Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZEROACCESS Rootkit-Am I infected sent me; DDS logs


  • This topic is locked This topic is locked
5 replies to this topic

#1 Big Ern

Big Ern

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:05:12 PM

Posted 25 November 2013 - 01:51 PM

Quietman7 asked me to post here. I have been having redirect problems,access denied to websites and a very slow computer. I have ran MBAM, ESET online scanner, JRT, RKILL, AdwCleaner and TDSSKiller.

 The most serious infection found is the ZEROACCESS rootkit.

Here is a link to the am I infected thread:

 

http://www.bleepingcomputer.com/forums/t/514924/mbam-found-rootkits-trojans-etcis-it-clean-now/

 

Attached is the DDS logs I was told to post:

 

 

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/31/2010 11:53:55 AM
System Uptime: 11/24/2013 3:16:54 PM (5 hours ago)
.
Motherboard: Dell Inc. |  | 0G848F
Processor: Pentium® Dual-Core CPU       T4400  @ 2.20GHz | Microprocessor | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 25.382 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP793: 11/21/2013 3:37:58 PM - Restore Operation
RP794: 11/24/2013 7:01:01 PM - Windows Backup
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1.2
Adobe Shockwave Player 11.6
Algebra 1 Teaching Textbook
AT&T Self Support Tool
Banctec Service Agreement
Barbie® As Sleeping Beauty
Bing Bar
Chica Password Manager 1.10.0.6
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Cozi
CREATE
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
ESET Online Scanner v3
Genieo
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 17
Java™ 6 Update 17 (64-bit)
JumpStart 3rd Grade
JumpStart Advanced 6th Grade
JumpStart Animal Adventures
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Math 5 Teaching Textbook
Math 6 Teaching Textbook
Math 7 Teaching Textbook
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pirate101
PowerDVD DX
Quickset64
RewardsArcadeSuite
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Smart PC Cleaner v3.0
Speedstudy US History
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/24/2013 9:20:20 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 12 time(s).
11/24/2013 9:20:17 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 11 time(s).
11/24/2013 9:20:11 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 10 time(s).
11/24/2013 8:21:57 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 9 time(s).
11/24/2013 8:21:57 PM, Error: Service Control Manager [7023]  - The Windows Search service terminated with the following error:  Cannot create a file when that file already exists.
11/24/2013 8:21:11 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 8 time(s).
11/24/2013 8:16:43 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 7 time(s).
11/24/2013 3:52:52 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 6 time(s).
11/24/2013 3:44:35 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 5 time(s).
11/24/2013 3:19:37 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 4 time(s).
11/24/2013 3:19:35 PM, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  Access is denied.
11/24/2013 3:18:43 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 3 time(s).
11/24/2013 3:18:26 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/24/2013 3:18:12 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/24/2013 3:17:41 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/24/2013 3:17:25 PM, Error: Service Control Manager [7023]  - The SeaPort service terminated with the following error:  %%-2147467243
11/23/2013 12:39:05 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 21 time(s).
11/23/2013 12:36:04 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 20 time(s).
11/23/2013 12:33:47 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 19 time(s).
11/23/2013 10:25:01 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{be2b71cc-3908-11df-a809-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{CAECE73F-A140-4985-A704-B682DDABAA63}' was corrupted and it has been recovered. Some data might have been lost.
11/22/2013 9:34:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 18 time(s).
11/22/2013 9:33:33 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 17 time(s).
11/22/2013 9:33:24 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 16 time(s).
11/22/2013 9:33:08 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 15 time(s).
11/22/2013 9:32:57 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 14 time(s).
11/22/2013 9:32:46 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 13 time(s).
11/22/2013 7:38:03 PM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
11/22/2013 6:21:24 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
11/22/2013 6:19:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/22/2013 6:19:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/22/2013 6:19:43 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/22/2013 6:19:42 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
11/22/2013 6:19:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/22/2013 6:19:24 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache spldr Wanarpv6
11/22/2013 6:19:22 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by kayla at 20:21:56 on 2013-11-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3032.1522 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Users\kayla\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Users\kayla\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} -
BHO: My Personal Homepage: {0538CF1C-8419-4800-ADBB-0C00C799FDA2} - C:\Users\kayla\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
uRun: [GenieoSystemTray] "C:\Users\kayla\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\kayla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\kayla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEPRIN~1.LNK - C:\Program Files (x86)\WePrint\WePrint Server.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
Trusted Zone: $talisma_url$
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C8DD16E0-B448-4441-8FEF-D19FF8BD7F8A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C8DD16E0-B448-4441-8FEF-D19FF8BD7F8A}\2375942554632363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C8DD16E0-B448-4441-8FEF-D19FF8BD7F8A}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-26 55280]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-7-30 517632]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-26 656624]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-26 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-2-26 393728]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-21 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-13 1255736]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-11-24 13:36:26    --------    d-----w-    C:\Users\kayla\AppData\Local\Diagnostics
2013-11-22 23:22:33    --------    d-----w-    C:\Program Files (x86)\ESET
2013-11-21 21:18:27    --------    d-----w-    C:\Windows\ERUNT
2013-11-21 21:08:22    --------    d-----w-    C:\AdwCleaner
2013-11-20 18:14:29    --------    d-----w-    C:\Users\kayla\AppData\Roaming\AVAST Software
2013-11-20 18:12:13    --------    d-----w-    C:\Program Files\AVAST Software
2013-11-20 18:11:24    --------    d-----w-    C:\ProgramData\AVAST Software
2013-11-20 17:29:14    --------    d-----w-    C:\Users\kayla\AppData\Roaming\Malwarebytes
2013-11-20 17:29:04    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-11-20 17:29:03    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-11-20 17:29:03    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-20 17:28:47    --------    d-----w-    C:\Users\kayla\AppData\Local\Programs
2013-11-16 09:51:34    10280728    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6795B3E-9EE0-4FA8-9F0A-8E27F4BEEB09}\mpengine.dll
2013-11-15 21:19:03    --------    d-----w-    C:\Users\kayla\AppData\Local\ElevatedDiagnostics
2013-10-28 03:01:23    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2013-10-28 03:01:23    530432    ----a-w-    C:\Windows\SysWow64\comctl32.dll
2013-10-28 03:00:16    41472    ----a-w-    C:\Windows\System32\lpk.dll
2013-10-28 03:00:16    368128    ----a-w-    C:\Windows\System32\atmfd.dll
2013-10-28 03:00:16    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-10-28 03:00:16    14336    ----a-w-    C:\Windows\System32\dciman32.dll
2013-10-28 03:00:15    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-10-28 03:00:15    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-10-28 03:00:15    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-10-28 03:00:15    25600    ----a-w-    C:\Windows\SysWow64\lpk.dll
2013-10-28 03:00:15    10240    ----a-w-    C:\Windows\SysWow64\dciman32.dll
2013-10-28 03:00:15    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-10-28 03:00:14    785624    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-10-28 03:00:01    100864    ----a-w-    C:\Windows\System32\drivers\usbcir.sys
2013-10-28 02:59:59    76800    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
2013-10-28 02:59:59    32896    ----a-w-    C:\Windows\System32\drivers\hidparse.sys
2013-10-28 02:47:01    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-28 02:47:00    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
.
==================== Find3M  ====================
.
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-03 18:35:10    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 20:26:42.20 ===============
 

