Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant remove Exploit:Java/CVE-2013-1493


  • This topic is locked This topic is locked
21 replies to this topic

#1 ghost778

ghost778

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 09 August 2013 - 09:27 PM

This has been on many of my recent MSE scans and they never seem to get rid of it. Figured you masterminds would know how to take care of it. Win 7 64x btw. And it appeared within about a month or so.

 

EDIT: As I was updating this on my computer, I got hit with the PRISM computer lock virus. Dont know how to add that to the post title, if its even possible. Any and all help would be appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 1.6.0_33
Run by Andrew at 22:19:13 on 2013-08-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.9207.5290 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10zp_ActiveX.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uProxyOverride = <local>
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
uURLSearchHooks: {cce665dd-f6dd-4808-968e-eaec971f70ef} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [WorkForce 630(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Users\Andrew\AppData\Local\Temp\E_SF846.tmp" /EF "HKCU"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{CE83FE0D-7B7B-44F7-ADF9-D4CF8F1A4793} : NameServer = 75.75.76.76,75.75.75.75
TCP: Interfaces\{CE83FE0D-7B7B-44F7-ADF9-D4CF8F1A4793} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&CUI=UN39347142584730244&UM=2&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vdrv9000;vdrv9000;C:\Windows\System32\drivers\vdrv9000.sys [2012-5-12 128528]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-6-19 23816]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-10 1153368]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 vcd9bus;Virtual CD v9 Bus Enumerator;C:\Windows\System32\drivers\vcd9bus.sys [2012-5-12 40216]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2009-9-21 54320]
S3 HH9Help.sys;HH9Help.sys;C:\Windows\System32\drivers\HH9Help.sys [2012-5-12 24344]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-10 19456]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]
S3 slb;slb;C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [2013-3-20 81880]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-10 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-28 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-18 1432400]
S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
S4 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-15 86016]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-27 2673064]
S4 VC9SecS;Virtual CD v9 Management Service;C:\Program Files (x86)\Virtual CD v9\System\vc9secs.exe [2012-5-12 132416]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-08-10 01:46:25 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1189DDF-F900-4243-9869-695C5C0BAF55}\mpengine.dll
2013-08-09 01:41:01 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-06 01:16:36 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-08-05 09:20:07 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DCDD35BA-7F14-4A86-87D0-7FB13F7FB457}\gapaengine.dll
2013-08-04 09:34:15 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-08-04 09:34:14 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-08-04 09:20:45 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-04 08:30:28 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-04 08:30:03 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-04 08:29:23 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-07-23 03:26:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-15 18:12:31 -------- d-----w- C:\Program Files (x86)\Dungeon Defenders
2013-07-14 21:21:14 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Scoregasm
2013-07-11 16:14:05 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 16:14:05 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 16:14:05 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 16:14:05 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 16:14:05 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 16:14:05 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 16:14:05 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 16:14:04 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-11 16:14:04 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-11 16:14:04 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-11 16:14:03 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 16:13:59 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 16:13:59 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 16:13:58 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 16:13:58 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 16:13:58 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 16:13:58 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 16:13:48 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 16:13:48 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-08-06 01:16:29 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-08-06 01:16:29 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-23 03:26:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 00:34:37 291096 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-22 00:34:37 291096 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-07-22 00:33:03 291096 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 00:36:11 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-06-15 00:36:11 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-06-15 00:36:11 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-06-15 00:36:11 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-02 02:08:49 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
.
============= FINISH: 22:19:35.30 ===============
 


Edited by ghost778, 10 August 2013 - 04:36 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 12 August 2013 - 09:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 ghost778

ghost778
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 12 August 2013 - 12:49 PM

Thank you for responding. I now have one of those cyber crime randsomware viruses and cant get to my desktop. Its called prism. Could I use those programs in safe mode?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 13 August 2013 - 07:08 AM

First try to restore you computer to a previous date prior to the infection.

Use the instructions here just to restore a good point.
http://www.pcrisk.com/removal-guides/6582-remove-bundespolizei

===

You will need a flash drive and if possible download the fool from a good computer.
  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===

#5 ghost778

ghost778
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 13 August 2013 - 02:11 PM

I restored back about 3-4 days and got back to the desktop. I used Hitman pro last time it happened, but my trial is over and cant remove it with hitman anymore. Here are the logs for adwcleaner, JRT, and checkup.

 

# AdwCleaner v2.306 - Logfile created 06/01/2013 at 14:33:25
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Andrew - FX6800
# Boot Mode : Normal
# Running from : C:\Users\Andrew\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Andrew\AppData\Local\PackageAware
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default\CT3198785
Folder Deleted : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
Folder Deleted : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default\Smartbar

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~3\Wincert\WIN64C~1.DLL
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default\prefs.js

