Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Dirty Decrypt (possibly more)


  • Please log in to reply
28 replies to this topic

#1 AnarchistRebel

AnarchistRebel

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 July 2013 - 12:57 PM

I think music files are getting corrupted (I don't think they were before).  A photo was corrupted with the "Dirty Decrypter" thing.

Skype is a blank page, Task Manager would not open, it would open then close. 

Here is a more detailed information:  http://www.bleepingcomputer.com/forums/t/502192/dirty-decrypt/

 

Here is my DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.25.2
Run by Admin at 12:43:33 on 2013-07-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7989.5308 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Admin\AppData\Local\CRE\WpaDxlHl.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\UI0Detect.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Program Files (x86)\DFX\DFX.exe
C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN33143341382929617&UM=2&ctid=CT3298572
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [gbEdoFIS] C:\Users\Admin\AppData\Local\CRE\WpaDxlHl.exe
uRun: [DirtyDecrypt] "C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe" /hide
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [DFX] C:\Program Files (x86)\DFX\DFX.exe -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YrHXGxkN.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{50CF3A3B-EDA0-4D84-8803-61428B280A5D} : DHCPNameServer = 205.171.3.65 205.171.2.65
TCP: Interfaces\{632C2F7A-FBE2-4133-8DDD-B9A36B62CC25} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
AppInit_DLLs= c:\progra~2\safesa~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\System32\drivers\SmartDefragDriver.sys [2013-7-23 17720]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-5-2 45856]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-5-3 13824]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/03 15:00:53];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2010-1-12 146928]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-6-30 574272]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-7-2 335168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-1 701512]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-3 2320920]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-29 1015984]
R3 DFX11_1;DFX Audio Enhancer 11.1;C:\windows\System32\drivers\dfx11_1x64.sys [2012-12-13 28008]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-7-2 23048]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-5-3 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-5-3 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-7-1 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-3-17 7680512]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-7-2 34336]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-7-2 23016]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-4-5 39832]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2010-5-3 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-4 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-6-30 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 SRS_AE_Service;SRS Audio;C:\windows\System32\drivers\SRS_AE_amd64.sys [2012-6-21 549704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-6-30 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-1-12 1255736]
.
=============== Created Last 30 ================
.
2013-07-25 17:20:57 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2013-07-25 13:42:44 -------- d-----w- C:\{5A9C0D4A-CB37-3CD1-AD6C-1F06AE556847}
2013-07-25 13:27:19 -------- d-----w- C:\Users\Admin\AppData\Roaming\Dirty
2013-07-25 13:27:09 274080 --s---w- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YrHXGxkN.exe
2013-07-25 11:08:29 -------- d-----w- C:\Users\Admin\AppData\Local\rsmQHdcl
2013-07-25 11:08:12 -------- d-----w- C:\Users\Admin\AppData\Local\jIphZyhD
2013-07-25 11:08:11 -------- d-----w- C:\Users\Admin\AppData\Local\Dirty
2013-07-24 05:11:33 -------- d-----w- C:\Users\Admin\AppData\Local\Mato_Technologies
2013-07-24 02:14:00 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1DFB717-35F3-4CCD-BCA4-B240F8184BD2}\offreg.dll
2013-07-24 00:23:59 17720 ----a-w- C:\windows\System32\drivers\SmartDefragDriver.sys
2013-07-24 00:20:50 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1DFB717-35F3-4CCD-BCA4-B240F8184BD2}\mpengine.dll
2013-07-24 00:20:38 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-07-21 05:01:02 -------- d-----w- C:\Users\Admin\AppData\Local\Microsoft Games
2013-07-21 01:58:17 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-07-15 16:44:19 -------- d-----w- C:\Users\Admin\AppData\Local\Avg2013
2013-07-14 01:14:04 -------- d-----w- C:\Users\Admin\AppData\Roaming\LolClient
2013-07-13 23:04:09 467984 ----a-w- C:\windows\SysWow64\d3dx10_39.dll
2013-07-13 23:04:09 1493528 ----a-w- C:\windows\SysWow64\D3DCompiler_39.dll
2013-07-13 23:04:08 3851784 ----a-w- C:\windows\SysWow64\D3DX9_39.dll
2013-07-13 23:03:50 -------- d-----w- C:\Riot Games
2013-07-13 23:01:55 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-07-13 22:58:02 -------- d-----w- C:\Users\Admin\AppData\Roaming\Riot Games
2013-07-13 15:31:59 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-12 20:35:16 -------- d-----w- C:\Users\Admin\AppData\Local\DFX
2013-07-12 20:35:14 -------- d-----w- C:\ProgramData\DFX
2013-07-12 20:34:06 -------- d-----w- C:\Program Files (x86)\DFX
2013-07-12 20:34:06 -------- d-----w- C:\Program Files (x86)\Common Files\DFX
2013-07-12 16:48:58 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-07-12 16:48:40 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-07-12 16:48:31 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-07-12 03:23:43 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-07-10 13:45:44 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 13:45:44 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 13:45:44 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 13:45:44 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 13:45:44 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 13:45:44 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 13:45:44 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 13:45:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-10 13:45:14 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-10 13:45:14 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-10 13:41:49 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 13:41:49 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 13:41:48 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:41:48 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 13:41:48 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:41:28 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-10 13:41:28 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 13:41:17 1545728 ----a-w- C:\windows\System32\DWrite.dll
2013-07-10 13:41:17 1077760 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-07-05 22:28:13 -------- d-----w- C:\Users\Admin\AppData\Roaming\tor
2013-07-05 21:37:12 -------- d-----w- C:\Users\Admin\AppData\Local\Mozilla
2013-07-04 04:42:43 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-07-04 04:42:32 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-07-04 04:42:23 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-07-04 04:42:15 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-03 05:42:33 -------- d-----w- C:\Users\Admin\AppData\Local\NFS Underground 2
2013-07-02 09:38:00 -------- d-----w- C:\Program Files (x86)\NFS Most Wanted
2013-07-02 05:35:24 -------- d-----w- C:\Users\Admin\AppData\Local\SecondLife
2013-07-02 04:14:11 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-07-02 04:14:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 03:53:21 -------- d-----w- C:\Users\Admin\AppData\Local\Conduit
2013-07-02 03:52:58 -------- d-----w- C:\Users\Admin\AppData\Local\CRE
2013-07-01 11:09:25 -------- d-----w- C:\Users\Admin\AppData\Roaming\OpenOffice.org
2013-07-01 11:08:18 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2013-07-01 10:33:02 -------- d-----w- C:\windows\SysWow64\directx
2013-07-01 04:05:37 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2013-07-01 04:05:37 458712 ----a-w- C:\windows\System32\drivers\cng.sys
2013-07-01 04:05:37 340992 ----a-w- C:\windows\System32\schannel.dll
2013-07-01 04:05:37 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2013-07-01 04:05:37 154480 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2013-07-01 04:05:37 1448448 ----a-w- C:\windows\System32\lsasrv.dll
2013-07-01 04:05:36 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2013-07-01 04:05:01 366592 ----a-w- C:\windows\System32\qdvd.dll
2013-07-01 04:05:00 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2013-07-01 04:04:23 26432 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe
2013-06-30 18:27:38 -------- d-----w- C:\ProgramData\IObit
2013-06-30 18:27:37 -------- d-----w- C:\Users\Admin\AppData\Roaming\IObit
2013-06-30 18:27:24 -------- d-----w- C:\Program Files (x86)\IObit
2013-06-30 01:49:56 -------- d-----w- C:\Program Files (x86)\SA
2013-06-29 09:23:14 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2013-06-29 08:33:06 -------- d-----w- C:\Users\Admin\AppData\Roaming\PowerISO
2013-06-29 08:32:01 127384 ----a-w- C:\windows\System32\drivers\scdemu.sys
2013-06-29 08:32:00 -------- d-----w- C:\Program Files (x86)\PowerISO
2013-06-29 07:53:28 -------- d-----w- C:\Users\Admin\AppData\Local\DTClient
2013-06-29 07:51:57 -------- d-----w- C:\Users\Admin\AppData\Roaming\DAEMON Tools Ultra
2013-06-28 00:15:16 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-06-28 00:15:02 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-27 10:20:55 -------- d-----w- C:\Users\Admin\AppData\Local\Norman Malware Cleaner
2013-06-27 10:05:40 -------- d-sh--w- C:\$RECYCLE.BIN
2013-06-27 08:39:42 98816 ----a-w- C:\windows\sed.exe
2013-06-27 08:39:42 256000 ----a-w- C:\windows\PEV.exe
2013-06-27 08:39:42 208896 ----a-w- C:\windows\MBR.exe
2013-06-26 12:27:55 -------- d-sh--w- C:\windows\SysWow64\AI_RecycleBin
2013-06-26 12:27:34 -------- d-sh--w- C:\AI_RecycleBin
.
==================== Find3M  ====================
.
2013-06-24 03:01:49 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 03:01:49 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-06-24 03:01:49 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-06-12 18:40:19 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 18:40:19 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-04 18:38:24 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-29 17:09:32 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-05-02 07:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 12:43:47.25 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 July 2013 - 01:01 PM

Also, the Cobian backup didn't work, it couldn't download 2 files.



