Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus and possible other viruses


  • This topic is locked This topic is locked
21 replies to this topic

#1 noobpc

noobpc

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 04 August 2013 - 12:07 AM

I started having a problem with google in which I would search and when I clicked the link, it would redirect me to another site every time.

 

 

I ran tdsskiller which found nothing. I ran spybot which found a few things and I deleted them. Then I ran malwarebytes and It found 2 viruses which I deleted. After that, when I do a search, and click on a link or open a new tab from google, it goes through most of the time. Sometimes, it doesn't and redirects me again and sometimes a random site pops up ( I know it's a virus because the site I go to has no pop ups)

 

Another thing is that after deleting the virus with malwarebytes, I would notice that on a second scan, it would appear again. Also, I notice a weird start up item on msconfig, I have already disabled it. I noticed because at start up, i would get a message saying that rundll32.exe has stopped working, so I decided to check msconfig and found that weird entry.

 

I also tried system restore and now I can't even do a system restore. I get a message saying that it did not complete succesfully. and it has details saying the following: System Restore failed to replace the file (C: \Program Files\Windows Defender \en-US) with its original copy from the restore point. An unspecefied error ocurred during System Restore. (0x80070091)

 

At this point, I had a hunch that if something was wrong with windows defender then maybe windows firewall had a problem too. I went to check and I was right, I can't do anything after opening windows firewall. It says I can't change some of my settings and I can't even turn it on

 

Even when i run sfc /scannow it stops at 58%, it didn't happen before.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 1.6.0_31
Run by Rafael at 20:13:50 on 2013-08-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.1875 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
"C:\Windows\SysWOW64\svchost.exe" -k RPCSSNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uSearch Bar = Preserve
uProxyServer = hxxp=127.0.0.1:58263
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [vpuig] "C:\Windows\System32\rundll32.exe" "C:\Users\Rafael\AppData\Roaming\vpuig.dll",AppendInittab
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{899206E0-F5AC-4A1F-9852-DE6C78795AF7} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{899206E0-F5AC-4A1F-9852-DE6C78795AF7}\05240575946494 : DHCPNameServer = 101.229.105.1
TCP: Interfaces\{899206E0-F5AC-4A1F-9852-DE6C78795AF7}\14 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{899206E0-F5AC-4A1F-9852-DE6C78795AF7}\2456C6B696E6F574F575962756C6563737F5245463145393 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{899206E0-F5AC-4A1F-9852-DE6C78795AF7}\2796175756C6D656 : DHCPNameServer = 10.101.1.1
TCP: Interfaces\{899206E0-F5AC-4A1F-9852-DE6C78795AF7}\94E6475627E6564743 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{899206E0-F5AC-4A1F-9852-DE6C78795AF7}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tnsd84ec.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-08-03 22:52; {26b94ebf-fc74-11e2-8277-b8ac6f996f26}; C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tnsd84ec.default\extensions\{26b94ebf-fc74-11e2-8277-b8ac6f996f26}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-2-8 402992]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-2-8 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-2-8 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSviA64.sys [2010-2-27 466992]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-8-23 89600]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-2-8 117640]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-9 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008000.029\symndisv.sys [2010-2-8 56880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-10 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-23 35104]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-8-23 7058432]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-23 216576]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-23 233472]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-3 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-30 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-08-04 03:14:33    74136    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-08-04 03:14:33    263576    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-04 03:14:31    770384    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2013-08-04 03:14:31    421200    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2013-08-04 03:14:29    92056    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-08-04 03:14:29    26520    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-08-04 03:14:29    170232    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-08-03 19:37:41    450560    ----a-w-    C:\Users\Rafael\AppData\Roaming\dlsri.dll
2013-08-03 19:37:36    712704    ----a-w-    C:\Users\Rafael\AppData\Roaming\vpuig.dll
2013-08-03 19:36:34    --------    d-----w-    C:\Users\Rafael\AppData\Local\Google
2013-07-13 04:48:45    --------    d-----w-    C:\ProgramData\EPSON
2013-07-13 04:46:24    --------    d-----w-    C:\EPSONREG
2013-07-13 04:35:02    22784    ----a-w-    C:\Windows\SysWow64\drivers\afc.sys
2013-07-13 04:35:00    258352    ----a-w-    C:\Windows\SysWow64\unicows.dll
2013-07-13 04:35:00    212480    ----a-w-    C:\Windows\PCDLIB32.DLL
2013-07-13 04:34:56    126976    ----a-w-    C:\Windows\SysWow64\PhotoImpression Slideshow.scr
2013-07-13 04:34:42    --------    d-----w-    C:\Windows\SysWow64\PhotoImpression Slideshow
2013-07-13 04:26:23    --------    d-----w-    C:\Program Files\EPSON
2013-07-11 07:16:07    --------    d-----w-    C:\ProgramData\8ed1d9d8-04e1-0000-8fc1-00004c19e4c4
.
==================== Find3M  ====================
.
2013-08-04 04:36:17    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-04 04:36:17    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-21 19:34:17    328192    ----a-w-    C:\Windows\System32\services.exe
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-22 00:59:20    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-21 14:28:16    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-05-21 14:28:16    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 20:18:18.47 ===============
 

Attached Files


Edited by noobpc, 04 August 2013 - 07:26 PM.


BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 05 August 2013 - 09:55 AM

Hi there,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 noobpc

noobpc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 05 August 2013 - 01:17 PM

I wanted to let you know that after this scan, like 30 minutes, i got a blue screen. Then I turned it back on and after a while my screen was dark with nothing to do. So I rebooted again and this time I see a Homegroup icon on my desktop that was not there before.