Deleted : user_pref("CT3198785.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3198785.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Deleted : user_pref("CT3198785.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3198785.FirstTime", "true");
Deleted : user_pref("CT3198785.FirstTimeFF3", "true");
Deleted : user_pref("CT3198785.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NDcyNzM1Nw==");
Deleted : user_pref("CT3198785.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3NTYwODEyNw==");
Deleted : user_pref("CT3198785.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MQ==");
Deleted : user_pref("CT3198785.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Deleted : user_pref("CT3198785.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Deleted : user_pref("CT3198785.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Deleted : user_pref("CT3198785.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Deleted : user_pref("CT3198785.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Deleted : user_pref("CT3198785.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Deleted : user_pref("CT3198785.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Deleted : user_pref("CT3198785.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.[...]
Deleted : user_pref("CT3198785.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.e[...]
Deleted : user_pref("CT3198785.PG_ENABLE", "ZmFsc2U=");
Deleted : user_pref("CT3198785.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3198785.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3198785.SF_USER_ID.enc", "Y2lkXzI1NzIwMTMwNDIzNzM1NDgyMzM=");
Deleted : user_pref("CT3198785.SearchAppState.enc", "Mg==");
Deleted : user_pref("CT3198785.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT31[...]
Deleted : user_pref("CT3198785.UserID", "UN39347142584730244");
Deleted : user_pref("CT3198785.User_UniqueID.enc", "YzlkMjZhNjktZTJhMS00NGUxLWQ2M2MtNDZmODUyYWQ1YmVk");
Deleted : user_pref("CT3198785.acp_personal.appstate.enc", "ZW5hYmxl");
Deleted : user_pref("CT3198785.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3198785.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3198785.cb_experience_000.enc", "Mg==");
Deleted : user_pref("CT3198785.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3198785.cb_user_id_000.enc", "Q0I5NTUxMzgyMTc3MDBfMTM3NTc1MzA2NzM4NV9GaXJlZm94");
Deleted : user_pref("CT3198785.cbfirsttime.enc", "VGh1IEp1bCAyNSAyMDEzIDAwOjQyOjIyIEdNVC0wNDAwIChFYXN0ZXJuIFN0[...]
Deleted : user_pref("CT3198785.countryCode", "US");
Deleted : user_pref("CT3198785.discover-experiments-design.enc", "eyJuYW1lIjoidW5wYXJ0aWNpcGF0aW5nIiwidmVyc2lv[...]
Deleted : user_pref("CT3198785.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIj[...]
Deleted : user_pref("CT3198785.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc1NjA4MTA1Njg0LDE0NDAwMDAwXX[...]
Deleted : user_pref("CT3198785.discover-user-id.enc", "ImExYzJmNTBmLWMyNjAtNGUwMC1iM2I0LTc0MzI5NGVmMDE4YSI=");
Deleted : user_pref("CT3198785.embeddedsData", "[{\"appId\":\"129761883813986480\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3198785.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3198785.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"widt[...]
Deleted : user_pref("CT3198785.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3198785.first_time_search.enc", "MQ==");
Deleted : user_pref("CT3198785.fixPageNotFoundErrorByUser", "TRUE");
Deleted : user_pref("CT3198785.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3198785.fixUrls", true);
Deleted : user_pref("CT3198785.fullUserID", "UN39347142584730244.UP.20130629142922");
Deleted : user_pref("CT3198785.ground-country-code.enc", "IlVTIg==");
Deleted : user_pref("CT3198785.hxxp___api28_starwebnet_com.pid2.enc", "ZTVlODA5OGQtNjZmYi0zNTUyLTNkZTgtNjhlNWN[...]
Deleted : user_pref("CT3198785.hxxp___api29_starwebnet_com.pid2.enc", "ZGIyYjJjOTYtMzYyMy1kMjhlLTgwNTItOTM5NmE[...]
Deleted : user_pref("CT3198785.hxxp___api30_starwebnet_com.pid2.enc", "YmRiNDA1ZmYtN2QzOC01ODdmLWI2ZTUtNzFmZmM[...]
Deleted : user_pref("CT3198785.hxxp___api31_starwebnet_com.pid2.enc", "OWJkODI2MmUtNmUwNi0wZDI2LTM4ZmUtMDYzZDE[...]
Deleted : user_pref("CT3198785.hxxp___api32_starwebnet_com.pid2.enc", "ZDA4ZTIwNzQtZTQ3Yy0xYTA4LTVkNTktMjU5YTk[...]
Deleted : user_pref("CT3198785.hxxp___www_toolbar_ads_com_internetapp.APP_WIN_FEATURES.enc", "");
Deleted : user_pref("CT3198785.impression_counter.enc", "Mg==");
Deleted : user_pref("CT3198785.impression_session_counter.enc", "MA==");
Deleted : user_pref("CT3198785.impression_session_id.enc", "IjAwOTNlMjJiLTc2MzMtNDJlOS05ODZlLTc5YWE3ZDU2ZWM1My[...]
Deleted : user_pref("CT3198785.impression_session_last_active.enc", "MTM3NTYwODEyOTY1MQ==");
Deleted : user_pref("CT3198785.installType", "DirectDownload");
Deleted : user_pref("CT3198785.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3198785.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3198785.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3198785.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.key_user_agree_ia12.enc", "MQ==");
Deleted : user_pref("CT3198785.key_wellcome_ia12.enc", "MQ==");
Deleted : user_pref("CT3198785.keyword", true);
Deleted : user_pref("CT3198785.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3198785.lastVersion", "10.16.70.505");
Deleted : user_pref("CT3198785.mam_gk_appStateReportTime.enc", "MTM3NTg1MzU3NzQyNA==");
Deleted : user_pref("CT3198785.mam_gk_appState_ACplus.enc", "b24=");
Deleted : user_pref("CT3198785.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3198785.mam_gk_appState_Discover.enc", "b24=");
Deleted : user_pref("CT3198785.mam_gk_appState_Easytobook.enc", "b24=");
Deleted : user_pref("CT3198785.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Deleted : user_pref("CT3198785.mam_gk_appState_Find-a-Pro.enc", "b24=");
Deleted : user_pref("CT3198785.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Deleted : user_pref("CT3198785.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3198785.mam_gk_appState_WindowShopper.enc", "b24=");
Deleted : user_pref("CT3198785.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3198785.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3198785.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJ[...]
Deleted : user_pref("CT3198785.mam_gk_currentVersion.enc", "MS45LjAuNA==");
Deleted : user_pref("CT3198785.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Deleted : user_pref("CT3198785.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3198785.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Deleted : user_pref("CT3198785.mam_gk_lastLoginTime.enc", "MTM3NTg1MzU3NDc4Ng==");
Deleted : user_pref("CT3198785.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3198785.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3198785.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3198785.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3198785.mam_gk_userId.enc", "NjAzNzAwNWUtZWI3ZS00OWMzLTk1MzAtNTk1ZjJlYTg3Zjdk");
Deleted : user_pref("CT3198785.migrateAppsAndComponents", true);
Deleted : user_pref("CT3198785.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3198785.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT3198785.originalSearchAddressUrl", "");
Deleted : user_pref("CT3198785.originalSearchEngine", "Google");
Deleted : user_pref("CT3198785.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3198785.revertSettingsEnabled", "false");
Deleted : user_pref("CT3198785.search.searchAppId", "129761883813986480");
Deleted : user_pref("CT3198785.search.searchCount", "0");
Deleted : user_pref("CT3198785.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3198785.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3198785.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3198785.searchSuggestEnabledByUser", "True");
Deleted : user_pref("CT3198785.searchUserMode", "2");
Deleted : user_pref("CT3198785.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3198785.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3198785.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3198785.serviceLayer_services_Configuration_lastUpdate", "1375839162466");
Deleted : user_pref("CT3198785.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375695345170");
Deleted : user_pref("CT3198785.serviceLayer_services_appTracking_lastUpdate", "1375751705335");
Deleted : user_pref("CT3198785.serviceLayer_services_appsMetadata_lastUpdate", "1375839169513");
Deleted : user_pref("CT3198785.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1374727450549");
Deleted : user_pref("CT3198785.serviceLayer_services_login_10.16.70.505_lastUpdate", "1375867036763");
Deleted : user_pref("CT3198785.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1374727450503");
Deleted : user_pref("CT3198785.serviceLayer_services_searchAPI_lastUpdate", "1375839162409");
Deleted : user_pref("CT3198785.serviceLayer_services_serviceMap_lastUpdate", "1375839162336");
Deleted : user_pref("CT3198785.serviceLayer_services_setupAPI_lastUpdate", "1374900130039");
Deleted : user_pref("CT3198785.serviceLayer_services_toolbarContextMenu_lastUpdate", "1374727450435");
Deleted : user_pref("CT3198785.serviceLayer_services_toolbarSettings_lastUpdate", "1375860782688");
Deleted : user_pref("CT3198785.serviceLayer_services_translation_lastUpdate", "1375781747525");
Deleted : user_pref("CT3198785.settingsINI", true);
Deleted : user_pref("CT3198785.showToolbarPermission", "false");
Deleted : user_pref("CT3198785.smartbar.CTID", "CT3198785");
Deleted : user_pref("CT3198785.smartbar.Uninstall", "0");
Deleted : user_pref("CT3198785.smartbar.homepage", true);
Deleted : user_pref("CT3198785.smartbar.toolbarName", "WhiteSmoke US ");
Deleted : user_pref("CT3198785.toolbarBornServerTime", "23-7-2013");
Deleted : user_pref("CT3198785.toolbarCurrentServerTime", "7-8-2013");
Deleted : user_pref("CT3198785.toolbarLoginClientTime", "Thu Jul 25 2013 00:42:10 GMT-0400 (Eastern Standard T[...]
Deleted : user_pref("CT3198785.url_history0001.enc", "aHR0cHM6Ly9kb3dubG9hZGNlbnRlci5pbnRlbC5jb20vSlNPTkRhdGFQ[...]
Deleted : user_pref("CT3198785_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?octid=CT3198785&UM=2&ctid=CT3[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT319878[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3198785");
Deleted : user_pref("browser.search.defaultenginename", "WhiteSmoke US Customized Web Search");
Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke US Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3198785");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?octid=CT3198785&UM=2&ctid=CT31[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=C[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3198785");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3198785");
Deleted : user_pref("smartbar.machineId", "IPMDFGEWNFX9JWXTCCQOD3S9OAK+VDR4HROHOHW8RXSX6AINUDZIY3GFYFWIWMYMHRL[...]