#3 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 July 2013 - 01:44 PM

Could somebody help me?



#4 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 July 2013 - 04:07 PM

Task Manager just worked.



#5 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:36 PM

Posted 25 July 2013 - 04:53 PM

AnarchistRebel,

 

:step1:  Please download the Farbar Recovery Scan Tool
Select the version that applies to your system.
Save to the Desktop.

  • Double-click the downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply. <<---

 

 

 

 :step2:  When done, download CKScanner:
http://downloads.malwareremoval.com/CKScanner.exe

Important: - Save it to your Desktop

Double-click CKScanner.exe, then, click: Search For Files
When a list appears, click: Save List To File
A message box verifies the file saved.

Double-click the CKFiles.txt on your Desktop, and copy/paste the contents in your reply.

 

 

Thanks.

 

 

 


Old duck...


#6 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 July 2013 - 10:10 PM

Before I download these things, I started my computer and the Dirty Decrypter thing showed, and I found the file location in properties:

C:\Users\Admin\AppData\Roaming\Dirty

i am going to download the programs now and then post the reply.



#7 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 July 2013 - 10:30 PM

FRST.txt-

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2013

Ran by Admin (administrator) on 25-07-2013 22:11:45
Running from C:\Users\Admin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
() C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Admin\AppData\Local\Temp\uZuUPWBW.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\Admin\Downloads\FRST64.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-04] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKCU\...\Run: [gbEdoFIS] - C:\Users\Admin\AppData\Local\CRE\WpaDxlHl.exe [274080 2013-07-25] ()
HKCU\...\Run: [DirtyDecrypt] - C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe [24576 2013-07-25] ()
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-01-13] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2010-01-11] (CyberLink Corp.)
HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1515328 2013-06-14] (IObit)
HKLM-x32\...\Run: [DFX] - C:\Program Files (x86)\DFX\DFX.exe [1274840 2013-07-12] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cobian Backup 11 interface] - C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
AppInit_DLLs-x32: c:\progra~2\safesa~1\sprote~1.dll [97280 2009-07-13] ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YrHXGxkN.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=UP74DHP&pc=UP74&dt=072513
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM-x32 - DefaultScope {FD900C47-27AB-45E4-8E5B-B6044D20F170} URL = 
SearchScopes: HKCU - DefaultScope {FD900C47-27AB-45E4-8E5B-B6044D20F170} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298572&CUI=UN33143341382929617&UM=2
SearchScopes: HKCU - {14097E2D-C386-4227-92D5-3CD011DE8C9C} URL = http://www.bing.com/search?FORM=UP74DF&PC=UP74&dt=072513&q={searchTerms}&src=IE-SearchBox
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3298572&SearchSource=48&CUI=UN19551619028420692&UM=2
CHR RestoreOnStartup: "hxxp://google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (safe essave) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccmjhfcmkedohenfgognoibhoankchm\1
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.2_0
CHR Extension: (Auto HD For YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\4.0.2_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\Admin\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx
CHR HKLM-x32\...\Chrome\Extension: [efofpgodgejpmjgbpjdblepalcommejk] - C:\Users\Admin\AppData\Local\CRE\efofpgodgejpmjgbpjdblepalcommejk.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-04] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-29] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-05-29] (AVG Technologies)
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [549704 2012-06-21] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2010-01-12] (CyberLink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2010-01-12] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-25 22:10 - 2013-07-25 22:10 - 01779853 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2013-07-25 22:10 - 2013-07-25 22:10 - 00000000 ____D C:\FRST
2013-07-25 16:59 - 2013-07-25 17:00 - 00007680 _____ C:\windows\IE10_main.log
2013-07-25 16:58 - 2013-07-25 16:58 - 46592416 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\EIE10_EN-US_WOL_Win764.EXE
2013-07-25 16:58 - 2013-07-25 16:58 - 46592416 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\EIE10_EN-US_WOL_Win764 (1).EXE
2013-07-25 16:37 - 2013-07-25 16:37 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-07-25 16:37 - 2013-07-25 16:37 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-07-25 16:37 - 2013-07-25 16:37 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-07-25 16:37 - 2013-07-25 16:37 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-25 16:37 - 2013-07-25 16:37 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25.exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (7).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (6).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (5).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (4).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (3).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (2).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (1).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00000000 ____D C:\ProgramData\McAfee
2013-07-25 16:27 - 2013-07-25 16:27 - 00002052 _____ C:\windows\epplauncher.mif
2013-07-25 16:09 - 2013-07-25 16:09 - 01492584 _____ (Skype Technologies S.A.) C:\Users\Admin\Downloads\SkypeSetup.exe
2013-07-25 16:09 - 2013-07-25 16:09 - 01492584 _____ (Skype Technologies S.A.) C:\Users\Admin\Downloads\SkypeSetup (1).exe
2013-07-25 13:24 - 2013-07-02 20:13 - 00565248 _____ C:\Users\Admin\Downloads\Listia Unlimited+.exe
2013-07-25 13:24 - 2013-07-02 20:08 - 00001169 _____ C:\Users\Admin\Downloads\README.txt
2013-07-25 13:22 - 2013-07-25 13:22 - 00170794 ____R C:\Users\Admin\Downloads\Listia Credit Hack 2013.rar
2013-07-25 13:00 - 2013-07-25 13:00 - 00011645 _____ C:\Users\Admin\Downloads\attach.txt
2013-07-25 12:43 - 2013-07-25 12:43 - 00023465 _____ C:\Users\Admin\Desktop\dds.txt
2013-07-25 12:43 - 2013-07-25 12:43 - 00011645 _____ C:\Users\Admin\Desktop\attach.txt
2013-07-25 12:39 - 2013-07-25 12:39 - 00688992 _____ (Swearware) C:\Users\Admin\Downloads\dds (3).com
2013-07-25 12:36 - 2013-07-25 12:36 - 00688992 _____ (Swearware) C:\Users\Admin\Downloads\dds (2).com
2013-07-25 12:33 - 2013-07-25 12:33 - 00688992 _____ (Swearware) C:\Users\Admin\Downloads\dds (1).com
2013-07-25 12:31 - 2013-07-25 12:31 - 00688992 ____R (Swearware) C:\Users\Admin\Desktop\dds.com
2013-07-25 12:20 - 2013-07-25 12:22 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-07-25 12:20 - 2013-07-25 12:20 - 00000894 _____ C:\Users\Admin\Downloads\cbSetup.txt
2013-07-25 12:18 - 2013-07-25 12:19 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Admin\Downloads\cbSetup.exe
2013-07-25 09:35 - 2013-07-25 09:35 - 00000036 _____ C:\Users\Admin\AppData\Local\housecall.guid.cache
2013-07-25 08:56 - 2013-07-25 08:56 - 00069112 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-25 08:42 - 2013-07-25 08:42 - 00000000 ____D C:\{5A9C0D4A-CB37-3CD1-AD6C-1F06AE556847}
2013-07-25 08:33 - 2013-07-25 18:32 - 00093424 _____ C:\windows\WindowsUpdate.log
2013-07-25 08:27 - 2013-07-25 08:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dirty
2013-07-25 08:26 - 2013-07-25 22:04 - 00000112 _____ C:\windows\setupact.log
2013-07-25 08:26 - 2013-07-25 22:03 - 00001842 _____ C:\windows\PFRO.log
2013-07-25 08:26 - 2013-07-25 08:26 - 00305472 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-25 08:26 - 2013-07-25 08:26 - 00000000 _____ C:\windows\setuperr.log
2013-07-25 06:08 - 2013-07-25 08:27 - 00000000 ____D C:\Users\Admin\AppData\Local\Dirty
2013-07-25 06:08 - 2013-07-25 06:10 - 00000000 ____D C:\Users\Admin\AppData\Local\rsmQHdcl
2013-07-25 06:08 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\jIphZyhD
2013-07-24 17:34 - 2013-07-25 08:58 - 00000000 ____D C:\Users\Admin\Documents\IMG Manager V.2.0 BETA
2013-07-24 16:06 - 2013-07-24 16:09 - 00000000 ____D C:\Users\Admin\Documents\Courage The Cowardly Dog (1999-2002)
2013-07-24 06:02 - 2013-07-24 06:08 - 00000000 ____D C:\Users\Public\Documents\GTA San Andreas User Files
2013-07-24 00:11 - 2013-07-24 00:11 - 00000000 ____D C:\Users\Admin\AppData\Local\Mato_Technologies
2013-07-23 20:56 - 2013-07-23 20:57 - 00000000 ____D C:\Users\Admin\Documents\Alci IMG Editor
2013-07-23 20:14 - 2013-06-23 21:50 - 00000000 ____D C:\Users\Admin\Documents\Tor Browser
2013-07-23 19:23 - 2013-05-22 18:49 - 00017720 _____ C:\windows\system32\Drivers\SmartDefragDriver.sys
2013-07-21 00:01 - 2013-07-21 00:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Games
2013-07-20 20:58 - 2013-07-20 20:58 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-07-16 07:58 - 2013-07-16 07:58 - 56127488 _____ C:\windows\system32\config\SOFTWARE.iobit
