop\Rkill.txt
2013-07-18 07:15 - 2013-07-18 07:15 - 00000000 ____D C:\Users\dadspc7\Desktop\rkill
2013-07-18 07:12 - 2013-07-18 07:12 - 00280072 _____ C:\Windows\Minidump\071813-56799-01.dmp
2013-07-18 07:12 - 2013-07-18 07:12 - 00000000 ____D C:\Windows\Minidump
2013-07-18 07:11 - 2013-07-18 07:11 - 858998660 _____ C:\Windows\MEMORY.DMP
2013-07-18 06:41 - 2013-07-18 06:39 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 21:38 - 2013-07-10 02:56 - 00000949 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-07-17 07:46 - 2012-09-19 20:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-17 07:46 - 2012-09-19 20:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-17 07:45 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 07:45 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 07:45 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 07:29 - 2011-10-23 07:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-15 21:58 - 2011-05-02 05:59 - 00000000 ____D C:\Users\dadspc7\AppData\Local\QuickPar
2013-07-15 08:57 - 2013-07-15 08:57 - 00028435 _____ C:\Users\dadspc7\Downloads\[isoHunt] The Dreamers - NC-17 Uncut [GeneGeter.com].torrent
2013-07-15 08:33 - 2013-07-15 08:33 - 00028915 _____ C:\Users\dadspc7\Downloads\[isoHunt] Intimacy.Patrice.Chereau.2001.torrent
2013-07-15 00:30 - 2013-07-15 00:30 - 00504563 _____ C:\Users\dadspc7\Downloads\massage (1).nzb
2013-07-15 00:30 - 2013-07-15 00:30 - 00315957 _____ C:\Users\dadspc7\Downloads\massage.nzb
2013-07-15 00:26 - 2013-07-15 00:26 - 00658722 _____ C:\Users\dadspc7\Downloads\69352-A Good Night to Die 2003.nzb
2013-07-15 00:24 - 2013-07-15 00:23 - 00030673 _____ C:\Users\dadspc7\Downloads\[isoHunt] A Good Night To Die.torrent
2013-07-14 17:37 - 2013-07-14 17:37 - 00016640 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2013-07-13 20:16 - 2013-07-13 20:16 - 00440483 _____ C:\Users\dadspc7\Downloads\5110cc1c69cb932c11d3dc4b.nzb
2013-07-13 18:18 - 2013-07-13 17:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-13 17:56 - 2013-05-13 19:38 - 00002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 17:47 - 2013-05-13 19:37 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 17:47 - 2013-05-13 19:37 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 17:26 - 2013-07-13 17:26 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\SUPERAntiSpyware.com
2013-07-13 17:25 - 2013-07-13 17:25 - 00001813 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-13 17:25 - 2013-07-13 17:25 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-10 07:05 - 2012-09-17 19:44 - 00000000 ____D C:\Users\dadspc7\Desktop\adobemasterkeygen55
2013-07-10 05:11 - 2013-04-18 23:00 - 00000000 ____D C:\Users\dadspc7\Documents\ProgDVB_Pro_6.03_With_Loader
2013-07-10 04:50 - 2011-10-22 07:53 - 00000000 ____D C:\Program Files (x86)\ProgDVB
2013-07-10 03:45 - 2013-07-10 02:39 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\nuuds
2013-07-10 02:50 - 2011-04-30 07:35 - 00002155 _____ C:\Windows\epplauncher.mif
2013-07-10 02:50 - 2011-04-30 07:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-10 02:49 - 2012-06-05 23:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-10 02:47 - 2013-07-10 02:47 - 00002990 _____ C:\Windows\System32\Tasks\{A2DC1B97-7319-4833-90EA-35DD1B89B7D7}
2013-07-10 02:47 - 2013-07-10 02:47 - 00002990 _____ C:\Windows\System32\Tasks\{416368C9-A4F1-4281-9A5B-D464BEFF1B9A}
2013-07-10 02:15 - 2013-07-10 02:15 - 00661897 _____ C:\Users\dadspc7\Downloads\A Good Night to Die .nzb
2013-07-09 07:01 - 2013-07-09 07:01 - 00109673 _____ C:\Users\dadspc7\Downloads\Ginta_My_First_Massage_Experience_HD.nzb
2013-07-08 07:17 - 2011-11-08 22:41 - 00000000 ____D C:\Users\dadspc7\Desktop\New folder
2013-07-05 22:12 - 2013-07-05 22:17 - 04697448 _____ (Garmin International) C:\Users\dadspc7\Downloads\GarminMapUpdater.exe
2013-07-05 21:54 - 2013-06-15 12:05 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-05 21:53 - 2013-06-15 12:05 - 00001893 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2013-07-05 21:53 - 2013-06-12 21:42 - 00000000 ____D C:\ProgramData\Garmin
2013-07-05 20:18 - 2013-06-21 17:01 - 00001181 _____ C:\Users\dadspc7\Desktop\garmin 2.txt