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-05 13:47:05
-----------------------------
13:47:05.174    OS Version: Windows x64 6.1.7601 Service Pack 1
13:47:05.174    Number of processors: 2 586 0x170A
13:47:05.175    ComputerName: LAPTOP-PC  UserName: Rafael
13:47:06.793    Initialize success
13:51:55.287    AVAST engine defs: 13080501
14:08:29.256    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:08:29.260    Disk 0 Vendor: WDC_WD3200BEKT-60F3T1 12.01A12 Size: 305245MB BusType: 11
14:08:29.349    Disk 0 MBR read successfully
14:08:29.353    Disk 0 MBR scan
14:08:29.361    Disk 0 unknown MBR code
14:08:29.386    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
14:08:29.491    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       292017 MB offset 409600
14:08:29.543    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13027 MB offset 598460416
14:08:29.684    Disk 0 scanning C:\Windows\system32\drivers
14:08:43.103    Service scanning
14:09:06.481    Service ?etadpug C:\Program Files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\   **HIDDEN**
14:09:06.991    Modules scanning
14:09:06.999    Disk 0 trace - called modules:
14:09:07.010    
14:09:08.255    AVAST engine scan C:\Windows
14:09:11.025    AVAST engine scan C:\Windows\system32
14:11:10.923    File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
14:11:13.053    File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
14:13:18.010    AVAST engine scan C:\Windows\system32\drivers
14:13:33.299    AVAST engine scan C:\Users\Rafael
14:13:35.899    File: C:\Users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\???\???\???\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\00000004.@  **INFECTED** Win32:Malware-gen
14:13:36.129    File: C:\Users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\???\???\???\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\000000cb.@  **INFECTED** Win32:Malware-gen
14:13:36.179    File: C:\Users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\???\???\???\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\80000000.@  **INFECTED** Win32:Trojan-gen
14:13:36.259    File: C:\Users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\???\???\???\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\80000032.@  **INFECTED** Win32:Sirefef-BTN [Trj]
14:13:36.349    File: C:\Users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\???\???\???\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\80000064.@  **INFECTED** Win32:Sirefef-BTN [Trj]
14:15:48.324    Disk 0 MBR has been saved successfully to "C:\Users\Rafael\Desktop\MBR.dat"
14:15:48.334    The log file has been saved successfully to "C:\Users\Rafael\Desktop\aswMBR.txt"
 

Attached Files

  • Attached File  MBR.zip   522bytes   0 downloads

Edited by noobpc, 05 August 2013 - 01:59 PM.


#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 05 August 2013 - 10:14 PM

Thanks for the feedback.

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 09 August 2013 - 01:48 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 09 August 2013 - 09:47 PM

Topic reopened.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 noobpc

noobpc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 11 August 2013 - 11:07 PM

So after running aswMBR, the redirecting had seem to stop for the most part. Now with combofix, when the installation started, i had a problem in which it would get stuck installing output folder, so i had to use task manager to close it. I tried again and was getting an error about a missing file. So, then I restarted windows and tried again. It got stuck in the same place. This time I let it run and it went through but it took a while. Then the blue screen popped up as normal, it checked. and it hanged at a message saying "windows rebooting..." but after a while it rebooted and so far I don't see any redirecting problems.

 

However, when i start windows I get to error messages popping up. they are RunDLL and one says "There was a problem starting. C:\Users...\Roaming\vpuig.dll. The specified module could not be found" the other says the same thing but it changes to dlsri.dll instead of vpuig.dll. I went to msconfig and saw that those two are listed as startup items

 

I still haven't tried to see if sfc /scannow still hangs before 100%. I am waiting for instructions.

 