2013-07-16 07:58 - 2013-07-16 07:58 - 00770048 _____ C:\windows\system32\config\DEFAULT.iobit
2013-07-16 07:58 - 2013-07-16 07:58 - 00024576 _____ C:\windows\system32\config\SECURITY.iobit
2013-07-16 07:58 - 2013-07-16 07:58 - 00024576 _____ C:\windows\system32\config\SAM.iobit
2013-07-15 11:44 - 2013-07-15 11:44 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg2013
2013-07-13 20:14 - 2013-07-13 20:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\LolClient
2013-07-13 18:04 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2013-07-13 18:04 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2013-07-13 18:04 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2013-07-13 18:03 - 2013-07-13 18:03 - 00000000 ____D C:\Riot Games
2013-07-13 18:01 - 2013-07-25 08:53 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-13 18:01 - 2013-07-13 18:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-07-13 18:01 - 2013-07-13 18:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-07-13 17:58 - 2013-07-13 18:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Riot Games
2013-07-12 15:35 - 2013-07-12 15:35 - 00000000 ____D C:\Users\Admin\AppData\Local\DFX
2013-07-12 15:35 - 2013-07-12 15:35 - 00000000 ____D C:\ProgramData\DFX
2013-07-12 15:34 - 2013-07-12 15:36 - 00000000 ____D C:\Program Files (x86)\DFX
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Roaming\vlc
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\HomeGroupUser$
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\Guest\AppData\Roaming\vlc
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\Guest
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\Administrator
2013-07-12 14:57 - 2013-07-12 14:57 - 00002996 _____ C:\windows\System32\Tasks\{CEBE3AA6-2385-4AE1-9F01-5F933BC55734}
2013-07-12 14:57 - 2013-07-12 14:57 - 00002996 _____ C:\windows\System32\Tasks\{82CD1B7D-E810-41EE-AA53-7864F2C0D936}
2013-07-12 14:49 - 2013-07-12 14:49 - 00000000 ____D C:\ProgramData\FLEXnet
2013-07-11 22:25 - 2013-07-25 04:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2013-07-11 22:23 - 2013-07-11 22:23 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-10 08:45 - 2013-07-10 08:45 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 08:45 - 2013-07-10 08:45 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 08:45 - 2013-07-10 08:45 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 08:41 - 2013-07-10 08:41 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 08:41 - 2013-07-10 08:41 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 08:41 - 2013-07-10 08:41 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-10 08:41 - 2013-07-10 08:41 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 08:23 - 2013-07-10 08:23 - 00003176 _____ C:\windows\System32\Tasks\ASC6_AutoClean
2013-07-09 13:09 - 2013-07-09 13:09 - 00149504 _____ C:\Users\Admin\Documents\bmycr.txd
2013-07-09 13:09 - 2013-07-09 13:09 - 00088064 _____ C:\Users\Admin\Documents\bmycr.dff
2013-07-05 17:28 - 2013-07-05 17:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\tor
2013-07-05 16:37 - 2013-07-05 16:37 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-07-04 11:42 - 2013-07-04 11:42 - 00149504 _____ C:\Users\Admin\Documents\sfr2.txd
2013-07-04 11:42 - 2013-07-04 11:42 - 00098304 _____ C:\Users\Admin\Documents\sfr2.dff
2013-07-03 00:42 - 2013-07-03 01:18 - 00000000 ____D C:\Users\Admin\AppData\Local\NFS Underground 2
2013-07-02 04:45 - 2013-07-02 04:45 - 00001973 _____ C:\Users\Admin\Desktop\Play.lnk
2013-07-02 04:42 - 2013-07-02 11:33 - 00000000 ____D C:\Users\Admin\Documents\NFS Most Wanted
2013-07-02 04:42 - 2013-07-02 04:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NFS Most Wanted
2013-07-02 04:38 - 2013-07-02 04:42 - 00000000 ____D C:\Program Files (x86)\NFS Most Wanted
2013-07-02 00:44 - 2013-07-02 00:44 - 00015942 _____ C:\windows\system32\results.xml
2013-07-02 00:35 - 2013-07-02 01:59 - 00000000 ____D C:\Users\Admin\AppData\Local\SecondLife
2013-07-02 00:35 - 2013-07-02 00:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\SecondLife
2013-07-01 23:14 - 2013-07-01 23:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 23:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-01 23:13 - 2013-07-05 16:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-07-01 23:11 - 2013-07-01 23:12 - 00000009 _____ C:\END
2013-07-01 22:53 - 2013-07-01 23:37 - 00000000 ____D C:\Users\Admin\AppData\Local\Conduit
2013-07-01 22:52 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\CRE
2013-07-01 22:52 - 2013-07-01 22:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2013-07-01 10:22 - 2013-07-25 22:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2013-07-01 06:09 - 2013-07-01 06:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\OpenOffice.org
2013-07-01 06:08 - 2013-07-01 06:08 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-01 05:33 - 2013-07-01 05:33 - 00000000 ____D C:\windows\SysWOW64\directx
2013-06-30 23:06 - 2013-06-30 23:06 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2013-06-30 23:06 - 2013-06-30 23:06 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2013-06-30 23:06 - 2013-06-30 23:06 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2013-06-30 23:06 - 2013-06-30 23:06 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2013-06-30 23:06 - 2013-06-30 23:06 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2013-06-30 23:06 - 2013-06-30 23:06 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2013-06-30 23:06 - 2013-06-30 23:06 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-30 23:05 - 2013-06-30 23:05 - 01448448 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-06-30 23:05 - 2013-06-30 23:05 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00154480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-06-30 23:05 - 2013-06-30 23:05 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-06-30 23:04 - 2013-04-17 20:20 - 00026432 _____ (IObit) C:\windows\system32\RegistryDefragBootTime.exe
2013-06-30 13:27 - 2013-07-23 19:23 - 00000000 ____D C:\Program Files (x86)\IObit
2013-06-30 13:27 - 2013-07-02 04:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\IObit
2013-06-30 13:27 - 2013-07-02 00:03 - 00000000 ____D C:\ProgramData\IObit
2013-06-30 13:27 - 2013-06-30 13:27 - 00001260 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-06-30 13:27 - 2013-06-30 13:27 - 00001221 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-06-30 13:27 - 2013-06-30 13:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-06-29 21:10 - 2013-06-29 21:10 - 00003088 _____ C:\windows\System32\Tasks\{F51A96E6-634C-44D9-AC1A-4F1F3DF38CE9}
2013-06-29 20:49 - 2013-06-29 20:50 - 00000000 ____D C:\Program Files (x86)\SA
2013-06-29 06:15 - 2013-06-29 06:15 - 00001280 _____ C:\Users\Admin\Desktop\Bully.lnk
2013-06-29 04:33 - 2013-07-15 23:33 - 00000000 ____D C:\Users\Admin\Documents\Bully Scholarship Edition
2013-06-29 04:23 - 2013-06-29 04:23 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-06-29 03:33 - 2013-06-29 03:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PowerISO
2013-06-29 03:32 - 2013-06-29 03:32 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-06-29 03:32 - 2013-04-15 04:50 - 00127384 _____ (Power Software Ltd) C:\windows\system32\Drivers\scdemu.sys
2013-06-29 02:53 - 2013-06-29 02:53 - 00000000 ____D C:\Users\Admin\AppData\Local\DTClient
2013-06-29 02:51 - 2013-06-29 03:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DAEMON Tools Ultra
2013-06-27 19:15 - 2013-06-27 19:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-06-27 19:15 - 2013-06-27 19:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-27 06:50 - 2013-07-21 00:30 - 00000000 ____D C:\Users\Admin\Documents\GTA San Andreas User Files
2013-06-27 05:20 - 2013-06-27 05:20 - 00000000 ____D C:\Users\Admin\AppData\Local\Norman Malware Cleaner
2013-06-27 05:11 - 2013-06-28 21:53 - 00000000 ____D C:\Users\Admin\Desktop\GTA SA
2013-06-27 05:11 - 2013-06-27 05:11 - 00003374 _____ C:\windows\System32\Tasks\{03646BB5-553A-4A72-9F91-4795385BD000}
2013-06-27 03:39 - 2011-06-26 01:45 - 00256000 _____ C:\windows\PEV.exe
2013-06-27 03:39 - 2010-11-07 12:20 - 00208896 _____ C:\windows\MBR.exe
2013-06-27 03:39 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-06-27 03:39 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-06-27 03:39 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-06-27 03:39 - 2000-08-30 19:00 - 00098816 _____ C:\windows\sed.exe
2013-06-27 03:39 - 2000-08-30 19:00 - 00080412 _____ C:\windows\grep.exe
2013-06-27 03:39 - 2000-08-30 19:00 - 00068096 _____ C:\windows\zip.exe
2013-06-27 03:37 - 2013-06-27 04:15 - 00000000 ____D C:\windows\erdnt
2013-06-26 07:27 - 2013-07-13 18:03 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2013-06-26 07:27 - 2013-07-13 18:03 - 00000000 __SHD C:\AI_RecycleBin
2013-06-26 02:34 - 2013-06-26 02:34 - 00003374 _____ C:\windows\System32\Tasks\{AB919553-568C-41D6-B174-BF78804F0982}
2013-06-26 01:55 - 2013-07-21 00:29 - 00000000 ____D C:\Users\Admin\Documents\Grand Theft Auto San Andreas full game MP-SP ^^nosTEAM^^
2013-06-25 04:06 - 2013-07-01 03:41 - 00000000 ____D C:\Program Files (x86)\Auslogics
 
