Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected, unknown attacker


  • This topic is locked This topic is locked
8 replies to this topic

#1 molgenbuckeye

molgenbuckeye

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 13 November 2013 - 12:59 AM

adaware, spybot, and avast have been unable to find it.  prevents usage of webbrowser at varying degrees (IE, Mozilla, and Chrome all attempted) some days a little will work, other days nothing.  Torrent programs work fine.  Got first blue screen of death yesterday.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.25.2
Run by USER at 0:47:30 on 2013-11-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.1827 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\CISVC.EXE
C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\system32\mqsvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{526BA1B8-1D16-437B-B677-BF46FF3607AD} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{66672141-77B4-4E19-8E98-DB4A79F6F1D7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{66672141-77B4-4E19-8E98-DB4A79F6F1D7}\2375942554338333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{66672141-77B4-4E19-8E98-DB4A79F6F1D7}\363626235353434603635363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{66672141-77B4-4E19-8E98-DB4A79F6F1D7}\6556E6963656F575962756C6563737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{66672141-77B4-4E19-8E98-DB4A79F6F1D7}\745756374775962756C6563737 : DHCPNameServer = 4.2.2.2
TCP: Interfaces\{66672141-77B4-4E19-8E98-DB4A79F6F1D7}\C4C4F5255435944454E44535 : DHCPNameServer = 4.2.2.2
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\agxkwcp7.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.buckeyeplanet.com/forum/
FF - prefs.js: keyword.URL - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=76282B1B461E3D7FE9619050A1E5F4BB&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-11-12 20:05; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 5acec8330000000000000022fa76be9b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15781
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.015:58:34
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-12 205320]
R0 ksbus;KernSafe Virtual System Bus;C:\Windows\System32\drivers\ksbus64.sys [2011-8-25 31064]
R0 KScsiPrt;KernSafe Miniport;C:\Windows\System32\drivers\KSPrt64.sys [2011-8-25 128856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-12 1032416]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-13 57976]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-9-20 1236368]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-9-23 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-9-23 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-11-12 38984]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-12 84328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-12 50344]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-1-11 21992]
R2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-9-23 306232]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-2 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-2 827560]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-11 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-23 215040]
RUnknown ntgktxme;ntgktxme; [x]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-12 65776]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-11-12 409832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2009-9-23 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-5-13 5435904]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-5 19456]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-11-13 60536]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-5 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2074-05-07 23:38:48    203576    ------w-    C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2013-11-13 01:07:09    --------    d-----w-    C:\Users\USER\AppData\Roaming\AVAST Software
2013-11-13 01:06:03    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-11-13 01:06:03    205320    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-11-13 01:06:02    84328    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-11-13 01:06:02    1032416    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-11-13 01:06:01    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-11-13 01:05:54    43152    ----a-w-    C:\Windows\avastSS.scr
2013-11-13 01:05:33    --------    d-----w-    C:\Program Files\AVAST Software
2013-11-13 01:03:40    388096    ----a-r-    C:\Users\USER\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-13 01:03:40    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-11-13 01:01:53    --------    d-----w-    C:\ProgramData\AVAST Software
2013-10-27 23:04:17    192000    ----a-w-    C:\Windows\System32\iisRtl.dll
2013-10-27 23:04:15    154624    ----a-w-    C:\Windows\SysWow64\iisRtl.dll
2013-10-27 23:04:14    55296    ----a-w-    C:\Windows\System32\admwprox.dll
2013-10-27 23:04:11    50688    ----a-w-    C:\Windows\SysWow64\admwprox.dll
2013-10-27 23:04:09    16896    ----a-w-    C:\Windows\System32\iisreset.exe
2013-10-27 23:04:08    60928    ----a-w-    C:\Windows\System32\ahadmin.dll
2013-10-27 23:04:08    15360    ----a-w-    C:\Windows\SysWow64\iisreset.exe
2013-10-27 23:04:07    14848    ----a-w-    C:\Windows\System32\wamregps.dll
2013-10-27 23:04:06    8192    ----a-w-    C:\Windows\SysWow64\iisrstap.dll
2013-10-27 23:04:06    26624    ----a-w-    C:\Windows\SysWow64\ahadmin.dll
2013-10-27 23:04:06    11264    ----a-w-    C:\Windows\System32\iisrstap.dll
2013-10-27 23:04:06    10752    ----a-w-    C:\Windows\SysWow64\wamregps.dll
2013-10-27 20:58:58    --------    d-----w-    C:\Windows\SysWow64\BestPractices
2013-10-27 20:58:54    --------    d-----w-    C:\Windows\System32\msmq
2013-10-27 20:58:54    --------    d-----w-    C:\Windows\System32\BestPractices
2013-10-27 20:58:27    --------    d-----w-    C:\inetpub
2013-10-24 22:31:18    --------    d-----w-    C:\Program Files (x86)\Motorola Mobility
.
==================== Find3M  ====================
.
2013-11-06 13:09:02    45056    ----a-w-    C:\Windows\System32\acovcnt.exe
2013-10-28 06:13:42    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-28 06:13:42    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 14:42:33    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 14:33:53    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 14:33:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-09-22 14:23:30    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-09-22 14:21:21    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-09-22 14:15:47    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-22 10:22:59    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 10:14:39    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-09-22 10:13:22    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 10:08:41    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-09-22 10:06:58    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-09-22 10:03:18    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2009-02-13 15:02:52    80896    ----a-w-    C:\Program Files\devcon_amd64.exe
.
============= FINISH:  0:48:31.78 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 13 November 2013 - 04:08 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 molgenbuckeye

molgenbuckeye
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 14 November 2013 - 01:20 AM