ComboFix 13-08-11.02 - Rafael 08/11/2013  17:02:30.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.1854 [GMT -4:00]
Running from: c:\users\Rafael\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20110823180050_panpan001823jiaobiaozhuliua.swf
c:\favoritevideo\InvisibleFolder\20110823180238_panpan110823ajiaobiaozhuliu2.swf
c:\favoritevideo\InvisibleFolder\20110823180417_panpan110823ajiaobiaozhuliu3.swf
c:\favoritevideo\InvisibleFolder\20110823180559_panpan110823ajiaobiaozhuliu4.swf
c:\favoritevideo\InvisibleFolder\20110908212259_dongfengrichan110909zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110908212509_dongfengrichan110908cha15s.swf
c:\favoritevideo\InvisibleFolder\20110915235058_shengshisanguod110916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110922181923_anerle110923jiaobiaozhuliu.swf
c:\favoritevideo\InvisibleFolder\20110923163258_pingan110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110923163718_pingan110923zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110930151327_vasmoren110930zanting.jpg
c:\favoritevideo\InvisibleFolder\20111009225042_sucaicyouhuoban111009zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111010181114_pptvmoren111010zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111013151458_huashuoxuanguwang111014chabo.gif
c:\favoritevideo\InvisibleFolder\20111014183008_yiqizaixian111014zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111014232909_pptvmoren111010zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111017183708_alibaba111017zanting.swf
c:\favoritevideo\InvisibleFolder\20111024104653_renbaochexian111024zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111024104742_renbaochexian111024zanting.swf
c:\favoritevideo\InvisibleFolder\20111024104856_renbaochexian111024chabo.swf
c:\favoritevideo\InvisibleFolder\20111024110623_yihaodian111024zanting.swf
c:\favoritevideo\InvisibleFolder\20111024110821_yihaodian111024cha15s.swf
c:\favoritevideo\InvisibleFolder\20111024111014_yihaodian111024zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111025133535_tgcshengdian111025zanting.swf
c:\favoritevideo\InvisibleFolder\20111025180920_guangyuwendao111025zanting.swf
c:\favoritevideo\InvisibleFolder\20111025205649_zhenqiao111025zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111025210044_zhenqiao111026zanting.swf
c:\favoritevideo\InvisibleFolder\20111025210241_zhenqiao111026jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20111028104011_shengshisanguo4f111029chabo.swf
c:\favoritevideo\InvisibleFolder\20111028160653_tongyiucaia111029zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111028165313_wopaiwang111028zanting.swf
c:\favoritevideo\InvisibleFolder\20111031163905_tongyisucaia111101zanting.swf
c:\favoritevideo\InvisibleFolder\20111031173039_zhongliang111101cha15s.jpg
c:\favoritevideo\InvisibleFolder\20111031173254_zhongliang111101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111031173632_zhongliang111101zanting.swf
c:\favoritevideo\InvisibleFolder\20111102110240_tongyisucaib111102zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111102210616_guangqibentian111102zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111103143912_sanxing111104zanting.swf
c:\favoritevideo\InvisibleFolder\20111103144633_xianjinghuanxiang111104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111103144729_luyou111105cha15s.swf
c:\favoritevideo\InvisibleFolder\20111103144813_xianjinghuanxiang111104zanting.swf
c:\favoritevideo\InvisibleFolder\20111103145108_xianjinghuanxiang111104chabo.swf
c:\favoritevideo\InvisibleFolder\20111103150013_luyou111105zanting15s.swf
c:\favoritevideo\InvisibleFolder\20111103161825_zhongqingbao111105zanting.swf
c:\favoritevideo\InvisibleFolder\20111103162518_taobao111104chabo.swf
c:\favoritevideo\InvisibleFolder\20111103162557_taobao111104houtie.swf
c:\favoritevideo\InvisibleFolder\20111103162648_taobao111104zanting.swf
c:\favoritevideo\InvisibleFolder\20111104164431_jiapinwang111104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111104164809_jiapingwang111104zanting.swf
c:\favoritevideo\InvisibleFolder\20111104165022_jiapinwang111104cha15s.swf
c:\favoritevideo\InvisibleFolder\externtab(3.1.0.0).zip
c:\favoritevideo\InvisibleFolder\logclient.dll
c:\favoritevideo\InvisibleFolder\pplss2.swf
c:\favoritevideo\InvisibleFolder\sop.dll
c:\favoritevideo\InvisibleFolder\tipsclient.dll
c:\favoritevideo\InvisibleFolder\tipsdone.dll
c:\favoritevideo\InvisibleFolder\tipsstatistic.dll
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\00000004.@
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\201d3dde
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\6715e287
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\76603ac3
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\00000004.@
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\00000008.@
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\000000cb.@
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\80000000.@
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\80000032.@
c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\9519~1\A535~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\80000064.@
c:\program files (x86)\Mozilla Firefox\plugins\npuuseep.dll
c:\programdata\23lldnur.pad
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\users\Rafael\AppData\Local\Google\Desktop\Install
c:\users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\2E2F~1\28F0~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@
c:\users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\2E2F~1\28F0~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\00000004.@
c:\users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\2E2F~1\28F0~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\00000004.@
c:\users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\2E2F~1\28F0~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\00000008.@
c:\users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\2E2F~1\28F0~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\000000cb.@
c:\users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\2E2F~1\28F0~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\80000000.@
c:\users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\2E2F~1\28F0~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\80000032.@
c:\users\Rafael\AppData\Local\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\2E2F~1\28F0~1\E628~1\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\80000064.@
c:\users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{76018B3F-3223-47B9-A506-10C2CC65B772}.xps
c:\users\Rafael\AppData\Roaming\.#
c:\users\Rafael\AppData\Roaming\dlsri.dll
c:\users\Rafael\AppData\Roaming\vpuig.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\PFRO.log
c:\windows\SysWow64\nsis_loader.dll
c:\windows\wininit.ini
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-05 00:38 . 2013-08-11 04:55    --------    d-----w-    C:\MGtools
2013-08-04 03:14 . 2013-08-04 03:14    74136    ----a-w-    c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-08-04 03:14 . 2013-08-04 03:14    263576    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-04 03:14 . 2013-08-04 03:14    770384    ----a-w-    c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-08-04 03:14 . 2013-08-04 03:14    421200    ----a-w-    c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-08-04 03:14 . 2013-08-04 03:14    92056    ----a-w-    c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-08-04 03:14 . 2013-08-04 03:14    26520    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-08-04 03:14 . 2013-08-04 03:14    170232    ----a-w-    c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-08-03 19:36 . 2013-08-11 04:41    --------    d-----w-    c:\program files (x86)\Google
2013-08-03 19:36 . 2013-08-11 04:41    --------    d-----w-    c:\users\Rafael\AppData\Local\Google
2013-07-13 04:48 . 2013-07-13 04:48    --------    d-----w-    c:\programdata\EPSON
2013-07-13 04:46 . 2013-07-13 04:46    --------    d-----w-    c:\users\Rafael\AppData\Roaming\Leadertech
2013-07-13 04:46 . 2013-07-13 04:46    --------    d-----w-    C:\EPSONREG
2013-07-13 04:35 . 2013-07-13 04:35    --------    d-----w-    c:\users\Rafael\AppData\Roaming\ArcSoft
2013-07-13 04:35 . 2006-09-18 12:50    22784    ----a-w-    c:\windows\SysWow64\drivers\afc.sys
2013-07-13 04:35 . 2013-07-13 04:35    --------    d-----w-    c:\program files (x86)\Common Files\ArcSoft
2013-07-13 04:35 . 2004-12-07 14:11    258352    ----a-w-    c:\windows\SysWow64\unicows.dll
2013-07-13 04:35 . 1995-08-01 08:44    212480    ----a-w-    c:\windows\PCDLIB32.DLL
2013-07-13 04:34 . 2013-07-13 04:35    --------    d-----w-    c:\program files (x86)\ArcSoft
2013-07-13 04:34 . 2013-07-13 04:34    --------    d-----w-    c:\windows\SysWow64\PhotoImpression Slideshow
2013-07-13 04:26 . 2013-07-13 04:26    --------    d-----w-    c:\program files\EPSON