*************************

AdwCleaner[S1].txt - [15689 octets] - [01/06/2013 14:33:25]

########## EOF - C:\AdwCleaner[S1].txt - [15750 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.4 (08.12.2013:1)
OS: Windows 7 Professional x64
Ran by Andrew on Sat 06/01/2013 at 14:39:50.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\Andrew\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Andrew\appdata\local\{2110B79F-2985-4E3C-9E35-F57116C5D359}
Successfully deleted: [Empty Folder] C:\Users\Andrew\appdata\local\{2AA6C321-AF65-4DBF-A471-C574602746BD}
Successfully deleted: [Empty Folder] C:\Users\Andrew\appdata\local\{C92B1C8D-3774-4695-8000-96AE5AA6868B}

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\d8zwykrr.default\extensions\zdtwxefdjs@zdtwxefdjs.org.xpi [Tracur]
Emptied folder: C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\d8zwykrr.default\minidumps [14 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/01/2013 at 14:43:35.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Results of screen317's Security Check version 0.99.72 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java™ 6 Update 33 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.8.800.94 
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Mozilla Firefox 21.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 14 August 2013 - 07:05 AM


Will take care of the Security log when all is well.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please run the DDS tool and post a fresh log.


Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#7 ghost778

ghost778
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 14 August 2013 - 01:55 PM