That I know of, nothing has changed on the computer but  oddly today everything has worked for the first time in nearly a month.  Thank you for all you have done and for what I am sure you will continue to do.

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 14 November 2013 - 03:13 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 molgenbuckeye

molgenbuckeye
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 15 November 2013 - 01:53 AM

ComboFix 13-11-12.01 - USER 11/14/2013   9:52.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2298 [GMT -5:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-14 to 2013-11-14  )))))))))))))))))))))))))))))))
.
.
2074-05-07 23:38 . 2006-11-22 01:48    203576    ------w-    c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2013-11-14 15:00 . 2013-11-14 15:00    --------    d-----w-    c:\users\Mcx1-USER-PC\AppData\Local\temp
2013-11-14 15:00 . 2013-11-14 15:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-14 03:37 . 2013-11-14 03:37    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-14 03:37 . 2013-11-14 06:33    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-14 03:37 . 2013-11-14 03:37    116440    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-14 03:35 . 2013-11-14 03:35    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-11-13 03:43 . 2013-10-05 20:25    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-13 03:43 . 2013-10-05 19:57    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-11-13 03:43 . 2013-09-28 01:09    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-11-13 03:43 . 2013-10-04 02:24    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-11-13 03:43 . 2013-10-04 01:56    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-11-13 03:43 . 2013-10-04 02:28    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 03:43 . 2013-10-04 02:25    197120    ----a-w-    c:\windows\system32\credui.dll
2013-11-13 03:43 . 2013-10-04 01:58    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 03:43 . 2013-10-04 01:56    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2013-11-13 01:07 . 2013-11-13 01:07    --------    d-----w-    c:\users\USER\AppData\Roaming\AVAST Software
2013-11-13 01:06 . 2013-11-13 01:05    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-13 01:06 . 2013-11-13 01:05    65264    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-11-13 01:06 . 2013-11-13 01:05    205320    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-11-13 01:06 . 2013-11-13 01:05    84328    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-13 01:06 . 2013-11-13 01:05    409832    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-11-13 01:06 . 2013-11-13 01:05    38984    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-11-13 01:06 . 2013-11-13 01:05    1032416    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-13 01:06 . 2013-11-13 01:05    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-11-13 01:06 . 2013-11-13 01:05    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-11-13 01:05 . 2013-11-13 01:05    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-13 01:05 . 2013-11-13 01:05    --------    d-----w-    c:\program files\AVAST Software
2013-11-13 01:03 . 2013-11-13 01:03    388096    ----a-r-    c:\users\USER\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-13 01:03 . 2013-11-13 01:03    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-11-13 01:01 . 2013-11-13 01:01    --------    d-----w-    c:\programdata\AVAST Software
2013-11-04 14:49 . 2013-11-04 14:49    --------    d-----w-    c:\users\fix it
2013-10-27 23:04 . 2012-06-01 05:36    192000    ----a-w-    c:\windows\system32\iisRtl.dll
2013-10-27 23:04 . 2012-06-01 04:37    154624    ----a-w-    c:\windows\SysWow64\iisRtl.dll
2013-10-27 23:04 . 2012-06-01 05:34    55296    ----a-w-    c:\windows\system32\admwprox.dll
2013-10-27 23:04 . 2012-06-01 04:35    50688    ----a-w-    c:\windows\SysWow64\admwprox.dll
2013-10-27 23:04 . 2012-06-01 05:33    16896    ----a-w-    c:\windows\system32\iisreset.exe
2013-10-27 23:04 . 2012-06-01 05:35    60928    ----a-w-    c:\windows\system32\ahadmin.dll
2013-10-27 23:04 . 2012-06-01 04:34    15360    ----a-w-    c:\windows\SysWow64\iisreset.exe
2013-10-27 23:04 . 2012-06-01 05:39    14848    ----a-w-    c:\windows\system32\wamregps.dll
2013-10-27 23:04 . 2012-06-01 05:36    11264    ----a-w-    c:\windows\system32\iisrstap.dll
2013-10-27 23:04 . 2012-06-01 04:40    10752    ----a-w-    c:\windows\SysWow64\wamregps.dll
2013-10-27 23:04 . 2012-06-01 04:37    8192    ----a-w-    c:\windows\SysWow64\iisrstap.dll
2013-10-27 23:04 . 2012-06-01 04:35    26624    ----a-w-    c:\windows\SysWow64\ahadmin.dll
2013-10-27 20:59 . 2013-11-13 08:23    4194304    ----a-w-    c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-10-27 20:58 . 2013-10-27 20:58    --------    d-----w-    c:\windows\SysWow64\BestPractices
2013-10-27 20:58 . 2013-10-27 20:58    --------    d-----w-    c:\windows\system32\msmq
2013-10-27 20:58 . 2013-10-27 20:58    --------    d-----w-    c:\windows\system32\BestPractices
2013-10-27 20:58 . 2013-10-27 20:58    --------    d-----w-    C:\inetpub
2013-10-24 22:31 . 2013-11-05 02:42    --------    d-----w-    c:\program files (x86)\Motorola Mobility
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 08:01 . 2012-01-12 05:32    82896128    ----a-w-    c:\windows\system32\MRT.exe