 


Edited by Big Ern, 26 November 2013 - 12:40 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 29 November 2013 - 10:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
==============

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:05:12 PM

Posted 30 November 2013 - 02:46 PM

There were 2 RogueKiller logs. I have posted those along with the others you requested:

 

RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : kayla [Admin rights]
Mode : Remove -- Date : 11/29/2013 11:59:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] gentray.exe -- C:\Users\kayla\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [7] -> KILLED [TermProc]
[SUSP PATH] genupdater.exe -- C:\Users\kayla\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [7] -> KILLED [TermProc]
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" < [x] -> STOPPED

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoSystemTray ("C:\Users\kayla\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [7]) -> DELETED
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" >) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2890467021-2283987780-1082070393-1000\[...]\Run : GenieoSystemTray ("C:\Users\kayla\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [7]) -> [0x2] The system cannot find the file specified.
[RUN][ZeroAccess] HKUS\S-1-5-21-2890467021-2283987780-1082070393-1000\[...]\Run : Google Update ("C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" < [x]) -> DELETED
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" < [x]) -> [0x2] The system cannot find the file specified.
[SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" < [x]) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> DELETED
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> DELETED
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Folder] Install : C:\Users\kayla\AppData\Local\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][Folder] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][File] @ : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\@ [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\L\00000004.@ [-] --> DELETED
[ZeroAccess][File] 76603ac3 : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\L\76603ac3 [-] --> DELETED
[ZeroAccess][Folder] L : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\L [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\00000004.@ [-] --> DELETED
[ZeroAccess][File] 00000008.@ : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\00000008.@ [-] --> DELETED
[ZeroAccess][File] 80000000.@ : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\80000000.@ [-] --> DELETED
[ZeroAccess][File] 80000032.@ : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\80000032.@ [-] --> DELETED
[ZeroAccess][File] 80000064.@ : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\80000064.@ [-] --> DELETED
[ZeroAccess][Folder] U : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U [-] --> DELETED
[ZeroAccess][Folder] {7344f193-4334-372f-9d01-f84f59d8b2d4} : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] {7344f193-4334-372f-9d01-f84f59d8b2d4} : C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4} [-] --> DELETED
[ZeroAccess][File] @ : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\@ [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\L\00000004.@ [-] --> DELETED
[ZeroAccess][File] 201d3dde : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\L\201d3dde [-] --> DELETED
[ZeroAccess][File] 76603ac3 : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\L\76603ac3 [-] --> DELETED
[ZeroAccess][Folder] L : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\L [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\00000004.@ [-] --> DELETED
[ZeroAccess][File] 00000008.@ : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\00000008.@ [-] --> DELETED
[ZeroAccess][File] 80000000.@ : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\80000000.@ [-] --> DELETED
[ZeroAccess][File] 80000032.@ : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\80000032.@ [-] --> DELETED
[ZeroAccess][File] 80000064.@ : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\80000064.@ [-] --> DELETED
[ZeroAccess][Folder] U : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U [-] --> DELETED
[ZeroAccess][Folder] {7344f193-4334-372f-9d01-f84f59d8b2d4} : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ... : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \... [-] --> DELETED
[ZeroAccess][Folder]     : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\    [-] --> DELETED
[ZeroAccess][Folder] {7344f193-4334-372f-9d01-f84f59d8b2d4} : C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4} [-] --> DELETED