ComboFix 13-08-14.02 - Andrew 08/14/2013  14:28:28.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.9207.6939 [GMT -4:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\8f4cc347421d9dd839ea85e6bfe61a6a_c
c:\programdata\Microsoft\Windows\DRM\5C49.tmp
c:\programdata\Microsoft\Windows\DRM\5C8B.tmp
c:\programdata\Microsoft\Windows\DRM\6DB9.tmp
c:\programdata\Microsoft\Windows\DRM\6DEB.tmp
c:\programdata\Microsoft\Windows\DRM\9C04.tmp
c:\programdata\Microsoft\Windows\DRM\9C55.tmp
c:\programdata\Microsoft\Windows\DRM\CBDB.tmp
c:\programdata\Microsoft\Windows\DRM\CBDC.tmp
c:\programdata\Microsoft\Windows\DRM\F410.tmp
c:\programdata\Microsoft\Windows\DRM\F442.tmp
c:\programdata\Microsoft\Windows\DRM\F4D8.tmp
c:\programdata\Microsoft\Windows\DRM\F4D9.tmp
c:\users\Andrew\AppData\Local\assembly\tmp
c:\users\Andrew\AppData\Roaming\chrtmp
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-14 to 2013-08-14  )))))))))))))))))))))))))))))))
.
.
2013-08-14 18:36 . 2013-08-14 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-13 19:49 . 2013-08-13 19:49 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EE1085B-D064-4D59-8189-990255407EF1}\offreg.dll
2013-08-13 19:34 . 2013-07-02 05:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EE1085B-D064-4D59-8189-990255407EF1}\mpengine.dll
2013-08-10 21:16 . 2013-06-01 18:11 -------- d-----w- c:\users\Andrew\AppData\Local\KB1297893
2013-08-10 01:46 . 2013-07-02 05:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-06 01:16 . 2013-08-06 01:16 312232 ----a-w- c:\windows\system32\javaws.exe
2013-08-06 01:16 . 2013-08-06 01:16 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-06 01:16 . 2013-08-06 01:16 189352 ----a-w- c:\windows\system32\javaw.exe
2013-08-06 01:16 . 2013-08-06 01:16 188840 ----a-w- c:\windows\system32\java.exe
2013-08-05 09:20 . 2013-08-05 09:20 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCDD35BA-7F14-4A86-87D0-7FB13F7FB457}\gapaengine.dll
2013-08-04 09:34 . 2013-08-04 09:34 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-08-04 09:34 . 2013-08-04 09:34 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-04 09:20 . 2013-08-14 18:01 263576 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-04 08:30 . 2013-08-04 08:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-04 08:30 . 2013-08-04 08:30 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-04 08:29 . 2013-08-04 08:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-07-23 03:26 . 2013-07-23 03:26 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 01:16 . 2012-12-03 22:17 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-06 01:16 . 2012-12-03 22:17 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-23 03:26 . 2013-04-20 20:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 00:34 . 2012-06-28 11:18 291096 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-07-22 00:34 . 2012-06-24 00:09 291096 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-07-22 00:33 . 2012-06-24 00:09 291096 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-06-24 04:41 . 2012-11-10 05:39 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 01:50 . 2013-06-19 01:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-15 00:36 . 2013-06-15 00:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-06-15 00:36 . 2013-06-15 00:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-06-15 00:36 . 2013-06-15 00:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-06-15 00:36 . 2013-06-15 00:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-06-13 07:08 . 2013-06-13 07:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-06-13 07:08 . 2013-06-13 07:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-06-13 07:08 . 2013-06-13 07:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-06-13 07:08 . 2013-06-13 07:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-06-11 23:43 . 2013-07-12 19:23 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-12 19:23 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-12 19:23 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-12 19:23 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-12 19:23 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-12 19:23 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-12 19:23 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-12 19:23 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-12 19:23 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-12 19:23 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-12 19:23 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-12 19:23 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-12 19:23 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-12 19:23 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-12 19:23 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-12 19:23 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-12 19:23 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-12 19:23 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-12 19:23 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-12 19:23 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-12 19:23 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-12 19:23 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-11 16:13 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 16:14 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 16:14 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-06-02 02:09 . 2013-06-02 02:09 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-02 02:09 . 2013-06-02 02:09 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-02 02:09 . 2013-06-02 02:09 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-02 02:09 . 2013-06-02 02:09 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-02 02:09 . 2013-06-02 02:09 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-02 02:09 . 2013-06-02 02:09 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-02 02:09 . 2013-06-02 02:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-02 02:09 . 2013-06-02 02:09 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-02 02:09 . 2013-06-02 02:09 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-02 02:09 . 2013-06-02 02:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-02 02:09 . 2013-06-02 02:09 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-02 02:09 . 2013-06-02 02:09 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-02 02:09 . 2013-06-02 02:09 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-02 02:09 . 2013-06-02 02:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-02 02:09 . 2013-06-02 02:09 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-02 02:09 . 2013-06-02 02:09 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-02 02:09 . 2013-06-02 02:09 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-02 02:09 . 2013-06-02 02:09 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-02 02:09 . 2013-06-02 02:09 441856 ----a-w- c:\windows\system32\html.iec
2013-06-02 02:09 . 2013-06-02 02:09 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-02 02:09 . 2013-06-02 02:09 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-02 02:09 . 2013-06-02 02:09 235008 ----a-w- c:\windows\system32\url.dll
2013-06-02 02:09 . 2013-06-02 02:09 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-02 02:09 . 2013-06-02 02:09 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-02 02:09 . 2013-06-02 02:09 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-02 02:09 . 2013-06-02 02:09 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-02 02:09 . 2013-06-02 02:09 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-02 02:09 . 2013-06-02 02:09 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-02 02:09 . 2013-06-02 02:09 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-02 02:09 . 2013-06-02 02:09 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-02 02:09 . 2013-06-02 02:09 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-02 02:09 . 2013-06-02 02:09 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-02 02:09 . 2013-06-02 02:09 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-02 02:09 . 2013-06-02 02:09 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-02 02:09 . 2013-06-02 02:09 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-02 02:09 . 2013-06-02 02:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-02 02:09 . 2013-06-02 02:09 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-02 02:09 . 2013-06-02 02:09 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-02 02:09 . 2013-06-02 02:09 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-02 02:09 . 2013-06-02 02:09 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-02 02:09 . 2013-06-02 02:09 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-02 02:09 . 2013-06-02 02:09 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-02 02:09 . 2013-06-02 02:09 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-02 02:09 . 2013-06-02 02:09 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-02 02:09 . 2013-06-02 02:09 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-02 02:09 . 2013-06-02 02:09 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-02 02:09 . 2013-06-02 02:09 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-02 02:09 . 2013-06-02 02:09 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-02 02:09 . 2013-06-02 02:09 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-02 02:08 . 2013-06-02 02:08 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-06-09 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 kbvitbqx;kbvitbqx;c:\windows\system32\drivers\kbvitbqx.sys;c:\windows\SYSNATIVE\drivers\kbvitbqx.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
R3 HH9Help.sys;HH9Help.sys;c:\windows\system32\drivers\HH9Help.sys;c:\windows\SYSNATIVE\drivers\HH9Help.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
R4 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
R4 VC9SecS;Virtual CD v9 Management Service;c:\program files (x86)\Virtual CD v9\System\vc9secs.exe;c:\program files (x86)\Virtual CD v9\System\vc9secs.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 vdrv9000;vdrv9000;c:\windows\system32\DRIVERS\vdrv9000.sys;c:\windows\SYSNATIVE\DRIVERS\vdrv9000.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 ALSysIO;ALSysIO;c:\users\Andrew\AppData\Local\Temp\ALSysIO64.sys;c:\users\Andrew\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 vcd9bus;Virtual CD v9 Bus Enumerator;c:\windows\system32\DRIVERS\vcd9bus.sys;c:\windows\SYSNATIVE\DRIVERS\vcd9bus.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{CE83FE0D-7B7B-44F7-ADF9-D4CF8F1A4793}: NameServer = 75.75.76.76,75.75.75.75
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-{98A64C75-BFD6-4212-8746-8BADC7ABA79E} - c:\program files (x86)\InstallShield Installation Information\{98A64C75-BFD6-4212-8746-8BADC7ABA79E}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv9000]
"ImagePath"="system32\DRIVERS\vdrv9000.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
   36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c7,66,5a,79,f7,26,ce,01
.
[HKEY_USERS\S-1-5-21-2155619034-2924050384-2083576218-1000\Software\SecuROM\License information*]
"datasecu"=hex:f7,ab,65,18,23,3e,aa,0e,92,46,1c,3f,c2,8f,22,2e,5a,58,63,5a,ab,
   48,05,bf,83,10,b6,19,3f,de,a1,88,50,22,ed,d0,cd,7a,10,74,5d,df,cb,96,73,52,\
"rkeysecu"=hex:7e,17,9f,fc,39,f1,32,2a,40,70,36,d2,63,f4,21,e9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zp_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zp_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zp.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zp.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zp.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zp.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-14  14:38:29
ComboFix-quarantined-files.txt  2013-08-14 18:38
.
Pre-Run: 128,945,917,952 bytes free
Post-Run: 128,546,152,448 bytes free
.
- - End Of File - - 4B8BEE3B259788F7C30A2B2E083D706E
A36C5E4F47E84449FF07ED3517B43A31



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 15 August 2013 - 07:57 AM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
kbvitbqx

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 33

Remove also this old version of Flash
Adobe Flash Player 10 Flash

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===
Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Let me know what problem persists.

#9 ghost778

ghost778
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 15 August 2013 - 02:09 PM

I got rid of the old java and flash, but I cant download new versions of them yet from IE because of some update order mistake with IE10 and a windows update. Ill fix that when we finish this.