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 06:29 . 2012-04-11 03:01    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-11 06:29 . 2011-07-28 07:05    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-05 00:44 . 2013-08-05 00:44    41600    ----a-w-    C:\MGlogs.zip
2013-06-08 14:08 . 2013-06-18 07:01    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-06-08 14:07 . 2013-06-18 07:01    19233792    ----a-w-    c:\windows\system32\mshtml.dll
2013-06-08 14:06 . 2013-06-18 07:01    526336    ----a-w-    c:\windows\system32\ieui.dll
2013-06-08 14:06 . 2013-06-18 07:01    2648064    ----a-w-    c:\windows\system32\iertutil.dll
2013-06-08 14:06 . 2013-06-18 07:01    15404544    ----a-w-    c:\windows\system32\ieframe.dll
2013-06-08 12:28 . 2013-06-18 07:01    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-06-08 11:13 . 2013-06-18 07:01    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-05-22 01:00 . 2013-05-22 01:00    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-22 01:00 . 2013-05-22 01:00    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-05-22 01:00 . 2013-05-22 01:00    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-05-22 01:00 . 2013-05-22 01:00    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-05-22 01:00 . 2013-05-22 01:00    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-05-22 01:00 . 2013-05-22 01:00    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-22 01:00 . 2013-05-22 01:00    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-05-22 01:00 . 2013-05-22 01:00    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-05-22 01:00 . 2013-05-22 01:00    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-05-22 01:00 . 2013-05-22 01:00    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-05-22 01:00 . 2013-05-22 01:00    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-05-22 01:00 . 2013-05-22 01:00    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-05-22 01:00 . 2013-05-22 01:00    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-05-22 01:00 . 2013-05-22 01:00    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-22 01:00 . 2013-05-22 01:00    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-05-22 01:00 . 2013-05-22 01:00    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-22 01:00 . 2013-05-22 01:00    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-22 01:00 . 2013-05-22 01:00    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-05-22 01:00 . 2013-05-22 01:00    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-22 01:00 . 2013-05-22 01:00    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-05-22 01:00 . 2013-05-22 01:00    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-05-22 01:00 . 2013-05-22 01:00    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-05-22 01:00 . 2013-05-22 01:00    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-22 01:00 . 2013-05-22 01:00    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-05-22 01:00 . 2013-05-22 01:00    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-22 01:00 . 2013-05-22 01:00    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-22 01:00 . 2013-05-22 01:00    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-05-22 01:00 . 2013-05-22 01:00    441856    ----a-w-    c:\windows\system32\html.iec
2013-05-22 01:00 . 2013-05-22 01:00    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-05-22 01:00 . 2013-05-22 01:00    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-05-22 01:00 . 2013-05-22 01:00    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-22 01:00 . 2013-05-22 01:00    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-05-22 01:00 . 2013-05-22 01:00    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-05-22 01:00 . 2013-05-22 01:00    235008    ----a-w-    c:\windows\system32\url.dll
2013-05-22 01:00 . 2013-05-22 01:00    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-05-22 01:00 . 2013-05-22 01:00    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-05-22 01:00 . 2013-05-22 01:00    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-05-22 01:00 . 2013-05-22 01:00    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-22 01:00 . 2013-05-22 01:00    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-22 01:00 . 2013-05-22 01:00    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-22 01:00 . 2013-05-22 01:00    149504    ----a-w-    c:\windows\system32\occache.dll
2013-05-22 01:00 . 2013-05-22 01:00    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-05-22 01:00 . 2013-05-22 01:00    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-05-22 01:00 . 2013-05-22 01:00    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-05-22 01:00 . 2013-05-22 01:00    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-05-22 01:00 . 2013-05-22 01:00    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-05-22 01:00 . 2013-05-22 01:00    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-05-22 01:00 . 2013-05-22 01:00    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-05-22 01:00 . 2013-05-22 01:00    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-22 00:59 . 2013-05-22 00:59    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-05-22 00:59 . 2013-05-22 00:59    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-05-22 00:59 . 2013-05-22 00:59    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-05-22 00:59 . 2013-05-22 00:59    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-05-22 00:59 . 2013-05-22 00:59    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-05-22 00:59 . 2013-05-22 00:59    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-22 00:59 . 2013-05-22 00:59    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-05-22 00:59 . 2013-05-22 00:59    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-05-22 00:59 . 2013-05-22 00:59    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-05-22 00:59 . 2013-05-22 00:59    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-05-22 00:59 . 2013-05-22 00:59    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-05-22 00:59 . 2013-05-22 00:59    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-05-22 00:59 . 2013-05-22 00:59    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-22 00:59 . 2013-05-22 00:59    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-05-22 00:59 . 2013-05-22 00:59    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-05-22 00:59 . 2013-05-22 00:59    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-22 00:59 . 2013-05-22 00:59    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-05-22 00:59 . 2013-05-22 00:59    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-22 00:59 . 2013-05-22 00:59    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-05-22 00:59 . 2013-05-22 00:59    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-05-22 00:59 . 2013-05-22 00:59    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-05-22 00:59 . 2013-05-22 00:59    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-05-22 00:59 . 2013-05-22 00:59    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-05-22 00:59 . 2013-05-22 00:59    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2013-05-22 00:59 . 2013-05-22 00:59    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2013-05-22 00:59 . 2013-05-22 00:59    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41    120104    ----a-w-    c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 ?etadpug;Google Update Service (gupdate);c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\   \...\???\{62c84f77-987b-450c-f5fd-00ddcaad417b}\GoogleUpdate.exe <;c:\program files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\   \...\???\{62c84f77-987b-450c-f5fd-00ddcaad417b}\GoogleUpdate.exe < [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100224.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100224.002\IDSvia64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 06:29]
.
2013-08-11 c:\windows\Tasks\HPCeeScheduleForRafael.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-09 21:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:58263
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tnsd84ec.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-08-03 22:52; {26b94ebf-fc74-11e2-8277-b8ac6f996f26}; c:\users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tnsd84ec.default\extensions\{26b94ebf-fc74-11e2-8277-b8ac6f996f26}.xpi
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-vpuig - c:\users\Rafael\AppData\Roaming\vpuig.dll
Wow6432Node-HKCU-Run-dlsri - c:\users\Rafael\AppData\Roaming\dlsri.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-21395757.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-08-11  19:18:44 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-11 23:18
.
Pre-Run: 167,006,404,608 bytes free
Post-Run: 199,881,064,448 bytes free
.
- - End Of File - - D2758CC57880C0E80C5E1CCCF910A6EF
53400DB3CA8E9E932C47F1BBCBA8FD72
 