==================== One Month Modified Files and Folders =======
 
2013-07-25 22:11 - 2009-07-13 23:45 - 00022976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 22:11 - 2009-07-13 23:45 - 00022976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 22:10 - 2013-07-25 22:10 - 01779853 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2013-07-25 22:10 - 2013-07-25 22:10 - 00000000 ____D C:\FRST
2013-07-25 22:05 - 2013-01-16 22:51 - 00000000 ___RD C:\Users\Admin\Dropbox
2013-07-25 22:05 - 2013-01-16 19:12 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2013-07-25 22:04 - 2013-07-25 08:26 - 00000112 _____ C:\windows\setupact.log
2013-07-25 22:04 - 2013-07-01 10:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2013-07-25 22:04 - 2013-01-17 02:09 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 22:04 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-25 22:03 - 2013-07-25 08:26 - 00001842 _____ C:\windows\PFRO.log
2013-07-25 18:32 - 2013-07-25 08:33 - 00093424 _____ C:\windows\WindowsUpdate.log
2013-07-25 17:49 - 2013-01-17 02:09 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 17:40 - 2013-04-03 14:20 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 17:00 - 2013-07-25 16:59 - 00007680 _____ C:\windows\IE10_main.log
2013-07-25 16:59 - 2013-06-04 18:48 - 00000000 ___HD C:\windows\msdownld.tmp
2013-07-25 16:58 - 2013-07-25 16:58 - 46592416 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\EIE10_EN-US_WOL_Win764.EXE
2013-07-25 16:58 - 2013-07-25 16:58 - 46592416 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\EIE10_EN-US_WOL_Win764 (1).EXE
2013-07-25 16:43 - 2013-03-16 00:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-07-25 16:37 - 2013-07-25 16:37 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-07-25 16:37 - 2013-07-25 16:37 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-07-25 16:37 - 2013-07-25 16:37 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-07-25 16:37 - 2013-07-25 16:37 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-25 16:37 - 2013-07-25 16:37 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-25 16:37 - 2013-03-17 21:07 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-07-25 16:37 - 2013-03-17 21:07 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25.exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (7).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (6).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (5).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (4).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (3).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (2).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00903080 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u25 (1).exe
2013-07-25 16:29 - 2013-07-25 16:29 - 00000000 ____D C:\ProgramData\McAfee
2013-07-25 16:27 - 2013-07-25 16:27 - 00002052 _____ C:\windows\epplauncher.mif
2013-07-25 16:10 - 2013-03-16 00:00 - 00000000 ____D C:\ProgramData\Skype
2013-07-25 16:09 - 2013-07-25 16:09 - 01492584 _____ (Skype Technologies S.A.) C:\Users\Admin\Downloads\SkypeSetup.exe
2013-07-25 16:09 - 2013-07-25 16:09 - 01492584 _____ (Skype Technologies S.A.) C:\Users\Admin\Downloads\SkypeSetup (1).exe
2013-07-25 13:22 - 2013-07-25 13:22 - 00170794 ____R C:\Users\Admin\Downloads\Listia Credit Hack 2013.rar
2013-07-25 13:00 - 2013-07-25 13:00 - 00011645 _____ C:\Users\Admin\Downloads\attach.txt
2013-07-25 12:43 - 2013-07-25 12:43 - 00023465 _____ C:\Users\Admin\Desktop\dds.txt
2013-07-25 12:43 - 2013-07-25 12:43 - 00011645 _____ C:\Users\Admin\Desktop\attach.txt
2013-07-25 12:39 - 2013-07-25 12:39 - 00688992 _____ (Swearware) C:\Users\Admin\Downloads\dds (3).com
2013-07-25 12:36 - 2013-07-25 12:36 - 00688992 _____ (Swearware) C:\Users\Admin\Downloads\dds (2).com
2013-07-25 12:33 - 2013-07-25 12:33 - 00688992 _____ (Swearware) C:\Users\Admin\Downloads\dds (1).com
2013-07-25 12:31 - 2013-07-25 12:31 - 00688992 ____R (Swearware) C:\Users\Admin\Desktop\dds.com
2013-07-25 12:22 - 2013-07-25 12:20 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-07-25 12:20 - 2013-07-25 12:20 - 00000894 _____ C:\Users\Admin\Downloads\cbSetup.txt
2013-07-25 12:19 - 2013-07-25 12:18 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Admin\Downloads\cbSetup.exe
2013-07-25 10:40 - 2013-06-04 17:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-25 09:35 - 2013-07-25 09:35 - 00000036 _____ C:\Users\Admin\AppData\Local\housecall.guid.cache
2013-07-25 08:58 - 2013-07-24 17:34 - 00000000 ____D C:\Users\Admin\Documents\IMG Manager V.2.0 BETA
2013-07-25 08:56 - 2013-07-25 08:56 - 00069112 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-25 08:53 - 2013-07-13 18:01 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-25 08:42 - 2013-07-25 08:42 - 00000000 ____D C:\{5A9C0D4A-CB37-3CD1-AD6C-1F06AE556847}
2013-07-25 08:38 - 2013-01-10 13:55 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-25 08:31 - 2013-01-10 13:55 - 00000000 ____D C:\Users\Admin
2013-07-25 08:27 - 2013-07-25 08:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dirty
2013-07-25 08:27 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Dirty
2013-07-25 08:26 - 2013-07-25 08:26 - 00305472 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-25 08:26 - 2013-07-25 08:26 - 00000000 _____ C:\windows\setuperr.log
2013-07-25 06:23 - 2013-06-06 22:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2013-07-25 06:10 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\rsmQHdcl
2013-07-25 06:08 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\jIphZyhD
2013-07-25 06:08 - 2013-07-01 22:52 - 00000000 ____D C:\Users\Admin\AppData\Local\CRE
2013-07-25 06:08 - 2013-01-10 13:55 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-07-25 04:57 - 2013-07-11 22:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2013-07-25 02:08 - 2013-06-19 00:39 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-24 16:09 - 2013-07-24 16:06 - 00000000 ____D C:\Users\Admin\Documents\Courage The Cowardly Dog (1999-2002)
2013-07-24 06:08 - 2013-07-24 06:02 - 00000000 ____D C:\Users\Public\Documents\GTA San Andreas User Files
2013-07-24 00:11 - 2013-07-24 00:11 - 00000000 ____D C:\Users\Admin\AppData\Local\Mato_Technologies
2013-07-23 20:57 - 2013-07-23 20:56 - 00000000 ____D C:\Users\Admin\Documents\Alci IMG Editor
2013-07-23 20:48 - 2013-01-17 14:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 20:48 - 2013-01-17 02:17 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-07-23 20:48 - 2010-05-03 00:54 - 00000000 ____D C:\ProgramData\Adobe
2013-07-23 19:23 - 2013-06-30 13:27 - 00000000 ____D C:\Program Files (x86)\IObit
2013-07-21 03:01 - 2010-05-03 00:48 - 00000000 ____D C:\Intel
2013-07-21 00:30 - 2013-06-27 06:50 - 00000000 ____D C:\Users\Admin\Documents\GTA San Andreas User Files
2013-07-21 00:29 - 2013-06-26 01:55 - 00000000 ____D C:\Users\Admin\Documents\Grand Theft Auto San Andreas full game MP-SP ^^nosTEAM^^
2013-07-21 00:13 - 2013-07-21 00:01 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Games
2013-07-20 20:58 - 2013-07-20 20:58 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-07-16 08:03 - 2013-04-07 17:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-16 07:58 - 2013-07-16 07:58 - 56127488 _____ C:\windows\system32\config\SOFTWARE.iobit
2013-07-16 07:58 - 2013-07-16 07:58 - 00770048 _____ C:\windows\system32\config\DEFAULT.iobit
2013-07-16 07:58 - 2013-07-16 07:58 - 00024576 _____ C:\windows\system32\config\SECURITY.iobit
2013-07-16 07:58 - 2013-07-16 07:58 - 00024576 _____ C:\windows\system32\config\SAM.iobit
2013-07-16 07:52 - 2009-07-14 00:13 - 00782712 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-15 23:45 - 2013-01-10 13:55 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-07-15 23:33 - 2013-06-29 04:33 - 00000000 ____D C:\Users\Admin\Documents\Bully Scholarship Edition
2013-07-15 12:11 - 2013-02-21 00:25 - 00000000 ____D C:\ProgramData\AVG
2013-07-15 11:44 - 2013-07-15 11:44 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg2013
2013-07-15 11:44 - 2013-02-21 00:16 - 00000000 ____D C:\ProgramData\MFAData
2013-07-14 13:10 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2013-07-14 07:32 - 2009-07-14 00:08 - 00032592 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-13 20:14 - 2013-07-13 20:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\LolClient
2013-07-13 18:03 - 2013-07-13 18:03 - 00000000 ____D C:\Riot Games
2013-07-13 18:03 - 2013-06-26 07:27 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2013-07-13 18:03 - 2013-06-26 07:27 - 00000000 __SHD C:\AI_RecycleBin