 

ComboFix 13-08-15.02 - Andrew 08/15/2013  14:30:14.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.9207.7381 [GMT -4:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
Command switches used :: c:\users\Andrew\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_kbvitbqx
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-15 to 2013-08-15  )))))))))))))))))))))))))))))))
.
.
2013-08-15 18:49 . 2013-07-02 05:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D784CE48-A8F7-4C3B-9771-8004E30FA883}\mpengine.dll
2013-08-15 18:37 . 2013-08-15 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-14 18:50 . 2013-07-02 05:34 9460976 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-10 21:16 . 2013-06-01 18:11 -------- d-----w- c:\users\Andrew\AppData\Local\KB1297893
2013-08-06 01:16 . 2013-08-06 01:16 312232 ----a-w- c:\windows\system32\javaws.exe
2013-08-06 01:16 . 2013-08-06 01:16 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-06 01:16 . 2013-08-06 01:16 189352 ----a-w- c:\windows\system32\javaw.exe
2013-08-06 01:16 . 2013-08-06 01:16 188840 ----a-w- c:\windows\system32\java.exe
2013-08-05 09:20 . 2013-08-05 09:20 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCDD35BA-7F14-4A86-87D0-7FB13F7FB457}\gapaengine.dll
2013-08-04 09:34 . 2013-08-04 09:34 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-08-04 09:34 . 2013-08-04 09:34 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-04 09:20 . 2013-08-14 18:01 263576 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-04 08:30 . 2013-08-04 08:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-04 08:30 . 2013-08-04 08:30 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-04 08:29 . 2013-08-04 08:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-07-23 03:26 . 2013-07-23 03:26 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 01:16 . 2012-12-03 22:17 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-06 01:16 . 2012-12-03 22:17 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-23 03:26 . 2013-04-20 20:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 00:34 . 2012-06-28 11:18 291096 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-07-22 00:34 . 2012-06-24 00:09 291096 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-07-22 00:33 . 2012-06-24 00:09 291096 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-06-24 04:41 . 2012-11-10 05:39 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 01:50 . 2013-06-19 01:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-15 00:36 . 2013-06-15 00:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-06-15 00:36 . 2013-06-15 00:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-06-15 00:36 . 2013-06-15 00:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-06-15 00:36 . 2013-06-15 00:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-06-13 07:08 . 2013-06-13 07:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-06-13 07:08 . 2013-06-13 07:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-06-13 07:08 . 2013-06-13 07:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-06-13 07:08 . 2013-06-13 07:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-06-11 23:43 . 2013-07-12 19:23 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-12 19:23 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-12 19:23 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-12 19:23 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-12 19:23 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-12 19:23 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-12 19:23 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-12 19:23 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-12 19:23 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-12 19:23 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-12 19:23 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-12 19:23 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-12 19:23 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-12 19:23 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-12 19:23 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-12 19:23 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-12 19:23 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-12 19:23 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-12 19:23 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-12 19:23 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-12 19:23 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-12 19:23 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-11 16:13 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 16:14 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 16:14 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-06-02 02:09 . 2013-06-02 02:09 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-02 02:09 . 2013-06-02 02:09 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-02 02:09 . 2013-06-02 02:09 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-02 02:09 . 2013-06-02 02:09 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-02 02:09 . 2013-06-02 02:09 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-02 02:09 . 2013-06-02 02:09 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-02 02:09 . 2013-06-02 02:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-02 02:09 . 2013-06-02 02:09 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-02 02:09 . 2013-06-02 02:09 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-02 02:09 . 2013-06-02 02:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-02 02:09 . 2013-06-02 02:09 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-02 02:09 . 2013-06-02 02:09 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-02 02:09 . 2013-06-02 02:09 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-02 02:09 . 2013-06-02 02:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-02 02:09 . 2013-06-02 02:09 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-02 02:09 . 2013-06-02 02:09 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-02 02:09 . 2013-06-02 02:09 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-02 02:09 . 2013-06-02 02:09 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-02 02:09 . 2013-06-02 02:09 441856 ----a-w- c:\windows\system32\html.iec
2013-06-02 02:09 . 2013-06-02 02:09 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-02 02:09 . 2013-06-02 02:09 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-02 02:09 . 2013-06-02 02:09 235008 ----a-w- c:\windows\system32\url.dll
2013-06-02 02:09 . 2013-06-02 02:09 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-02 02:09 . 2013-06-02 02:09 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-02 02:09 . 2013-06-02 02:09 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-02 02:09 . 2013-06-02 02:09 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-02 02:09 . 2013-06-02 02:09 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-02 02:09 . 2013-06-02 02:09 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-02 02:09 . 2013-06-02 02:09 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-02 02:09 . 2013-06-02 02:09 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-02 02:09 . 2013-06-02 02:09 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-02 02:09 . 2013-06-02 02:09 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-02 02:09 . 2013-06-02 02:09 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-02 02:09 . 2013-06-02 02:09 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-02 02:09 . 2013-06-02 02:09 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-02 02:09 . 2013-06-02 02:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-02 02:09 . 2013-06-02 02:09 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-02 02:09 . 2013-06-02 02:09 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-02 02:09 . 2013-06-02 02:09 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-02 02:09 . 2013-06-02 02:09 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-02 02:09 . 2013-06-02 02:09 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-02 02:09 . 2013-06-02 02:09 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-02 02:09 . 2013-06-02 02:09 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-02 02:09 . 2013-06-02 02:09 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-02 02:09 . 2013-06-02 02:09 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-02 02:09 . 2013-06-02 02:09 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-02 02:09 . 2013-06-02 02:09 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-02 02:09 . 2013-06-02 02:09 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-02 02:09 . 2013-06-02 02:09 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-02 02:08 . 2013-06-02 02:08 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-02 02:08 . 2013-06-02 02:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
R3 HH9Help.sys;HH9Help.sys;c:\windows\system32\drivers\HH9Help.sys;c:\windows\SYSNATIVE\drivers\HH9Help.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
R4 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
R4 VC9SecS;Virtual CD v9 Management Service;c:\program files (x86)\Virtual CD v9\System\vc9secs.exe;c:\program files (x86)\Virtual CD v9\System\vc9secs.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 vdrv9000;vdrv9000;c:\windows\system32\DRIVERS\vdrv9000.sys;c:\windows\SYSNATIVE\DRIVERS\vdrv9000.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 ALSysIO;ALSysIO;c:\users\Andrew\AppData\Local\Temp\ALSysIO64.sys;c:\users\Andrew\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 vcd9bus;Virtual CD v9 Bus Enumerator;c:\windows\system32\DRIVERS\vcd9bus.sys;c:\windows\SYSNATIVE\DRIVERS\vcd9bus.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{CE83FE0D-7B7B-44F7-ADF9-D4CF8F1A4793}: NameServer = 75.75.76.76,75.75.75.75
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{98A64C75-BFD6-4212-8746-8BADC7ABA79E} - c:\program files (x86)\InstallShield Installation Information\{98A64C75-BFD6-4212-8746-8BADC7ABA79E}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv9000]
"ImagePath"="system32\DRIVERS\vdrv9000.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
   36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c7,66,5a,79,f7,26,ce,01
.
[HKEY_USERS\S-1-5-21-2155619034-2924050384-2083576218-1000\Software\SecuROM\License information*]
"datasecu"=hex:f7,ab,65,18,23,3e,aa,0e,92,46,1c,3f,c2,8f,22,2e,5a,58,63,5a,ab,
   48,05,bf,83,10,b6,19,3f,de,a1,88,50,22,ed,d0,cd,7a,10,74,5d,df,cb,96,73,52,\
"rkeysecu"=hex:7e,17,9f,fc,39,f1,32,2a,40,70,36,d2,63,f4,21,e9
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-08-15  14:56:47 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-15 18:56
ComboFix2.txt  2013-08-14 18:38
.
Pre-Run: 135,108,796,416 bytes free
Post-Run: 134,441,123,840 bytes free
.
- - End Of File - - 807515DDD7A4F9EA19E2DE19AC5679B6
A36C5E4F47E84449FF07ED3517B43A31
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 16 August 2013 - 07:49 AM