#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 12 August 2013 - 03:32 AM

Hello again,

Thanks for the feedback, but we're not done just yet.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
===================================================

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
===================================================

On your next reply please post :
Adwcleaner log
JRT log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 noobpc

noobpc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 12 August 2013 - 08:49 PM

When I ran Adwcleaner and clicked delete, I know it deleted something on my desktop. From the log i think it deleted an ebay icon, why would it do that? I dont think it was a virus, it came with the computer.

 

 

# AdwCleaner v2.306 - Logfile created 08/12/2013 at 21:36:39
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rafael - LAPTOP-PC
# Boot Mode : Normal
# Running from : C:\Users\Rafael\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Rafael\AppData\Roaming\iWin

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tnsd84ec.default\prefs.js

C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tnsd84ec.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3404 octets] - [12/08/2013 21:36:39]

########## EOF - C:\AdwCleaner[S1].txt - [3464 octets] ##########

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.4 (08.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Rafael on Mon 08/12/2013 at 21:50:18.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-31937014-2821324593-2740338108-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
========================================================================================
    vpuig    REG_SZ    "C:\Windows\System32\rundll32.exe" "C:\Users\Rafael\AppData\Roaming\vpuig.dll",AppendInittab
    dlsri    REG_SZ    "C:\Windows\System32\rundll32.exe" "C:\Users\Rafael\AppData\Roaming\dlsri.dll",Int_FromSize_t