2013-07-13 18:01 - 2013-07-13 18:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-07-13 18:01 - 2013-07-13 18:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-07-13 18:01 - 2013-07-13 17:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Riot Games
2013-07-13 18:01 - 2013-01-16 19:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-07-13 13:49 - 2013-03-15 23:02 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 16:44 - 2013-01-17 02:09 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 16:44 - 2013-01-17 02:09 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 15:36 - 2013-07-12 15:34 - 00000000 ____D C:\Program Files (x86)\DFX
2013-07-12 15:35 - 2013-07-12 15:35 - 00000000 ____D C:\Users\Admin\AppData\Local\DFX
2013-07-12 15:35 - 2013-07-12 15:35 - 00000000 ____D C:\ProgramData\DFX
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Roaming\vlc
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\HomeGroupUser$
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\Guest\AppData\Roaming\vlc
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\Guest
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2013-07-12 15:34 - 2013-07-12 15:34 - 00000000 ____D C:\Users\Administrator
2013-07-12 14:57 - 2013-07-12 14:57 - 00002996 _____ C:\windows\System32\Tasks\{CEBE3AA6-2385-4AE1-9F01-5F933BC55734}
2013-07-12 14:57 - 2013-07-12 14:57 - 00002996 _____ C:\windows\System32\Tasks\{82CD1B7D-E810-41EE-AA53-7864F2C0D936}
2013-07-12 14:49 - 2013-07-12 14:49 - 00000000 ____D C:\ProgramData\FLEXnet
2013-07-12 11:56 - 2010-05-03 00:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-12 11:56 - 2010-05-03 00:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-11 22:23 - 2013-07-11 22:23 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-11 02:08 - 2013-01-10 15:21 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-10 12:44 - 2010-05-03 17:38 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 12:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 12:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 08:45 - 2013-07-10 08:45 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 08:45 - 2013-07-10 08:45 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 08:45 - 2013-07-10 08:45 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 08:41 - 2013-07-10 08:41 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 08:41 - 2013-07-10 08:41 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 08:41 - 2013-07-10 08:41 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-10 08:41 - 2013-07-10 08:41 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 08:23 - 2013-07-10 08:23 - 00003176 _____ C:\windows\System32\Tasks\ASC6_AutoClean
2013-07-09 13:09 - 2013-07-09 13:09 - 00149504 _____ C:\Users\Admin\Documents\bmycr.txd
2013-07-09 13:09 - 2013-07-09 13:09 - 00088064 _____ C:\Users\Admin\Documents\bmycr.dff
2013-07-05 17:28 - 2013-07-05 17:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\tor
2013-07-05 16:37 - 2013-07-05 16:37 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-07-05 16:37 - 2013-07-01 23:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-07-04 11:42 - 2013-07-04 11:42 - 00149504 _____ C:\Users\Admin\Documents\sfr2.txd
2013-07-04 11:42 - 2013-07-04 11:42 - 00098304 _____ C:\Users\Admin\Documents\sfr2.dff
2013-07-03 01:18 - 2013-07-03 00:42 - 00000000 ____D C:\Users\Admin\AppData\Local\NFS Underground 2
2013-07-02 21:20 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2013-07-02 20:13 - 2013-07-25 13:24 - 00565248 _____ C:\Users\Admin\Downloads\Listia Unlimited+.exe
2013-07-02 20:08 - 2013-07-25 13:24 - 00001169 _____ C:\Users\Admin\Downloads\README.txt
2013-07-02 11:33 - 2013-07-02 04:42 - 00000000 ____D C:\Users\Admin\Documents\NFS Most Wanted
2013-07-02 04:45 - 2013-07-02 04:45 - 00001973 _____ C:\Users\Admin\Desktop\Play.lnk
2013-07-02 04:42 - 2013-07-02 04:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NFS Most Wanted
2013-07-02 04:42 - 2013-07-02 04:38 - 00000000 ____D C:\Program Files (x86)\NFS Most Wanted
2013-07-02 04:41 - 2013-06-30 13:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\IObit
2013-07-02 01:59 - 2013-07-02 00:35 - 00000000 ____D C:\Users\Admin\AppData\Local\SecondLife
2013-07-02 00:44 - 2013-07-02 00:44 - 00015942 _____ C:\windows\system32\results.xml
2013-07-02 00:37 - 2013-07-02 00:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\SecondLife
2013-07-02 00:03 - 2013-06-30 13:27 - 00000000 ____D C:\ProgramData\IObit
2013-07-01 23:37 - 2013-07-01 22:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Conduit
2013-07-01 23:14 - 2013-07-01 23:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 23:12 - 2013-07-01 23:11 - 00000009 _____ C:\END
2013-07-01 22:52 - 2013-07-01 22:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2013-07-01 07:30 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-07-01 06:09 - 2013-07-01 06:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\OpenOffice.org
2013-07-01 06:08 - 2013-07-01 06:08 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-01 06:06 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-01 05:58 - 2013-01-23 00:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\SoftGrid Client
2013-07-01 05:33 - 2013-07-01 05:33 - 00000000 ____D C:\windows\SysWOW64\directx
2013-07-01 05:29 - 2013-01-23 00:37 - 00774958 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-07-01 03:41 - 2013-06-25 04:06 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-30 23:06 - 2013-06-30 23:06 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2013-06-30 23:06 - 2013-06-30 23:06 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2013-06-30 23:06 - 2013-06-30 23:06 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2013-06-30 23:06 - 2013-06-30 23:06 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2013-06-30 23:06 - 2013-06-30 23:06 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2013-06-30 23:06 - 2013-06-30 23:06 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2013-06-30 23:06 - 2013-06-30 23:06 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-30 23:06 - 2013-06-30 23:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-30 23:05 - 2013-06-30 23:05 - 01448448 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-06-30 23:05 - 2013-06-30 23:05 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00154480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-06-30 23:05 - 2013-06-30 23:05 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-06-30 23:05 - 2013-06-30 23:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-06-30 13:47 - 2013-06-04 13:02 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ProduKey
2013-06-30 13:28 - 2013-06-04 15:36 - 00000000 ____D C:\Program Files\CCleaner
2013-06-30 13:27 - 2013-06-30 13:27 - 00001260 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-06-30 13:27 - 2013-06-30 13:27 - 00001221 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-06-30 13:27 - 2013-06-30 13:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-06-29 21:10 - 2013-06-29 21:10 - 00003088 _____ C:\windows\System32\Tasks\{F51A96E6-634C-44D9-AC1A-4F1F3DF38CE9}
2013-06-29 20:50 - 2013-06-29 20:49 - 00000000 ____D C:\Program Files (x86)\SA
2013-06-29 06:15 - 2013-06-29 06:15 - 00001280 _____ C:\Users\Admin\Desktop\Bully.lnk
2013-06-29 04:23 - 2013-06-29 04:23 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-06-29 03:33 - 2013-06-29 03:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PowerISO
2013-06-29 03:32 - 2013-06-29 03:32 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-06-29 03:06 - 2013-06-29 02:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DAEMON Tools Ultra
2013-06-29 02:53 - 2013-06-29 02:53 - 00000000 ____D C:\Users\Admin\AppData\Local\DTClient
2013-06-28 21:53 - 2013-06-27 05:11 - 00000000 ____D C:\Users\Admin\Desktop\GTA SA
2013-06-27 19:15 - 2013-06-27 19:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-06-27 19:15 - 2013-06-27 19:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-27 05:20 - 2013-06-27 05:20 - 00000000 ____D C:\Users\Admin\AppData\Local\Norman Malware Cleaner
2013-06-27 05:11 - 2013-06-27 05:11 - 00003374 _____ C:\windows\System32\Tasks\{03646BB5-553A-4A72-9F91-4795385BD000}
2013-06-27 04:21 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-06-27 04:15 - 2013-06-27 03:37 - 00000000 ____D C:\windows\erdnt
2013-06-27 03:59 - 2009-07-13 21:34 - 00000215 _____ C:\windows\system.ini
2013-06-26 02:34 - 2013-06-26 02:34 - 00003374 _____ C:\windows\System32\Tasks\{AB919553-568C-41D6-B174-BF78804F0982}
2013-06-25 04:16 - 2013-06-04 15:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Auslogics
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-24 20:58
 