Your logs are clean.

If still having issues with Exploit:Java/CVE-2013-1493

Have a look at this Microsoft article.
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2013-1493

Let me know if you have any other issues with this computer.

Edited by nasdaq, 16 August 2013 - 07:50 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 22 August 2013 - 08:54 AM

Are you still with me?

#12 ghost778

ghost778
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 23 August 2013 - 12:27 AM

Sorry bout that. Had to go out of town for a few days and it slipped my mind. Ive got it checking now to see if it still detects it.



#13 ghost778

ghost778
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 23 August 2013 - 10:18 PM

Fresh MSE scan finished. Still has 1493, but now has 1723 too. Is it possible it was reobtained? My browser apparently still had java enabled even though any site that required java said it wasnt enabled.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 24 August 2013 - 08:48 AM

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#15 ghost778

ghost778
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 24 August 2013 - 12:50 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2013 01
Ran by Andrew (administrator) on 24-08-2013 13:42:16
Running from C:\Users\Andrew\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1
Tcpip\..\Interfaces\{CE83FE0D-7B7B-44F7-ADF9-D4CF8F1A4793}: [NameServer]75.75.76.76,75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @Webzen.com/NPBrowserExt - C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\d8zwykrr.default\searchplugins\whitesmoke-us-customized-web-search.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Andrew\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-10] (SUPERAntiSpyware.com)
S4 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
S4 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-01-01] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S4 VC9SecS; C:\Program Files (x86)\Virtual CD v9\System\vc9secs.exe [132416 2007-12-03] (H+H Software GmbH)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [23816 2012-03-09] (CPUID)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH)
S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 slb; C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [81880 2013-03-20] ()
S3 slb; C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [81880 2013-03-20] ()
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [208696 2007-03-28] (StorageCraft)
R3 vcd9bus; C:\Windows\System32\DRIVERS\vcd9bus.sys [40216 2007-01-23] (H+H Software GmbH)
R3 ALSysIO; \??\C:\Users\Andrew\AppData\Local\Temp\ALSysIO64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-24 13:41 - 2013-08-24 13:41 - 01576734 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2013-08-20 22:44 - 2013-08-20 22:45 - 00000024 _____ C:\Users\Andrew\jagexappletviewer.preferences
2013-08-20 22:44 - 2013-08-20 22:44 - 00000000 ____D C:\.jagex_cache_32
2013-08-20 22:43 - 2013-08-20 22:43 - 00002094 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2013-08-20 22:43 - 2013-08-20 22:43 - 00002064 _____ C:\Users\Andrew\Desktop\RuneScape.lnk
2013-08-20 22:43 - 2013-08-20 22:43 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2013-08-20 22:35 - 2013-08-20 22:35 - 95060896 _____ (Oracle Corporation) C:\Users\Andrew\Downloads\jdk-7u25-windows-x64.exe
2013-08-20 21:28 - 2013-08-20 21:28 - 00002324 _____ C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
2013-08-20 20:59 - 2013-08-20 20:59 - 00002252 _____ C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
2013-08-20 14:54 - 2013-08-20 14:52 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2013-08-20 14:53 - 2013-08-20 14:53 - 00002300 _____ C:\Users\Public\Desktop\The Sims™ 3.lnk
2013-08-19 02:42 - 2013-08-19 02:56 - 00000000 ____D C:\Users\Andrew\Downloads\ePSXe180
2013-08-19 02:41 - 2013-08-19 02:41 - 00635413 _____ C:\Users\Andrew\Downloads\ePSXe180.zip
2013-08-19 02:34 - 2013-08-19 02:42 - 00000000 ____D C:\Users\Andrew\Downloads\ePSXe190
2013-08-19 02:34 - 2013-08-19 02:34 - 00638836 _____ C:\Users\Andrew\Downloads\ePSXe190.zip
2013-08-17 23:54 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-17 23:54 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-17 23:54 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-17 23:54 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-17 23:54 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-17 23:54 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-17 23:54 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-17 23:54 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-17 23:54 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-17 23:54 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-17 23:54 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-17 23:54 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-17 23:54 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-17 23:54 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-17 23:54 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-17 23:54 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-17 23:54 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-17 23:54 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-17 23:54 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-17 23:54 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-17 23:54 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-17 23:54 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-17 23:54 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-17 23:54 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-17 23:54 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-17 23:54 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-17 23:53 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-17 23:53 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-17 23:53 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-17 23:53 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-17 23:53 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-17 23:48 - 2013-08-17 23:50 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 04:27 - 2013-08-17 04:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 14:56 - 2013-08-15 14:56 - 00022670 _____ C:\ComboFix.txt
2013-08-14 14:49 - 2013-08-15 14:38 - 00001104 _____ C:\Windows\PFRO.log
2013-08-14 14:46 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 14:46 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 14:46 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 14:46 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 14:46 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 14:46 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 14:46 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 14:46 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 14:45 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 14:45 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 14:45 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 14:45 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 14:45 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 14:45 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 14:45 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 14:45 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 14:45 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 14:45 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 14:45 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 14:45 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 14:45 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 14:45 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 14:45 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 14:45 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 14:45 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 14:45 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 14:45 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 14:45 - 2012-11-30 01:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-08-14 14:45 - 2012-11-30 01:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-08-14 14:45 - 2012-11-30 01:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-14 14:45 - 2012-11-30 01:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-08-14 14:45 - 2012-11-30 01:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-08-14 14:45 - 2012-11-30 00:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-14 14:45 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-08-14 14:45 - 2012-11-29 23:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-08-14 14:45 - 2012-11-29 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-08-14 14:45 - 2012-11-29 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-14 14:45 - 2012-11-29 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-14 14:45 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-08-14 14:26 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-14 14:26 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-14 14:26 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-14 14:26 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-14 14:26 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-14 14:26 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-14 14:26 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-14 14:26 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-14 14:25 - 2013-08-15 14:56 - 00000000 ____D C:\Qoobox
2013-08-14 14:25 - 2013-08-15 14:37 - 00000000 ____D C:\Windows\erdnt
2013-08-14 14:12 - 2013-08-15 14:12 - 05104599 ____R (Swearware) C:\Users\Andrew\Desktop\ComboFix.exe
2013-08-11 17:36 - 2013-08-11 17:36 - 00000000 _____ C:\Windows\system32\config\SOFTWAREe8454c98
2013-08-10 17:16 - 2013-06-01 14:11 - 00000000 ____D C:\Users\Andrew\AppData\Local\KB1297893
2013-08-09 22:19 - 2013-08-09 22:19 - 00033696 _____ C:\Users\Andrew\Desktop\attach.txt
2013-08-09 22:19 - 2013-08-09 22:19 - 00020194 _____ C:\Users\Andrew\Desktop\dds.txt
2013-08-09 22:17 - 2013-06-07 23:48 - 00688992 ____R (Swearware) C:\Users\Andrew\Desktop\dds.com
2013-08-06 01:08 - 2013-08-06 01:08 - 00000000 _____ C:\Windows\system32\config\SOFTWAREbfa761a
2013-08-05 21:16 - 2013-08-05 21:16 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-05 21:16 - 2013-08-05 21:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-05 21:16 - 2013-08-05 21:16 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-05 21:16 - 2013-08-05 21:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-05 09:15 - 2013-08-05 09:15 - 00000000 _____ C:\Windows\system32\config\SOFTWAREfc713cf8
2013-08-04 05:34 - 2013-08-04 05:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-04 05:34 - 2013-08-04 05:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-03 12:32 - 2013-08-23 22:27 - 00004312 _____ C:\Windows\setupact.log
2013-08-03 12:32 - 2013-08-03 12:32 - 00000000 _____ C:\Windows\setuperr.log
2013-07-26 16:11 - 2013-07-31 22:43 - 00000000 ____D C:\Users\Andrew\Downloads\D&D
2013-07-25 22:51 - 2013-07-25 22:51 - 00005974 _____ C:\Users\Andrew\Documents\7-25-13.reg
2013-07-25 22:42 - 2013-07-25 22:42 - 04429440 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\ccsetup404.exe
2013-07-25 14:43 - 2013-08-06 21:17 - 00000000 ____D C:\Users\Andrew\Downloads\Pathfinder

