Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Password stealer "Win32/Zbot.gen!AP" and unknown virus "Zyobpa\omfaere.exe"


  • This topic is locked This topic is locked
28 replies to this topic

#1 canadadan7

canadadan7

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 16 December 2013 - 02:05 AM

Hi there, I contracted "Antivirus Security Pro" fake virus suite a few weeks ago, and followed the guide on this website to remove it. While most of the effects from it were removed, a website redirect problem has persisted. The redirect problem uncommonly happens, but when it does it sends me to a random ad website rather than what I wanted to visit. It is possible that some other aspects have persisted as well.

 

 

 

Tonight, one of the website redirects sent me to a website that instantly downloaded a virus. Microsoft Security Essentials instantly caught it, but it kept duplicating. MSE kept catching it and catching it. It was in the form of a fake Java update exe file in \AppData\Local\Temp. Windows UAC would prompt me, asking me if I wanted to run the software. I kept clicking no, though I think once or twice I was typing and as I pressed enter on what I was typing, it popped up, and I may have simultaneously pressed enter and accidentally accepted to run it (I can't confirm this for sure). Also, a few times I was prompted with a download from "loadus.exelator.com", which I also tried to refuse each time.

 

Back from when I was trying to remove Antivirus Security Pro, I downloaded Rkill and Malwarebytes on my computer, and since I still have them installed I used them and MSE to get rid of much of the immediate problems with the attack. The fake Java update problem seems to be completely gone, but other problems are leftover.

 

 

Current problems:

 

-I am left with what MSE calls "Win32/Zbot.gen!AP", a password stealer. No matter how many times I remove it with MSE, MSE asks to restart the PC, and it comes back.

 

-I still have a website redirect problem.

 

-MSE keeps asking me to send Microsoft information on "zyobpa\omfaere.exe", a process in the taskmanager that seems to duplicate itself and sometimes takes up a lot of CPU. When used, Rkill also catches every instance of it and stops them. They are located at \AppData\Roaming\Zyobpa\omfaere.exe. If I delete the process from the taskmanager, it will usually soon pop back up. Internet searches reveal very little info on it, and it seems that while MSE prompts me to send more info on it (which I have done), it is currently an unknown virus name.

 

 

 

I appreciate everything you do with this website, and thank you in advance for any help you give me.

~Dan

 