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}



~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"



~~~ FireFox

Successfully deleted the following from C:\Users\Rafael\AppData\Roaming\mozilla\firefox\profiles\tnsd84ec.default\prefs.js

user_pref("extensions.fctlite.defaultRule", "t;;uri;;.;;ct;;torrent;;C1;;;;Download torrent anywhere;;0001@@@f;;uri;;\\.flv|\\.mp4|\\.f4v|\\.hlv|videoback;;content-length;;>10
Emptied folder: C:\Users\Rafael\AppData\Roaming\mozilla\firefox\profiles\tnsd84ec.default\minidumps [23 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/12/2013 at 21:56:04.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by noobpc, 12 August 2013 - 08:57 PM.


#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 12 August 2013 - 10:33 PM

Not sure why but maybe the author thought this isn't necessary. To restore the eBay link, simply go to eBay website and right click anywhere on the page and select Save Page As. Save it to your desktop and you should be seeing the eBay link back.


Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 noobpc

noobpc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 13 August 2013 - 12:19 AM

I have a question. The first program you told me to run was aswMBR.exe, and it said not to attempt any fixes. I followed the instructions, but I just thought about the question. Why didn't you tell me to click fix if the log found some infected files? I am just curious.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013
Ran by Rafael (administrator) on 13-08-2013 01:12:24
Running from C:\Users\Rafael\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKCU\...\Run: [vpuig] - "C:\Windows\System32\rundll32.exe" "C:\Users\Rafael\AppData\Roaming\vpuig.dll",AppendInittab [x] <===== ATTENTION
HKCU\...\Run: [dlsri] - "C:\Windows\System32\rundll32.exe" "C:\Users\Rafael\AppData\Roaming\dlsri.dll",Int_FromSize_t [x] <===== ATTENTION
HKLM-x32\...\Run: [HPCam_Menu] - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:58263
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tnsd84ec.default
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\Rafael\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tnsd84ec.default\Extensions\{26b94ebf-fc74-11e2-8277-b8ac6f996f26}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [117640 2009-08-22] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{62c84f77-987b-450c-f5fd-00ddcaad417b}\   \...\???\{62c84f77-987b-450c-f5fd-00ddcaad417b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [334384 2009-08-22] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [583296 2010-02-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-12-28] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-12-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100224.002\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100224.002\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS [476720 2009-08-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS [32304 2009-08-22] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008000.029\SYMEFA64.SYS [402992 2009-08-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2009-12-29] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [120880 2009-08-22] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-09] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [56880 2009-08-22] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS [278576 2009-08-22] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.033\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.033\EX64.SYS [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-13 01:11 - 2013-08-13 01:11 - 01575190 _____ (Farbar) C:\Users\Rafael\Desktop\FRST64.exe
2013-08-13 01:09 - 2013-08-13 01:09 - 00001549 _____ C:\Users\Rafael\Desktop\JRT.txt
2013-08-13 01:04 - 2013-08-13 01:06 - 00000000 ____D C:\Users\Rafael\Downloads\Virus Scanners
2013-08-13 01:00 - 2013-08-13 01:00 - 00000302 _____ C:\Windows\PFRO.log
2013-08-13 00:59 - 2013-08-13 01:00 - 00000861 _____ C:\AdwCleaner[S2].txt
2013-08-12 21:50 - 2013-08-12 21:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-12 21:49 - 2013-08-12 21:49 - 00959697 _____ (Oleg N. Scherbakov) C:\Users\Rafael\Downloads\JRT.exe
2013-08-12 21:36 - 2013-08-12 21:36 - 00003529 _____ C:\AdwCleaner[S1].txt
2013-08-11 19:31 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-11 19:31 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-11 19:31 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-11 19:31 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-11 19:31 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-11 19:31 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-11 19:31 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-11 19:31 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-11 19:31 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-11 19:31 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-11 19:31 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-11 19:31 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-11 19:31 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-11 19:31 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-11 19:31 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-11 19:31 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-11 19:31 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-11 19:31 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-11 19:31 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-11 19:31 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-11 19:31 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-11 19:31 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-11 19:31 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-11 19:31 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-11 19:31 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-11 19:31 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-11 19:31 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-11 19:31 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-11 19:31 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-11 19:31 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-11 19:31 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-11 19:18 - 2013-08-11 19:18 - 00035739 _____ C:\ComboFix.txt
2013-08-11 16:59 - 2013-08-11 19:18 - 00000000 ____D C:\ComboFix
2013-08-11 16:59 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-11 16:59 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-11 16:59 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-11 16:59 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-11 16:59 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-11 16:59 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-11 16:59 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-11 16:59 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-11 16:57 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-11 16:57 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-11 16:57 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-11 16:57 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-11 16:57 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-11 16:56 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-11 16:56 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-11 01:46 - 2013-08-13 00:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-11 01:46 - 2013-08-11 02:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-11 01:07 - 2013-08-11 19:16 - 00000000 ____D C:\Windows\erdnt
2013-08-10 23:27 - 2013-08-11 19:18 - 00000000 ____D C:\Qoobox
2013-08-05 14:17 - 2013-08-05 14:17 - 00000522 _____ C:\Users\Rafael\Desktop\MBR.zip
2013-08-05 14:15 - 2013-08-11 03:18 - 00006406 _____ C:\Users\Rafael\Desktop\aswMBR.txt
2013-08-05 14:15 - 2013-08-11 03:18 - 00000512 _____ C:\Users\Rafael\Desktop\MBR.dat
2013-08-04 20:44 - 2013-08-04 20:44 - 00041600 _____ C:\MGlogs.zip
2013-08-04 20:38 - 2013-08-11 00:55 - 00000000 ____D C:\MGtools
2013-08-03 15:36 - 2013-08-11 00:41 - 00000000 ____D C:\Users\Rafael\AppData\Local\Google
2013-08-03 15:36 - 2013-08-11 00:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-03 02:26 - 2013-08-06 16:31 - 00001601 _____ C:\Users\Rafael\Desktop\New Text Document (8).txt
2013-07-26 01:56 - 2013-07-27 04:03 - 00001371 _____ C:\Users\Rafael\Desktop\New Text Document (7).txt

==================== One Month Modified Files and Folders =======

2013-08-13 01:12 - 2013-08-13 01:12 - 00000000 ____D C:\FRST
2013-08-13 01:11 - 2013-08-13 01:11 - 01575190 _____ (Farbar) C:\Users\Rafael\Desktop\FRST64.exe
2013-08-13 01:09 - 2013-08-13 01:09 - 00001549 _____ C:\Users\Rafael\Desktop\JRT.txt
2013-08-13 01:09 - 2011-11-18 00:50 - 00001702 _____ C:\Users\Public\Desktop\Recuva.lnk
2013-08-13 01:08 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 01:08 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 01:06 - 2013-08-13 01:04 - 00000000 ____D C:\Users\Rafael\Downloads\Virus Scanners
2013-08-13 01:01 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 01:01 - 2009-07-14 00:51 - 00198577 _____ C:\Windows\setupact.log
2013-08-13 01:00 - 2013-08-13 01:00 - 00000302 _____ C:\Windows\PFRO.log
2013-08-13 01:00 - 2013-08-13 00:59 - 00000861 _____ C:\AdwCleaner[S2].txt
2013-08-13 01:00 - 2009-08-23 04:34 - 01421591 _____ C:\Windows\WindowsUpdate.log
2013-08-13 00:26 - 2013-08-11 01:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-12 21:50 - 2013-08-12 21:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-12 21:49 - 2013-08-12 21:49 - 00959697 _____ (Oleg N. Scherbakov) C:\Users\Rafael\Downloads\JRT.exe