2013-07-04 07:05 - 2013-07-04 07:05 - 00001485 _____ C:\Users\dadspc7\Desktop\The Heavy[2010]DvDrip[Eng]-FXG.avi - Shortcut.lnk
2013-07-02 23:01 - 2012-09-16 23:22 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-01 05:21 - 2013-07-01 05:21 - 00000000 ____D C:\Users\dadspc7\Downloads\N.C
2013-06-30 08:45 - 2013-05-25 07:10 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\dvdcss
2013-06-30 02:55 - 2013-06-30 02:55 - 00147573 _____ C:\Users\dadspc7\Downloads\39_Natalia_Starr_-_PornPros__Massage_Creep_-_Back_For_More.nzb
2013-06-29 22:29 - 2013-06-29 22:29 - 00071033 _____ C:\Users\dadspc7\Downloads\[isoHunt] [18+]Friend of The Family [1995][DvDrip][Uncut][Unrated][Dual Audio][Hindi+English][OIGXR][BPS].torrent
2013-06-28 05:31 - 2013-06-12 21:42 - 00000000 ____D C:\Program Files (x86)\Garmin
2013-06-28 04:56 - 2013-06-28 04:56 - 00000000 ____D C:\Users\dadspc7\AppData\Local\SCE
2013-06-28 04:55 - 2013-06-28 04:55 - 00000592 _____ C:\Users\dadspc7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk
2013-06-28 04:54 - 2013-06-28 04:54 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-06-26 17:53 - 2013-06-26 17:53 - 00001788 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-26 17:53 - 2013-06-26 17:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 17:53 - 2013-06-26 17:52 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 17:53 - 2013-06-26 17:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 17:52 - 2013-06-26 17:52 - 00000000 ____D C:\Program Files\iPod
2013-06-26 01:22 - 2013-06-25 07:56 - 00000648 _____ C:\Users\dadspc7\Desktop\rd crank rebuild 2013.txt
2013-06-26 01:22 - 2012-03-28 18:28 - 00000000 ____D C:\Program Files (x86)\Thumbs7
2013-06-25 15:11 - 2013-05-13 19:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-24 17:00 - 2013-06-24 17:00 - 00001099 _____ C:\Users\dadspc7\Desktop\A Strangely Isolated Place - Shortcut.lnk
2013-06-24 00:57 - 2011-04-30 11:52 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-23 23:28 - 2013-06-23 23:28 - 00098434 _____ C:\Users\dadspc7\Downloads\[isoHunt] [ www.UsaBit.com ] - Freebird 2008 720p BRRip x264-PLAYNOW.mp4.torrent
2013-06-23 22:40 - 2013-06-23 22:40 - 00000000 ____D C:\Users\dadspc7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Two Stroke Engine Expansion Chamber Design Utility
2013-06-23 22:40 - 2013-06-23 22:40 - 00000000 ____D C:\Pipe_Dsn
2013-06-23 22:39 - 2013-06-23 22:39 - 01513183 _____ C:\Users\dadspc7\Downloads\pipe_dsn.zip
2013-06-23 22:39 - 2013-06-23 22:39 - 00286720 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-06-23 22:39 - 2013-06-23 22:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-06-23 22:39 - 2013-06-23 22:39 - 00000000 ____D C:\Users\dadspc7\Downloads\pipe_dsn
2013-06-23 08:42 - 2013-06-23 08:42 - 00014839 _____ C:\Users\dadspc7\Documents\BaseCamp 2013-06-23.Backup
2013-06-23 08:06 - 2013-06-23 08:06 - 00000732 _____ C:\Users\dadspc7\Desktop\text docs oct 2012 - Shortcut.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 00:28

==================== End Of Log ============================

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:20 PM

Posted 24 July 2013 - 07:19 AM

Try this.
Open Internet Explorer > Tools menu > Internet Options > Advanced Tag.
Click the Reset button to reset the IE settings.
Click the apply button is required.

Restart the computer normally.
===

If the problem persists please continue

This key seems to be malformed.
StartMenuInternet: IEXPLORE.EXE - c:\program files\interne

On a Windows 7 - 64 bit it should look like this.
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

Lets have a look at it.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :regfind
    IEXPLORE.EXE
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

This may take a few minutes, let it complete.

#15 aljaxon

aljaxon
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 24 July 2013 - 11:00 AM

one of the programs you told me to run cant remember which tried to reset internet explorer to its default "home" saying it was in the wrong place or something
I will perform the latest tasks in an hour or so after my food
cheers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users