Logs:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.9.2
Run by Drdan at 1:11:32 on 2013-12-16
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.16351.14309 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Drdan\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Drdan\AppData\Roaming\MotioninJoy\WIN7A28.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Users\Drdan\AppData\Roaming\Zyobpa\omfaere.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit = userinit.exe,
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Adblock IE: {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: FlashCatchBHO Class: {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
TB: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
uRun: [7 Taskbar Tweaker] "C:\Users\Drdan\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe" -hidewnd
uRun: [MediaFire Tray] "C:\Users\Drdan\AppData\Local\MediaFire Express\mf_systray.exe" --boot-start
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [AQDworks] regsvr32.exe C:\Users\Drdan\AppData\Local\AQDworks\Addonenc80.dll
uRun: [Ledusoalkubil] C:\Users\Drdan\AppData\Roaming\Zyobpa\omfaere.exe
uRun: [GameServer507] "C:\Users\Drdan\AppData\Roaming\MotioninJoy\WIN7A28.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Drdan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E8F23E2F-F136-4BE7-985D-05EC3BF0B08D} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Adblock IE: {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-27 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-27 128280]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-27 189608]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-27 161560]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-22 15125280]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-11-4 1228504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-27 363800]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-27 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-27 785688]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-5 39200]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-11-4 18456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-11-4 660184]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-7-18 121416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-29 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-29 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-29 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2013-12-16 06:09:48 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C4465DB-E44B-4EF1-B6DF-2925E2BAB341}\offreg.dll
2013-12-16 05:19:45 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C4465DB-E44B-4EF1-B6DF-2925E2BAB341}\mpengine.dll
2013-12-16 04:07:15 -------- d-----w- C:\Users\Drdan\AppData\Roaming\Zyobpa
2013-12-16 04:03:53 86016 ----a-w- C:\Users\Drdan\3595351.exe
2013-12-15 04:49:14 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-12 22:53:52 -------- d-----w- C:\Program Files (x86)\PFPortChecker
2013-12-12 03:33:59 -------- d--h--w- C:\Windows\PIF
2013-12-12 03:33:23 -------- d-----w- C:\Program Files\7DaysToDie-Alpha
2013-12-09 00:37:31 -------- d-----w- C:\Program Files\Paint.NET
2013-12-09 00:37:15 -------- d-----w- C:\Users\Drdan\AppData\Local\Paint.NET
2013-12-06 18:13:54 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6DC5D570-C569-4152-8DBF-8AB11F5DD756}\gapaengine.dll
2013-12-06 05:05:43 -------- d-----w- C:\Users\Drdan\AppData\Local\4A Games
2013-12-04 16:58:42 -------- d-----w- C:\Users\Drdan\AppData\Roaming\3909
2013-11-23 23:21:31 -------- d-----w- C:\Windows\System32\MRT
2013-11-23 23:13:57 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-11-23 23:11:55 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-23 23:11:55 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-23 23:11:55 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-23 23:11:55 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-23 23:11:55 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-23 23:11:10 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-11-23 23:11:10 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-11-23 02:07:18 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-23 02:06:57 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-11-23 02:06:57 111448 ----a-w- C:\Windows\System32\consent.exe
2013-11-23 01:44:55 -------- d-----w- C:\Program Files\iPod
2013-11-23 01:44:54 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 01:44:54 -------- d-----w- C:\Program Files\iTunes
2013-11-23 01:44:54 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-23 01:17:44 -------- d-----w- C:\Users\Drdan\AppData\Local\Secunia PSI
2013-11-23 01:17:33 -------- d-----w- C:\Program Files (x86)\Secunia
2013-11-22 07:14:42 -------- d-----w- C:\Users\Drdan\AppData\Local\CDWLauncher
2013-11-21 03:25:47 -------- d-----w- C:\Program Files (x86)\Diablo III
2013-11-20 04:33:39 -------- d-----w- C:\Users\Drdan\AppData\Local\NVIDIA Corporation
2013-11-17 06:19:13 -------- d-----w- C:\Users\Drdan\AppData\Local\Adobe
.
==================== Find3M  ====================
.
2013-11-23 01:38:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-23 01:38:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-11 15:02:02 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-11-11 13:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-11-08 20:47:40 1064224 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-11-08 20:47:39 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-11-04 12:42:02 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-10-23 10:30:23 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll
2013-10-23 10:30:23 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 23:01:44 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-09-27 23:01:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-09-27 23:01:38 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-09-27 14:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 14:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH:  1:12:26.92 ===============

 

Attached Files


Edited by canadadan7, 16 December 2013 - 02:17 AM.


BC AdBot (Login to Remove)

 


#2 canadadan7

canadadan7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 16 December 2013 - 03:53 AM

Little update:

 

Mysterious virus "omfaere.exe", which comes up in the task manager a lot (and duplicate and take up a lot of memory), had one of its many instances crash randomly.

 

I used the Event Viewer to find the error report from Windows, and it references Flash.

I have Flash version 11.9.900.152 and the current version is 11.9.900.170

I hope it is useful:

 

General:

 

Faulting application name: omfaere.exe, version: 2304.0.65013.55500, time stamp: 0x5287b82d

Faulting module name: Flash32_11_9_900_152.ocx, version: 11.9.900.152, time stamp: 0x526f02a2

Exception code: 0xc0000005

Fault offset: 0x001b48ef

Faulting process id: 0x2818

Faulting application start time: 0x01cefa38c2b66dec

Faulting application path: C:\Users\Drdan\AppData\Roaming\Zyobpa\omfaere.exe

Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_9_900_152.ocx

Report Id: 129ae59c-662c-11e3-98b5-00224d82f2ba

 

 

Details:

 

 

 

- System

 

    - Provider
      [ Name] Application Error
    - EventID 1000
      [ Qualifiers] 0

      Level 2       Task 100       Keywords 0x80000000000000    

    - TimeCreated

      [ SystemTime] 2013-12-16T08:28:43.000000000Z
      EventRecordID 22382460       Channel Application       Computer DrdanPC       Security