2013-11-06 13:09 . 2012-01-20 19:59    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2013-10-28 06:13 . 2012-07-04 19:31    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-28 06:13 . 2012-01-10 04:01    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-13 22:51 . 2013-05-18 02:19    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-10-13 22:50 . 2013-06-28 05:30    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-10-13 22:50 . 2013-06-28 05:29    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-10-13 22:50 . 2013-05-18 02:18    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-09-08 02:30 . 2013-10-09 07:38    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 07:38    327168    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 07:38    231424    ----a-w-    c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 07:38    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 07:38    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 07:38    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 07:38    52736    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 07:38    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 07:38    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 07:38    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-09 07:39    5549504    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 07:39    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 07:39    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 07:39    859648    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 07:39    878080    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 07:39    3969472    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 07:39    3914176    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 07:39    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 07:39    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 07:39    619520    ----a-w-    c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 07:39    640512    ----a-w-    c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 07:39    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 07:39    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 07:39    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 07:39    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 07:39    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 07:39    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 07:38    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2009-02-13 15:02 . 2009-02-13 15:02    80896    ----a-w-    c:\program files\devcon_amd64.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-09-20 20:06    87448    ----a-w-    c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08    143360    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-13 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20    41056    ----a-w-    c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 19:30    272952    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-09-23 20:18    72248    ----a-w-    c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-09-23 20:18    3054136    ----a-w-    c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52    104936    ----a-w-    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE -startup
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ksbus;KernSafe Virtual System Bus;c:\windows\system32\DRIVERS\ksbus64.sys;c:\windows\SYSNATIVE\DRIVERS\ksbus64.sys [x]
S0 KScsiPrt;KernSafe Miniport;c:\windows\system32\DRIVERS\KSPrt64.sys;c:\windows\SYSNATIVE\DRIVERS\KSPrt64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [x]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWSP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 06:13]
.
2013-11-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-12-08 18:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-13 01:05    326944    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52    159744    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-02 1127592]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: cinemanow.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\agxkwcp7.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.buckeyeplanet.com/forum/
FF - prefs.js: keyword.URL - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=76282B1B461E3D7FE9619050A1E5F4BB&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-11-12 20:05; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 5acec8330000000000000022fa76be9b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15781
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.015:58
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-1ClickDownload - c:\program files (x86)\VipBoxSportsApp.com\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-71497647-2914112058-3217343024-1000\Software\SecuROM\License information*]
"datasecu"=hex:b8,3a,68,68,50,67,c7,c5,ea,58,68,0c,11,f3,d4,43,67,9d,c7,ea,1e,
   28,83,17,03,5a,f2,82,3c,0a,0a,6e,c6,db,23,15,2d,d0,71,ba,10,dc,8f,b6,a2,46,\
"rkeysecu"=hex:c6,6f,a8,cc,a4,45,17,ee,34,f5,25,ad,81,b0,50,5b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-14  10:04:52
ComboFix-quarantined-files.txt  2013-11-14 15:04
.
Pre-Run: 54,654,148,608 bytes free
Post-Run: 54,339,928,064 bytes free
.
- - End Of File - - 23641900583A1B956D62E59D54EC4B71
5C616939100B85E558DA92B899A0FC36
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 15 November 2013 - 04:01 AM

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either avast! or Lavasoft.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 molgenbuckeye

molgenbuckeye
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 16 November 2013 - 09:20 AM

Understood, Avast was only added a couple days before i began this thread.  a friend suggested perhaps my other virus programs were corrupted by the malware so i should download something different.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 18 November 2013 - 03:23 AM

Scan file(s) via VirusTotal

Please check the file in the code box via Virustotal

  • Click browse
  • copy the following into the search box

    c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
  • and click open.
  • click Send File.
please be patinet until the file is uploade completely. If you get the message

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
click on Reanalyse. Wait until Current status: Finished appears. Now, copy the link from within your browser´s adress bar and poste it here.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 21 November 2013 - 09:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users