==================== One Month Modified Files and Folders =======

2013-08-24 13:41 - 2013-08-24 13:41 - 01576734 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2013-08-24 00:01 - 2012-04-26 01:34 - 01473845 _____ C:\Windows\WindowsUpdate.log
2013-08-23 22:27 - 2013-08-03 12:32 - 00004312 _____ C:\Windows\setupact.log
2013-08-20 22:46 - 2012-09-06 02:56 - 00000024 _____ C:\Users\Andrew\random.dat
2013-08-20 22:45 - 2013-08-20 22:44 - 00000024 _____ C:\Users\Andrew\jagexappletviewer.preferences
2013-08-20 22:44 - 2013-08-20 22:44 - 00000000 ____D C:\.jagex_cache_32
2013-08-20 22:44 - 2012-09-06 02:56 - 00000045 _____ C:\Users\Andrew\jagex_cl_runescape_LIVE.dat
2013-08-20 22:44 - 2012-04-26 01:34 - 00000000 ____D C:\Users\Andrew
2013-08-20 22:43 - 2013-08-20 22:43 - 00002094 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2013-08-20 22:43 - 2013-08-20 22:43 - 00002064 _____ C:\Users\Andrew\Desktop\RuneScape.lnk
2013-08-20 22:43 - 2013-08-20 22:43 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2013-08-20 22:43 - 2012-09-06 02:56 - 00000000 ____D C:\Users\Andrew\jagexcache
2013-08-20 22:38 - 2012-12-03 18:16 - 00000000 ____D C:\Program Files\Java
2013-08-20 22:35 - 2013-08-20 22:35 - 95060896 _____ (Oracle Corporation) C:\Users\Andrew\Downloads\jdk-7u25-windows-x64.exe
2013-08-20 21:28 - 2013-08-20 21:28 - 00002324 _____ C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
2013-08-20 21:28 - 2012-07-31 02:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-20 21:03 - 2012-06-08 23:26 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-08-20 20:59 - 2013-08-20 20:59 - 00002252 _____ C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
2013-08-20 16:34 - 2009-07-14 00:45 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 16:34 - 2009-07-14 00:45 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 14:53 - 2013-08-20 14:53 - 00002300 _____ C:\Users\Public\Desktop\The Sims™ 3.lnk
2013-08-20 14:52 - 2013-08-20 14:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2013-08-20 13:59 - 2012-06-08 23:25 - 00000000 ____D C:\Users\Andrew\AppData\Local\Origin
2013-08-20 13:59 - 2012-06-08 23:25 - 00000000 ____D C:\ProgramData\Origin
2013-08-20 13:59 - 2012-06-08 23:24 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Origin
2013-08-20 13:58 - 2012-06-08 23:24 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-20 01:53 - 2012-08-24 02:06 - 00000000 ____D C:\Users\Andrew\Documents\4A Games
2013-08-19 23:23 - 2012-04-26 00:05 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-19 02:56 - 2013-08-19 02:42 - 00000000 ____D C:\Users\Andrew\Downloads\ePSXe180
2013-08-19 02:42 - 2013-08-19 02:34 - 00000000 ____D C:\Users\Andrew\Downloads\ePSXe190
2013-08-19 02:41 - 2013-08-19 02:41 - 00635413 _____ C:\Users\Andrew\Downloads\ePSXe180.zip
2013-08-19 02:34 - 2013-08-19 02:34 - 00638836 _____ C:\Users\Andrew\Downloads\ePSXe190.zip
2013-08-19 02:33 - 2013-06-11 00:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 01:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 00:03 - 2009-07-14 01:13 - 00889310 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 23:58 - 2012-04-26 02:25 - 00000000 ____D C:\Windows\Panther
2013-08-17 23:58 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 23:50 - 2013-08-17 23:48 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 23:48 - 2012-11-10 01:39 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-17 04:28 - 2013-07-22 23:26 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-17 04:28 - 2013-04-20 16:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-17 04:28 - 2012-04-28 19:17 - 00000000 ____D C:\Users\Andrew\AppData\Local\Adobe
2013-08-17 04:27 - 2013-08-17 04:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 15:02 - 2012-04-27 23:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\Apps\2.0
2013-08-15 14:56 - 2013-08-15 14:56 - 00022670 _____ C:\ComboFix.txt
2013-08-15 14:56 - 2013-08-14 14:25 - 00000000 ____D C:\Qoobox
2013-08-15 14:53 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-08-15 14:38 - 2013-08-14 14:49 - 00001104 _____ C:\Windows\PFRO.log
2013-08-15 14:37 - 2013-08-14 14:25 - 00000000 ____D C:\Windows\erdnt
2013-08-15 14:37 - 2009-07-13 22:34 - 18874368 _____ C:\Windows\system32\config\system.bak
2013-08-15 14:37 - 2009-07-13 22:34 - 123994112 _____ C:\Windows\system32\config\software.bak
2013-08-15 14:37 - 2009-07-13 22:34 - 06029312 _____ C:\Windows\system32\config\default.bak
2013-08-15 14:37 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-15 14:37 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-08-15 14:14 - 2009-07-14 01:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-15 14:12 - 2013-08-14 14:12 - 05104599 ____R (Swearware) C:\Users\Andrew\Desktop\ComboFix.exe
2013-08-15 13:58 - 2012-04-25 22:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-12 01:33 - 2013-03-22 16:40 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-08-11 17:36 - 2013-08-11 17:36 - 00000000 _____ C:\Windows\system32\config\SOFTWAREe8454c98
2013-08-11 13:39 - 2009-07-14 00:45 - 00487808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-09 22:19 - 2013-08-09 22:19 - 00033696 _____ C:\Users\Andrew\Desktop\attach.txt
2013-08-09 22:19 - 2013-08-09 22:19 - 00020194 _____ C:\Users\Andrew\Desktop\dds.txt
2013-08-09 22:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-06 21:17 - 2013-07-25 14:43 - 00000000 ____D C:\Users\Andrew\Downloads\Pathfinder
2013-08-06 01:08 - 2013-08-06 01:08 - 00000000 _____ C:\Windows\system32\config\SOFTWAREbfa761a