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK1665GSX +++++
--- User ---
[MBR] c0dc7fee16447e3075da1bb7971dd096
[BSP] c23e3143548f958391da41bdc6837df3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 1c55a6609273d830377ec355d948bb49
[BSP] aafa33fa3662bfde6c8ccef11f735e8d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 30531 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_11292013_115916.txt >>
RKreport[0]_S_11292013_115721.txt


 

 

 

RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : kayla [Admin rights]
Mode : Scan -- Date : 11/29/2013 11:57:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] gentray.exe -- C:\Users\kayla\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [7] -> KILLED [TermProc]
[SUSP PATH] genupdater.exe -- C:\Users\kayla\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [7] -> KILLED [TermProc]
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" < [x] -> STOPPED

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoSystemTray ("C:\Users\kayla\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [7]) -> FOUND
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" >) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2890467021-2283987780-1082070393-1000\[...]\Run : GenieoSystemTray ("C:\Users\kayla\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [7]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-2890467021-2283987780-1082070393-1000\[...]\Run : Google Update ("C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\?��?��?��\?��?��?��\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" >) -> FOUND
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" < [x]) -> FOUND
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" < [x]) -> FOUND
[SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\???ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe" < [x]) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Users\kayla\AppData\Local\Google\Desktop\Install [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK1665GSX +++++
--- User ---
[MBR] c0dc7fee16447e3075da1bb7971dd096
[BSP] c23e3143548f958391da41bdc6837df3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 1c55a6609273d830377ec355d948bb49
[BSP] aafa33fa3662bfde6c8ccef11f735e8d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 30531 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_11292013_115721.txt >>



 

 