==================== End Of Log ============================

 

 

 

 

 

Addition.txt-

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2013

Ran by Admin at 2013-07-25 22:12:34
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
µTorrent (x32 Version: 3.3.0.29677)
7-Zip 9.20 (x32)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Advanced SystemCare 6 (x32 Version: 6.3)
Auslogics BoostSpeed (x32 Version: 5.5)
BatteryLifeExtender (x32 Version: 1.0.1)
Bully Scholarship Edition (x32 Version: 1.00.0154)
Canon MG3100 series MP Drivers
ChargeableUSB (x32 Version: 1.0.0.0)
Cobian Backup 11 Gravity (x32)
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.3226)
CyberLink LabelPrint (x32 Version: 2.5.2511)
CyberLink Power2Go (x32 Version: 6.0.3604b)
CyberLink PowerDirector (x32 Version: 7.0.3904)
CyberLink PowerDVD 8 (x32 Version: 8.0.3228f)
CyberLink PowerProducer (x32 Version: 5.0.2.2429)
CyberLink YouCam (x32 Version: 2.0.3911)
DFX (x32 Version: 11.111.0.0)
Dropbox (HKCU Version: 2.0.22)
eaner (Version: 4.03)
Easy Display Manager (x32 Version: 3.2)
Easy Network Manager (x32 Version: 4.2.8)
EasyBatteryManager (x32 Version: 4.0.0.3)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
Intel PROSet Wireless
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Processor Graphics (x32 Version: 8.15.10.2827)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.0000)
Intel® Rapid Storage Technology (x32 Version: 9.5.4.1001)
Intel® Wireless Display (Version: 1.2.14.0)
IObit Malware Fighter (x32 Version: 2.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8089.726)
League of Legends (x32 Version: 3.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 1.0.0.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 14.0.1468.721)
Need for Speed Most Wanted (black edition) (x32 Version: 1.3)
NirSoft ProduKey (x32)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PowerISO (x32 Version: 5.6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6003)
Revo Uninstaller 1.94 (x32 Version: 1.94)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung Support Center (x32 Version: 1.1.3)
Samsung Update Plus (x32 Version: 2.0)
Skype™ 6.6 (x32 Version: 6.6.106)
Smart Defrag 2 (x32 Version: 2.8)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
User Guide (x32 Version: 1.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
 