2013-08-05 21:16 - 2013-08-05 21:16 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-05 21:16 - 2013-08-05 21:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-05 21:16 - 2013-08-05 21:16 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-05 21:16 - 2013-08-05 21:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-05 21:16 - 2012-12-03 18:17 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-05 21:16 - 2012-12-03 18:17 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-05 09:15 - 2013-08-05 09:15 - 00000000 _____ C:\Windows\system32\config\SOFTWAREfc713cf8
2013-08-04 05:38 - 2012-04-25 22:47 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-04 05:38 - 2012-04-25 22:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-04 05:34 - 2013-08-04 05:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-04 05:34 - 2013-08-04 05:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-04 05:34 - 2012-04-25 22:39 - 00001945 _____ C:\Windows\epplauncher.mif
2013-08-04 05:21 - 2013-06-11 00:29 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-03 12:32 - 2013-08-03 12:32 - 00000000 _____ C:\Windows\setuperr.log
2013-08-02 19:46 - 2012-11-10 02:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-02 18:58 - 2012-05-19 02:20 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\BitTorrent
2013-08-01 12:46 - 2012-12-18 02:37 - 00000000 ____D C:\Users\Andrew\AppData\Local\Solid State Networks
2013-08-01 12:46 - 2012-12-18 02:36 - 00000000 ____D C:\Program Files (x86)\MeteorEntertainment
2013-07-31 22:43 - 2013-07-26 16:11 - 00000000 ____D C:\Users\Andrew\Downloads\D&D
2013-07-31 20:59 - 2010-11-20 23:24 - 00000000 __SHD C:\Users\Andrew\AppData\Roaming\bheftsti
2013-07-31 10:32 - 2012-05-19 02:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\Google
2013-07-30 18:51 - 2012-08-29 00:28 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype
2013-07-28 23:16 - 2012-07-31 03:48 - 00000000 ____D C:\Users\Andrew\AppData\Local\PMB Files
2013-07-28 23:16 - 2012-07-31 03:48 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-26 01:13 - 2013-08-17 23:54 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 01:13 - 2013-08-17 23:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 01:13 - 2013-08-17 23:53 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 01:12 - 2013-08-17 23:54 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 01:12 - 2013-08-17 23:54 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 01:12 - 2013-08-17 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 01:12 - 2013-08-17 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 01:12 - 2013-08-17 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 01:12 - 2013-08-17 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 01:12 - 2013-08-17 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 01:12 - 2013-08-17 23:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 01:12 - 2013-08-17 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 01:12 - 2013-08-17 23:53 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 01:12 - 2013-08-17 23:53 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 23:35 - 2013-08-17 23:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 23:13 - 2013-08-17 23:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 23:13 - 2013-08-17 23:54 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 23:12 - 2013-08-17 23:54 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 23:12 - 2013-08-17 23:54 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 23:12 - 2013-08-17 23:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 23:12 - 2013-08-17 23:54 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 23:12 - 2013-08-17 23:54 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 23:12 - 2013-08-17 23:54 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 23:12 - 2013-08-17 23:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 23:12 - 2013-08-17 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 23:12 - 2013-08-17 23:53 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 23:11 - 2013-08-17 23:54 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 23:11 - 2013-08-17 23:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 22:51 - 2013-07-25 22:51 - 00005974 _____ C:\Users\Andrew\Documents\7-25-13.reg
2013-07-25 22:49 - 2013-08-17 23:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 22:49 - 2012-06-26 20:12 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\TS3Client
2013-07-25 22:42 - 2013-07-25 22:42 - 04429440 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\ccsetup404.exe
2013-07-25 22:42 - 2012-06-15 09:01 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-25 22:42 - 2012-06-15 09:01 - 00000000 ____D C:\Program Files\CCleaner
2013-07-25 22:39 - 2013-08-17 23:54 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 21:59 - 2013-08-17 23:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 21:56 - 2013-04-16 12:39 - 00000000 ____D C:\Users\Andrew\Downloads\Visual Novels
2013-07-25 05:25 - 2013-08-14 14:45 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 04:57 - 2013-08-14 14:45 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-25 03:47 - 2012-08-07 16:07 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Spotify

Files to move or delete:
====================
ZeroAccess:
C:\Users\Andrew\AppData\Local\Google\Desktop\Install\{52fb779f-d484-c798-901f-f1db178cde1b}
C:\Users\Andrew\jagex_cl_loginapplet_LIVE.dat
C:\Users\Andrew\jagex_cl_oldschool_LIVE.dat
C:\Users\Andrew\jagex_cl_runescape_LIVE.dat
C:\Users\Andrew\jagex_cl_runescape_LIVE1.dat
C:\Users\Andrew\random.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 00:01

==================== End Of Log ============================

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users