ComboFix 13-11-27.01 - kayla 11/29/2013  13:11:24.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3032.1663 [GMT -5:00]
Running from: c:\users\kayla\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DSC_0565.JPG
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\background.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\extension.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\actions\icon1.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\icon128.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\icon16.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\notifications\icon1.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\analytics.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\chrome.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\cookie.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\debug.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\dom.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\fb_api.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\installer.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\message.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\push.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\request.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\time.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\background.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\app_api.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\async_api.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\bg_app_api.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\cookie_store.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\data_store.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\faye-browser-min.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\fb_bridge.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\jquery-1.4.2.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\jquery_later.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\util.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\popup.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\crossriderManifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\icons\actions\1.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\icons\icon128.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\icons\icon16.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\icons\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\api\chrome.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\api\cookie.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\api\message.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\app\background.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\app\extension.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\background.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\app_api.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\async_api.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\bg_app_api.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\cookie_store.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\crossriderAPI.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\data_store.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\delegate.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\events.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\logging.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\onBGDocumentLoad.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\popupResource\newPopup.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\popupResource\popup.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\reports.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\util.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\js\lib\xhr.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.23.113_0\popup.html
c:\users\kayla\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\windows\PFRO.log
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\jucheck.exe
c:\windows\SysWow64\jusched.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-28 to 2013-11-29  )))))))))))))))))))))))))))))))
.
.
2013-11-29 18:47 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BFB1B3-71C1-4A98-9C65-B6A2EB1ED406}\mpengine.dll
2013-11-29 18:38 . 2013-10-14 23:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-11-29 18:23 . 2013-11-29 18:23    --------    d-----w-    c:\users\jonathan\AppData\Local\temp
2013-11-29 18:23 . 2013-11-29 18:23    --------    d-----w-    c:\users\jonathan.kayla-PC\AppData\Local\temp
2013-11-29 18:23 . 2013-11-29 18:23    --------    d-----w-    c:\users\Home2\AppData\Local\temp
2013-11-29 18:23 . 2013-11-29 18:23    --------    d-----w-    c:\users\HOME\AppData\Local\temp
2013-11-29 18:23 . 2013-11-29 18:23    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-11-29 18:23 . 2013-11-29 18:23    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-29 18:23 . 2013-11-29 18:23    --------    d-----w-    c:\users\lizzy\AppData\Local\temp
2013-11-29 18:23 . 2013-11-29 18:23    --------    d-----w-    c:\users\KEVIN\AppData\Local\temp
2013-11-29 18:23 . 2013-11-29 18:23    --------    d-----w-    c:\users\ANDREW\AppData\Local\temp
2013-11-29 18:23 . 2013-11-29 18:23    --------    d-----w-    c:\users\Andrew.kayla-PC\AppData\Local\temp
2013-11-24 13:36 . 2013-11-24 13:36    --------    d-----w-    c:\users\kayla\AppData\Local\Diagnostics
2013-11-22 23:22 . 2013-11-22 23:22    --------    d-----w-    c:\program files (x86)\ESET
2013-11-21 21:18 . 2013-11-21 21:18    --------    d-----w-    c:\windows\ERUNT
2013-11-21 21:08 . 2013-11-21 21:11    --------    d-----w-    C:\AdwCleaner
2013-11-20 18:14 . 2013-11-20 18:14    --------    d-----w-    c:\users\kayla\AppData\Roaming\AVAST Software
2013-11-20 18:12 . 2013-11-20 18:12    --------    d-----w-    c:\program files\AVAST Software
2013-11-20 18:11 . 2013-11-20 18:11    --------    d-----w-    c:\programdata\AVAST Software
2013-11-20 17:29 . 2013-11-20 17:29    --------    d-----w-    c:\users\kayla\AppData\Roaming\Malwarebytes
2013-11-20 17:29 . 2013-11-21 20:44    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-20 17:29 . 2013-11-23 17:40    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-20 17:29 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-20 17:28 . 2013-11-20 17:28    --------    d-----w-    c:\users\kayla\AppData\Local\Programs
2013-11-15 21:49 . 2013-11-15 21:49    --------    d-----w-    c:\users\Andrew.kayla-PC\Tracing
2013-11-15 21:19 . 2013-11-15 21:19    --------    d-----w-    c:\users\kayla\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-29 18:37 . 2010-09-16 09:18    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-11-29 18:37 . 2010-09-16 09:17    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-11-29 18:37 . 2010-09-16 09:16    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-11-29 18:37 . 2011-09-21 00:10    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-11-19 08:33 . 2012-12-26 13:08    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-16 12:28 . 2011-09-21 00:11    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-11-16 12:27 . 2011-09-21 13:17    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-11-16 12:27 . 2011-09-21 13:16    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-11-16 12:27 . 2010-09-16 09:16    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-09-08 02:30 . 2013-10-28 02:49    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-28 02:49    327168    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-28 02:49    231424    ----a-w-    c:\windows\SysWow64\mswsock.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0538CF1C-8419-4800-ADBB-0C00C799FDA2}]
2012-06-25 14:01    88416    ----a-w-    c:\users\kayla\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
.
c:\users\ANDREW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\KEVIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\lizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Andrew.kayla-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\jonathan.kayla-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 aswSP;aswSP; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 17:44    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09 19:24]
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09 19:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: genieo.com\yahoo
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
c:\users\kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe
SafeBoot-55138027.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Smart PC Cleaner_is1 - c:\program files (x86)\Smart PC Cleaner\unins000.exe
AddRemove-RewardsArcadeSuite - c:\program files (x86)\RewardsArcadeSuite\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2013-11-29  14:00:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-29 19:00
.
Pre-Run: 28,688,953,344 bytes free
Post-Run: 32,451,313,664 bytes free
.
- - End Of File - - C84FA945D86C4A8373CD42E92EB8B7AC
CDB4DE4BBD714F152979DA2DCBEF57EB
 

 

 

 

 

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Smart PC Cleaner v3.0  
 Java™ 6 Update 17  
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 30.0.1599.101  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````
 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 01 December 2013 - 09:47 AM

That was a good clean-up.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u45 was released on Oct. 15. 2013.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 17

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Adobe Reader/Acrobat v11.0.05 released Oct 8, 2013


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Please let me know what problem perists with this computer.

#5 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:05:12 PM

Posted 02 December 2013 - 01:33 PM

It seems that the computer is functioning normally now :bananas:

Thanks so much for your help!

 

You and bleeping computer are so bleepin' awesome!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 03 December 2013 - 08:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users