2013-08-12 21:36 - 2013-08-12 21:36 - 00003529 _____ C:\AdwCleaner[S1].txt
2013-08-12 20:56 - 2011-09-03 02:01 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Skype
2013-08-11 22:02 - 2009-07-14 00:45 - 00436520 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-11 22:01 - 2013-03-12 19:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-11 22:01 - 2013-03-12 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-11 19:34 - 2009-07-14 01:13 - 00758036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-11 19:18 - 2013-08-11 19:18 - 00035739 _____ C:\ComboFix.txt
2013-08-11 19:18 - 2013-08-11 16:59 - 00000000 ____D C:\ComboFix
2013-08-11 19:18 - 2013-08-10 23:27 - 00000000 ____D C:\Qoobox
2013-08-11 19:16 - 2013-08-11 01:07 - 00000000 ____D C:\Windows\erdnt
2013-08-11 19:11 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-08-11 17:14 - 2011-11-06 01:18 - 00000000 ____D C:\FavoriteVideo
2013-08-11 16:23 - 2009-07-14 01:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-11 03:18 - 2013-08-05 14:15 - 00006406 _____ C:\Users\Rafael\Desktop\aswMBR.txt
2013-08-11 03:18 - 2013-08-05 14:15 - 00000512 _____ C:\Users\Rafael\Desktop\MBR.dat
2013-08-11 02:41 - 2012-05-16 19:17 - 00003194 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRafael
2013-08-11 02:41 - 2012-05-16 19:17 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForRafael.job
2013-08-11 02:29 - 2013-08-11 01:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-11 02:29 - 2012-04-10 23:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-11 02:29 - 2011-07-28 03:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-11 01:52 - 2010-01-06 15:59 - 00000000 ____D C:\Users\Rafael\AppData\Local\Adobe
2013-08-11 01:00 - 2009-12-29 15:06 - 00000000 ____D C:\Users\Rafael
2013-08-11 00:56 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-11 00:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-11 00:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-11 00:55 - 2013-08-04 20:38 - 00000000 ____D C:\MGtools
2013-08-11 00:55 - 2013-05-23 00:25 - 00000000 ____D C:\Users\Public\CyberLink
2013-08-11 00:55 - 2010-07-10 02:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-11 00:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-08-11 00:41 - 2013-08-03 15:36 - 00000000 ____D C:\Users\Rafael\AppData\Local\Google
2013-08-11 00:41 - 2013-08-03 15:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-11 00:41 - 2010-08-30 00:41 - 00000000 ___RD C:\MSOCache
2013-08-11 00:41 - 2010-01-06 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-11 00:41 - 2009-12-29 15:07 - 00000000 ____D C:\Users\Rafael\AppData\Local\Hewlett-Packard
2013-08-10 01:41 - 2012-09-01 00:08 - 00000723 _____ C:\Users\Rafael\Desktop\New Text Document (5).txt
2013-08-06 16:31 - 2013-08-03 02:26 - 00001601 _____ C:\Users\Rafael\Desktop\New Text Document (8).txt
2013-08-05 14:17 - 2013-08-05 14:17 - 00000522 _____ C:\Users\Rafael\Desktop\MBR.zip
2013-08-05 10:54 - 2013-05-02 22:08 - 00000000 ___HD C:\Users\Rafael\Desktop\backup
2013-08-04 20:44 - 2013-08-04 20:44 - 00041600 _____ C:\MGlogs.zip
2013-08-03 23:14 - 2012-09-19 23:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-27 04:03 - 2013-07-26 01:56 - 00001371 _____ C:\Users\Rafael\Desktop\New Text Document (7).txt
2013-07-16 13:28 - 2013-07-08 00:07 - 00000264 _____ C:\Users\Rafael\Desktop\New Text Document (2).txt

ZeroAccess:
C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}
C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\00000004.@
C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\201d3dde
C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\6715e287
C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\76603ac3

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-08-12 17:39

==================== End Of Log ============================

 

Attached Files



#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 13 August 2013 - 12:39 AM

That's because Combofix and FRST which I am about to use will take care of these files. I just use aswMBR as an early diagnosis tool to help me.

Download attached fixlist.txtAttached File  fixlist.txt   677bytes   6 downloads file and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 noobpc

noobpc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 13 August 2013 - 04:55 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013 01
Ran by Rafael at 2013-08-13 17:52:15 Run:1
Running from C:\Users\Rafael\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\vpuig => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\dlsri => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
*etadpug => Service deleted successfully.
C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b} => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====



#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 13 August 2013 - 10:04 PM

How is it running now? Please run FRST again for a fresh log. Thanks
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 noobpc

noobpc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 14 August 2013 - 07:40 PM

Everything seems to be running fine. Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Rafael (administrator) on 14-08-2013 20:27:17
Running from C:\Users\Rafael\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM-x32\...\Run: [HPCam_Menu] - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tnsd84ec.default
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\Rafael\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tnsd84ec.default\Extensions\{26b94ebf-fc74-11e2-8277-b8ac6f996f26}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [117640 2009-08-22] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [334384 2009-08-22] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [583296 2010-02-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-12-28] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-12-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100224.002\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100224.002\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS [476720 2009-08-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS [32304 2009-08-22] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008000.029\SYMEFA64.SYS [402992 2009-08-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2009-12-29] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [120880 2009-08-22] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-09] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [56880 2009-08-22] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS [278576 2009-08-22] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.033\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.033\EX64.SYS [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-14 03:06 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 03:06 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 03:06 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 03:06 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 03:06 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 03:06 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 03:06 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 03:06 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 03:06 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 03:06 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 03:06 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 19:39 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 19:39 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 19:39 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 19:39 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 19:39 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 19:39 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 19:39 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 19:39 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 19:38 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 19:38 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 19:38 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 19:38 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 19:38 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 19:38 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 19:38 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 19:38 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 19:38 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 19:38 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 19:38 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 19:38 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 19:38 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 19:38 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 19:38 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 19:38 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 19:38 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 19:38 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 19:38 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 01:13 - 2013-08-13 01:13 - 00013687 _____ C:\Users\Rafael\Desktop\Addition.txt
2013-08-13 01:12 - 2013-08-13 01:12 - 00000000 ____D C:\FRST
2013-08-13 01:11 - 2013-08-14 20:27 - 01575570 _____ (Farbar) C:\Users\Rafael\Desktop\FRST64.exe
2013-08-13 01:09 - 2013-08-13 01:09 - 00001549 _____ C:\Users\Rafael\Desktop\JRT.txt
2013-08-13 01:04 - 2013-08-14 20:26 - 00000000 ____D C:\Users\Rafael\Downloads\Virus Scanners
2013-08-13 01:00 - 2013-08-13 01:00 - 00000302 _____ C:\Windows\PFRO.log
2013-08-13 00:59 - 2013-08-13 01:00 - 00000861 _____ C:\AdwCleaner[S2].txt