==================== Restore Points  =========================
 
25-07-2013 13:51:29 Revo Uninstaller's restore point - Pando Media Booster
25-07-2013 13:52:31 Revo Uninstaller's restore point - Pando Media Booster
25-07-2013 13:53:44 Revo Uninstaller's restore point - IMVU Avatar Chat Software
25-07-2013 14:01:01 Revo Uninstaller's restore point - SafeSaver 1.74
25-07-2013 21:26:34 Windows Update
25-07-2013 21:33:54 Removed Java 7 Update 25
25-07-2013 21:37:10 Installed Java 7 Update 25
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2013-06-27 03:58 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0A44B892-D808-47D0-97BD-63F6D7F27A52} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe No File
Task: {20840E00-C251-4284-8821-69693C0BA0C5} - System32\Tasks\{82CD1B7D-E810-41EE-AA53-7864F2C0D936} => C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe No File
Task: {2B149C58-46CF-4E75-9303-BFD6579521CD} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {31BC9220-6F44-4FB6-9A9F-64E1360D9DDE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {33D2B723-901B-4388-92E0-35C4F9259740} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {3AC22EAD-A446-402B-A672-C013CD6021D4} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-13] (Samsung Electronics Co., Ltd.)
Task: {46D04599-033F-45B4-850A-93D40D66CB75} - System32\Tasks\{059F88A7-FC74-4E27-AC97-2F542538A3EA} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-07-12] (Google Inc.)
Task: {5892B29E-7961-4DAB-9643-7BFD385C41F8} - System32\Tasks\EasyBatteryManager => %ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe No File
Task: {641190D6-FA60-4553-84EE-D23D6C41E201} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe No File
Task: {78A447D7-868C-42EB-9AE8-CCA78A2790CE} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe No File
Task: {7F4086B0-86C5-4E48-8EBE-54D4DD22E50C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {84EEE094-BCC6-4A0E-9CF8-7F3F5E1B8A35} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {87D8EE4F-7CF7-49BE-8C9F-6ACB14DC6DD4} - System32\Tasks\{CEBE3AA6-2385-4AE1-9F01-5F933BC55734} => C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe No File
Task: {935B0016-C7EB-4D34-9EAD-ABC0D2201B1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {AE37D3DD-D8C3-4D30-AB23-AF6B39836DC5} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-18] (SEC)
Task: {B363571B-0AFD-49EE-8473-28ECA64D7EE7} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-18] (Samsung Electronics. Co. Ltd.)
Task: {D8A72A09-7496-4467-B070-96BD15B71BDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {E5BAF767-AA9C-4C96-B975-AB44D0246984} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {E834CDBB-D0F2-4BB7-A5F3-9508ED71FE65} - System32\Tasks\ASC6_AutoClean => C:\Program Files (x86)\IObit\Advanced SystemCare 6\AutoSweep.exe [2013-06-18] (IObit)
Task: {FF672A88-1597-49CB-BDFC-4CE31C2426F8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/25/2013 04:34:22 PM) (Source: MsiInstaller) (User: Samsung)
Description: Product: Java 7 Update 25 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Error: (07/25/2013 04:27:50 PM) (Source: Microsoft Security Client Setup) (User: Samsung)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.
 
Error: (07/25/2013 04:02:59 PM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 6.6.0.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 23c8
 
Start Time: 01ce897a16a3bcd2
 
Termination Time: 10
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id:
 
Error: (07/25/2013 04:02:31 PM) (Source: Application Hang) (User: )
Description: The program Au_.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9d4
 
Start Time: 01ce893e666104cb
 
Termination Time: 4
 
Application Path: C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
 
Report Id:
 
Error: (07/25/2013 01:47:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: gta_sa.exe, version: 0.0.0.0, time stamp: 0x427101ca
Faulting module name: gta_sa.exe, version: 0.0.0.0, time stamp: 0x427101ca
Exception code: 0xc0000005
Fault offset: 0x000dd5a3
Faulting process id: 0x2884
Faulting application start time: 0xgta_sa.exe0
Faulting application path: gta_sa.exe1
Faulting module path: gta_sa.exe2
Report Id: gta_sa.exe3
 
Error: (07/25/2013 10:09:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/25/2013 10:09:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/25/2013 08:27:13 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/25/2013 08:27:13 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/25/2013 08:27:13 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (07/25/2013 10:04:56 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (07/25/2013 08:27:46 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (07/25/2013 08:27:15 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/25/2013 08:27:13 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (07/25/2013 07:30:42 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (07/25/2013 07:28:41 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (07/25/2013 07:26:20 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (07/25/2013 07:24:19 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (07/25/2013 07:21:58 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (07/25/2013 07:02:52 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
 
Microsoft Office Sessions:
=========================
Error: (07/25/2013 04:34:22 PM) (Source: MsiInstaller)(User: Samsung)
Description: Product: Java 7 Update 25 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/25/2013 04:27:50 PM) (Source: Microsoft Security Client Setup)(User: Samsung)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.
 
Error: (07/25/2013 04:02:59 PM) (Source: Application Hang)(User: )
Description: Skype.exe6.6.0.10623c801ce897a16a3bcd210C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Error: (07/25/2013 04:02:31 PM) (Source: Application Hang)(User: )
Description: Au_.exe0.0.0.09d401ce893e666104cb4C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
 
Error: (07/25/2013 01:47:31 PM) (Source: Application Error)(User: )
Description: gta_sa.exe0.0.0.0427101cagta_sa.exe0.0.0.0427101cac0000005000dd5a3288401ce8967606e9b0eC:\Users\Admin\Desktop\GTA SA\gta_sa.exeC:\Users\Admin\Desktop\GTA SA\gta_sa.exea918f03a-f55a-11e2-876e-002454a37041
 
Error: (07/25/2013 10:09:11 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (07/25/2013 10:09:11 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (07/25/2013 08:27:13 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (07/25/2013 08:27:13 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/25/2013 08:27:13 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-27 03:50:52.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-27 03:50:52.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 7988.54 MB
Available physical RAM: 5865.07 MB
Total Pagefile: 15975.27 MB
Available Pagefile: 13598.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100 GB) (Free:19.06 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:350.66 GB) (Free:114.92 GB) NTFS (Disk=0 Partition=4)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 376EA6A7)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=351 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

 

 

 

CKfiles-

 

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\riot games\league of legends\rads\projects\lol_game_client\filearchives\0.0.0.166\data\particles\morgana_skin06_w_groundcracks_tar.dds
c:\riot games\league of legends\rads\projects\lol_game_client\filearchives\0.0.0.166\data\particles\morgana_skin06_w_groundcracks_tar_mult.dds
c:\users\admin\desktop\gta sa\data\decision\craig\crack1.ped
scanner sequence 3.CP.11.DELBWS
 ----- EOF ----- 


#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:36 PM

Posted 25 July 2013 - 11:22 PM

AnarchistRebel,

 

There is plenty of evidence of the Ransomware.DirtyDecrypt on the computer.

 

However, before we proceed, can you explain the entries below? Are these cracks, or legal?

CKfiles-
 
CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\riot games\league of legends\rads\projects\lol_game_client\filearchives\0.0.0.166\data\particles\morgana_skin06_w_groundcracks_tar.dds
c:\riot games\league of legends\rads\projects\lol_game_client\filearchives\0.0.0.166\data\particles\morgana_skin06_w_groundcracks_tar_mult.dds
c:\users\admin\desktop\gta sa\data\decision\craig\crack1.ped
scanner sequence 3.CP.11.DELBWS
 ----- EOF -----


Not a gamer, so will give you the benefit of the doubt.

This forum, as well as other reputable malware removal forums, do not support the use of illegal software, otherwise construed as aiding and abetting theft.

 

If the entries above are illegal, and you wish to receive help, you must remove all cracked software from the computer.


Old duck...


#9 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 July 2013 - 11:34 PM

Aaflac,

 

Leagues of Legend is a popular game.  It is free and comes with it's own installations and files.



#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:36 PM

Posted 26 July 2013 - 01:13 AM

:step1:  Please do the following...
 
Open Notepad (Start > All Programs > Accessories > Notepad)
 
Copy/paste all the contents inside the quote box below to Notepad (do not copy the word 'Quote').
Save it on the Desktop as: fixlist.txt

start
() C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe
() C:\Users\Admin\AppData\Local\Temp\uZuUPWBW.exe
HKCU\...\Run: [gbEdoFIS] - C:\Users\Admin\AppData\Local\CRE\WpaDxlHl.exe [274080 2013-07-25] ()
HKCU\...\Run: [DirtyDecrypt] - C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe [24576 2013-07-25] ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YrHXGxkN.exe ()
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
2013-07-25 08:27 - 2013-07-25 08:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dirty
2013-07-25 06:08 - 2013-07-25 08:27 - 00000000 ____D C:\Users\Admin\AppData\Local\Dirty
2013-07-25 06:08 - 2013-07-25 06:10 - 00000000 ____D C:\Users\Admin\AppData\Local\rsmQHdcl
2013-07-25 06:08 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\jIphZyhD
2013-07-25 08:27 - 2013-07-25 08:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dirty
2013-07-25 08:27 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Dirty
2013-07-25 06:10 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\rsmQHdcl
2013-07-25 06:08 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\jIphZyhD
end

  

:step2:  Next, download AdwCleaner:
http://www.bleepingcomputer.com/download/adwcleaner/
 


  • Save the program to the Desktop

  • Close all open programs and internet browsers.