2013-08-12 21:50 - 2013-08-12 21:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-12 21:36 - 2013-08-12 21:36 - 00003529 _____ C:\AdwCleaner[S1].txt
2013-08-11 19:18 - 2013-08-11 19:18 - 00035739 _____ C:\ComboFix.txt
2013-08-11 16:59 - 2013-08-11 19:18 - 00000000 ____D C:\ComboFix
2013-08-11 16:59 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-11 16:59 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-11 16:59 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-11 16:59 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-11 16:59 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-11 16:59 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-11 16:59 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-11 16:59 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-11 16:57 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-11 16:57 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-11 16:57 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-11 16:56 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-11 16:56 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-11 01:46 - 2013-08-14 20:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-11 01:46 - 2013-08-11 02:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-11 01:07 - 2013-08-11 19:16 - 00000000 ____D C:\Windows\erdnt
2013-08-10 23:27 - 2013-08-11 19:18 - 00000000 ____D C:\Qoobox
2013-08-05 14:17 - 2013-08-05 14:17 - 00000522 _____ C:\Users\Rafael\Desktop\MBR.zip
2013-08-05 14:15 - 2013-08-11 03:18 - 00006406 _____ C:\Users\Rafael\Desktop\aswMBR.txt
2013-08-05 14:15 - 2013-08-11 03:18 - 00000512 _____ C:\Users\Rafael\Desktop\MBR.dat
2013-08-04 20:44 - 2013-08-04 20:44 - 00041600 _____ C:\MGlogs.zip
2013-08-04 20:38 - 2013-08-11 00:55 - 00000000 ____D C:\MGtools
2013-08-03 15:36 - 2013-08-11 00:41 - 00000000 ____D C:\Users\Rafael\AppData\Local\Google
2013-08-03 15:36 - 2013-08-11 00:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-03 02:26 - 2013-08-06 16:31 - 00001601 _____ C:\Users\Rafael\Desktop\New Text Document (8).txt
2013-07-26 01:56 - 2013-07-27 04:03 - 00001371 _____ C:\Users\Rafael\Desktop\New Text Document (7).txt

==================== One Month Modified Files and Folders =======

2013-08-14 20:27 - 2013-08-13 01:11 - 01575570 _____ (Farbar) C:\Users\Rafael\Desktop\FRST64.exe
2013-08-14 20:26 - 2013-08-13 01:04 - 00000000 ____D C:\Users\Rafael\Downloads\Virus Scanners
2013-08-14 20:26 - 2013-08-11 01:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 18:34 - 2012-09-01 00:08 - 00000777 _____ C:\Users\Rafael\Desktop\New Text Document (5).txt
2013-08-14 16:36 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 16:36 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 16:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 16:28 - 2009-07-14 00:51 - 00198745 _____ C:\Windows\setupact.log
2013-08-14 14:40 - 2009-08-23 04:34 - 01371489 _____ C:\Windows\WindowsUpdate.log
2013-08-14 04:59 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-14 04:59 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-14 03:03 - 2009-07-14 01:13 - 00758036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-13 21:45 - 2011-09-03 02:01 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Skype
2013-08-13 21:04 - 2013-07-08 00:07 - 00000291 _____ C:\Users\Rafael\Desktop\New Text Document (2).txt
2013-08-13 01:13 - 2013-08-13 01:13 - 00013687 _____ C:\Users\Rafael\Desktop\Addition.txt
2013-08-13 01:12 - 2013-08-13 01:12 - 00000000 ____D C:\FRST
2013-08-13 01:09 - 2013-08-13 01:09 - 00001549 _____ C:\Users\Rafael\Desktop\JRT.txt
2013-08-13 01:09 - 2011-11-18 00:50 - 00001702 _____ C:\Users\Public\Desktop\Recuva.lnk
2013-08-13 01:00 - 2013-08-13 01:00 - 00000302 _____ C:\Windows\PFRO.log
2013-08-13 01:00 - 2013-08-13 00:59 - 00000861 _____ C:\AdwCleaner[S2].txt
2013-08-12 21:50 - 2013-08-12 21:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-12 21:36 - 2013-08-12 21:36 - 00003529 _____ C:\AdwCleaner[S1].txt
2013-08-11 22:02 - 2009-07-14 00:45 - 00436520 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-11 22:01 - 2013-03-12 19:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-11 22:01 - 2013-03-12 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-11 19:18 - 2013-08-11 19:18 - 00035739 _____ C:\ComboFix.txt
2013-08-11 19:18 - 2013-08-11 16:59 - 00000000 ____D C:\ComboFix
2013-08-11 19:18 - 2013-08-10 23:27 - 00000000 ____D C:\Qoobox
2013-08-11 19:16 - 2013-08-11 01:07 - 00000000 ____D C:\Windows\erdnt
2013-08-11 19:11 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-08-11 17:14 - 2011-11-06 01:18 - 00000000 ____D C:\FavoriteVideo
2013-08-11 16:23 - 2009-07-14 01:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-11 03:18 - 2013-08-05 14:15 - 00006406 _____ C:\Users\Rafael\Desktop\aswMBR.txt
2013-08-11 03:18 - 2013-08-05 14:15 - 00000512 _____ C:\Users\Rafael\Desktop\MBR.dat
2013-08-11 02:41 - 2012-05-16 19:17 - 00003194 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRafael
2013-08-11 02:41 - 2012-05-16 19:17 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForRafael.job
2013-08-11 02:29 - 2013-08-11 01:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-11 02:29 - 2012-04-10 23:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-11 02:29 - 2011-07-28 03:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-11 01:52 - 2010-01-06 15:59 - 00000000 ____D C:\Users\Rafael\AppData\Local\Adobe
2013-08-11 01:00 - 2009-12-29 15:06 - 00000000 ____D C:\Users\Rafael
2013-08-11 00:56 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-11 00:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-11 00:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-11 00:55 - 2013-08-04 20:38 - 00000000 ____D C:\MGtools
2013-08-11 00:55 - 2013-05-23 00:25 - 00000000 ____D C:\Users\Public\CyberLink
2013-08-11 00:55 - 2010-07-10 02:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-11 00:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-08-11 00:41 - 2013-08-03 15:36 - 00000000 ____D C:\Users\Rafael\AppData\Local\Google
2013-08-11 00:41 - 2013-08-03 15:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-11 00:41 - 2010-08-30 00:41 - 00000000 ___RD C:\MSOCache
2013-08-11 00:41 - 2010-01-06 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-11 00:41 - 2009-12-29 15:07 - 00000000 ____D C:\Users\Rafael\AppData\Local\Hewlett-Packard
2013-08-06 16:31 - 2013-08-03 02:26 - 00001601 _____ C:\Users\Rafael\Desktop\New Text Document (8).txt
2013-08-05 14:17 - 2013-08-05 14:17 - 00000522 _____ C:\Users\Rafael\Desktop\MBR.zip
2013-08-05 10:54 - 2013-05-02 22:08 - 00000000 ___HD C:\Users\Rafael\Desktop\backup
2013-08-04 20:44 - 2013-08-04 20:44 - 00041600 _____ C:\MGlogs.zip
2013-08-03 23:14 - 2012-09-19 23:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-27 04:03 - 2013-07-26 01:56 - 00001371 _____ C:\Users\Rafael\Desktop\New Text Document (7).txt
2013-07-26 01:13 - 2013-08-14 03:06 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 01:13 - 2013-08-14 03:06 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 01:13 - 2013-08-14 03:06 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 01:12 - 2013-08-14 03:06 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 01:12 - 2013-08-14 03:06 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 01:12 - 2013-08-14 03:06 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 01:12 - 2013-08-14 03:06 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 01:12 - 2013-08-14 03:06 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 01:12 - 2013-08-14 03:06 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 01:12 - 2013-08-14 03:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 01:12 - 2013-08-14 03:06 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 01:12 - 2013-08-14 03:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 01:12 - 2013-08-14 03:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 01:12 - 2013-08-14 03:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-25 23:35 - 2013-08-14 03:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 23:13 - 2013-08-14 03:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 23:13 - 2013-08-14 03:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 23:12 - 2013-08-14 03:06 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 23:12 - 2013-08-14 03:06 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 23:12 - 2013-08-14 03:06 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 23:12 - 2013-08-14 03:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 23:12 - 2013-08-14 03:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 23:12 - 2013-08-14 03:06 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 23:12 - 2013-08-14 03:06 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 23:12 - 2013-08-14 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 23:12 - 2013-08-14 03:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 23:11 - 2013-08-14 03:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 23:11 - 2013-08-14 03:06 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 22:49 - 2013-08-14 03:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 22:39 - 2013-08-14 03:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 21:59 - 2013-08-14 03:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 05:25 - 2013-08-13 19:38 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 04:57 - 2013-08-13 19:38 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-18 21:58 - 2013-08-13 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-18 21:41 - 2013-08-13 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 17:39

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users