  • Right-click on adwcleaner.exe and select: Run As Administrator

  • At the program console, click on: Delete

  • When the program is done, the computer is rebooted automatically, and a text file opens after the restart.

 
Please post the AdwCleaner report in your reply. <<<---



:step3:  Also use the Junkware Removal Tool Download
Save to the Desktop.
 
Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications.
These programs may interfere with the running of JRT.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides
 
Right-click JRT.exe and select: Run as Administrator
The tool opens and starts scanning the system. Please be patient as this can take a while...
 
When done, a report, JRT.txt is saved on the Desktop.
Please post the contents of JRT.txt in your reply.
 
 
 
:step4:  Now, Download RogueKiller (Official website)
Select the version that applies to the system.
Save to the Desktop.

Close all windows and browsers.
Right-click and select: Run as Administrator

At the program console, wait for the pre-scan to finish. (Under Status, it says: Pre-scan finished.)

Press: SCAN

When done, a report opens on the Desktop: RKreport.txt
Please provide the
RKreport.txt (Mode: Scan) in your reply

 

 
:step5:  Last, let’s check the system's Security status with the following...

Download
Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt

Please post the
checkup.txt in your reply.

(Please do not take any corrective actions!)

 
 

 :step6:  When done with the programs above, please post all five (5) reports. Thanks!


Edited by Aaflac, 26 July 2013 - 01:23 AM.

Old duck...


#11 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 26 July 2013 - 03:06 AM

AdwCleaner-

 

# AdwCleaner v2.306 - Logfile created 07/26/2013 at 02:02:32
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Admin - SAMSUNG
# Boot Mode : Normal
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\END
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Admin\AppData\Local\Conduit
Folder Deleted : C:\Users\Admin\AppData\Local\PackageAware
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Conduit
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.2526] : homepage = "hxxp://search.conduit.com/?ctid=CT3298572&SearchSource=48&CUI=UN19551619028420692&UM[...]
 
*************************
 
AdwCleaner[S1].txt - [5026 octets] - [26/07/2013 02:02:32]
 
########## EOF - C:\AdwCleaner[S1].txt - [5086 octets] ##########
 

 

JRT.txt-

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.3 (07.25.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on Fri 07/26/2013 at  2:25:34.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/26/2013 at  2:40:41.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

RKreport.txt-

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Remove -- Date : 07/26/2013 02:52:00
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] DirtyDecrypt.exe -- C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe [-] -> KILLED [TermProc]
[SUSP PATH] WpaDxlHl.exe -- C:\Users\Admin\AppData\Local\CRE\WpaDxlHl.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : gbEdoFIS (C:\Users\Admin\AppData\Local\CRE\WpaDxlHl.exe [-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : DirtyDecrypt ("C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe" /hide [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2950786308-227742302-1544317472-1000\[...]\Run : gbEdoFIS (C:\Users\Admin\AppData\Local\CRE\WpaDxlHl.exe [-]) -> [0x2] The system cannot find the file specified. 
[RUN][SUSP PATH] HKUS\S-1-5-21-2950786308-227742302-1544317472-1000\[...]\Run : DirtyDecrypt ("C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe" /hide [-]) -> [0x2] The system cannot find the file specified. 
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HM500JI +++++
--- User ---
[MBR] 03e127c47f8129e4524a62db98c612aa
[BSP] 5cff86a29a20124a1a9450fc6f20b9a6 : KIWI Image system MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 102400 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 241379328 | Size: 359077 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_07262013_025200.txt >>
RKreport[0]_S_07262013_024830.txt
 
 
Security Check automatically had an error when I typed a key to start:
 
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
 
That shows in the "checkup".
The scanner says this: "UNSUPPORTED OPERATING SYSTEMS!  Aborting now!"
 
There were only 4 scanners you sent me, and one didn't work.  I'm not sure what to do with the file you had me create, it's not doing anything.
 

 

 

 

 



#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:36 PM

Posted 26 July 2013 - 03:15 PM

I'm not sure what to do with the file you had me create, it's not doing anything.

 

 

My apology on the above. Was having problems posting last night, and did not see that part of he post was gone.

 

Please do the following...

 
FRST is running from C:\Users\Admin\Downloads. It needs to be on the Desktop for this process to work!!!
Please move!

 

Next, open Notepad (Start > All Programs > Accessories > Notepad)

 

Copy/paste all the contents inside the quote box below to Notepad (do not copy the word 'Quote').

Save it on the Desktop as: fixlist.txt

 

start
() C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe
() C:\Users\Admin\AppData\Local\Temp\uZuUPWBW.exe
HKCU\...\Run: [gbEdoFIS] - C:\Users\Admin\AppData\Local\CRE\WpaDxlHl.exe [274080 2013-07-25] ()
HKCU\...\Run: [DirtyDecrypt] - C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe [24576 2013-07-25] ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YrHXGxkN.exe ()
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
2013-07-25 08:27 - 2013-07-25 08:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dirty
2013-07-25 06:08 - 2013-07-25 08:27 - 00000000 ____D C:\Users\Admin\AppData\Local\Dirty
2013-07-25 06:08 - 2013-07-25 06:10 - 00000000 ____D C:\Users\Admin\AppData\Local\rsmQHdcl
2013-07-25 06:08 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\jIphZyhD
2013-07-25 08:27 - 2013-07-25 08:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dirty
2013-07-25 08:27 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Dirty
2013-07-25 06:10 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\rsmQHdcl
2013-07-25 06:08 - 2013-07-25 06:08 - 00000000 ____D C:\Users\Admin\AppData\Local\jIphZyhD
end

 

WARNING: This script is written specifically for AnarchistRebel, for use on this particular computer. Running the script on another computer may cause damage to the Operating System!!

 

Run FRST again, but this time press the Fix button just once, and wait.
 

When done, the tool makes a log on the Desktop.

This time it is called: Fixlog.txt

Please post Fixlog.txt in your reply.  Thanks!

 

(Note: The other programs may have taken care of most of these entries, but, it will not hurt anything to run FRST again with the above.)


Old duck...


#13 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 26 July 2013 - 05:38 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2013 01
Ran by Admin at 2013-07-26 17:36:12 Run:1
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==============================================
 
C:\Users\Admin\AppData\Roaming\Dirty\DirtyDecrypt.exe => No running process found
C:\Users\Admin\AppData\Local\Temp\uZuUPWBW.exe => No running process found
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\gbEdoFIS => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DirtyDecrypt => Value not found.
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YrHXGxkN.exe not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Users\Admin\AppData\Roaming\Dirty => Moved successfully.
C:\Users\Admin\AppData\Local\Dirty => Moved successfully.
C:\Users\Admin\AppData\Local\rsmQHdcl => Moved successfully.
C:\Users\Admin\AppData\Local\jIphZyhD => Moved successfully.
"C:\Users\Admin\AppData\Roaming\Dirty" => File/Directory not found.
"C:\Users\Admin\AppData\Local\Dirty" => File/Directory not found.
"C:\Users\Admin\AppData\Local\rsmQHdcl" => File/Directory not found.
"C:\Users\Admin\AppData\Local\jIphZyhD" => File/Directory not found.
 
==== End of Fixlog ====


#14 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 26 July 2013 - 05:40 PM

I deleted the YrHXGxkN.exe earlier when I seen it again.



#15 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 26 July 2013 - 05:42 PM

I followed a manual last night to fix Internet Explorer, and it was fixed and it worked, but I think I accidentally deleted it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users