 

- EventData

 

     

omfaere.exe

 

     

2304.0.65013.55500

 

     

5287b82d

 

     

Flash32_11_9_900_152.ocx

 

     

11.9.900.152

 

     

526f02a2

 

     

c0000005

 

     

001b48ef

 

     

2818

 

     

01cefa38c2b66dec

 

     

C:\Users\Drdan\AppData\Roaming\Zyobpa\omfaere.exe

 

     

C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_9_900_152.ocx

 

     

129ae59c-662c-11e3-98b5-00224d82f2ba

 


Edited by canadadan7, 16 December 2013 - 03:59 AM.


#3 canadadan7

canadadan7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 17 December 2013 - 01:33 AM

Another update:

Updated malwarebytes and MSE databases today, and though the databases are only a day newer than they used to be, they seem to now be catching the Zyobpa\omfaere.exe because it no longer appears in taskmanager at all. MSE then also caught TrojanDownloader:Win32/Upatre.B sitting in my windows user folder. Hope this info helps.



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 PM

Posted 21 December 2013 - 02:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.
 

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517614 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:
 

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:
 

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!


Edited by Orange Blossom, 29 December 2013 - 03:18 AM.
Topic reopened and member's request. ~ OB


#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 29 December 2013 - 07:59 AM

Hello there,

 

 

I will be taking your log. :) You can call me Elle. 

 

Please follow the instructions posted by HelpBot and we can continue helping you.

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#6 canadadan7

canadadan7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 30 December 2013 - 05:49 PM

As said before, the only problem I am currently noticing now is website redirecting. This is still the case. I do not know what might still be lingering on my computer though.

 

I use Internet Explorer 10, but am going to upgrade to 11. I use Chrome as a secondary.

 

I am running Windows 7 Ultimate 64-bit (6.1 Build 7601), and I don't think I have the Windows CD at my house, though I might be able to get it.

 

 

Thanks in advance for your help, Elle, here is the DDS info:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.9.2
Run by Drdan at 17:39:29 on 2013-12-30
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.16351.13733 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Drdan\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Drdan\AppData\Roaming\MotioninJoy\WIN7A28.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit = userinit.exe,
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Adblock IE: {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: FlashCatchBHO Class: {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
TB: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
uRun: [7 Taskbar Tweaker] "C:\Users\Drdan\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe" -hidewnd
uRun: [MediaFire Tray] "C:\Users\Drdan\AppData\Local\MediaFire Express\mf_systray.exe" --boot-start
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [AQDworks] regsvr32.exe C:\Users\Drdan\AppData\Local\AQDworks\Addonenc80.dll
uRun: [GameServer507] "C:\Users\Drdan\AppData\Roaming\MotioninJoy\WIN7A28.exe"
uRun: [Ledusoalkubil] C:\Users\Drdan\AppData\Roaming\Zyobpa\omfaere.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Drdan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E8F23E2F-F136-4BE7-985D-05EC3BF0B08D} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Adblock IE: {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-27 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-27 128280]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-27 189608]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-27 161560]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-24 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-22 15129376]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-11-4 1228504]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-11-4 660184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-27 363800]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-27 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-27 785688]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-24 39200]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-11-4 18456]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-7-18 121416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-29 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-29 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-29 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
.
=============== Created Last 30 ================
.
2013-12-30 19:18:28 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B3874B1-8BF2-40B3-92EE-A4FD550BD29C}\offreg.dll
2013-12-30 19:18:08 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B3874B1-8BF2-40B3-92EE-A4FD550BD29C}\mpengine.dll
2013-12-29 08:45:26 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-25 00:01:35 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-25 00:01:35 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-24 23:57:43 -------- d-----w- C:\Users\Drdan\AppData\Local\Arma 3
2013-12-24 23:57:43 -------- d-----w- C:\ProgramData\Bohemia Interactive
2013-12-19 07:47:26 -------- d-----w- C:\ProgramData\winLAME
2013-12-19 07:47:25 -------- d-----w- C:\Program Files (x86)\winLAME
2013-12-16 04:07:15 -------- d-----w- C:\Users\Drdan\AppData\Roaming\Zyobpa
2013-12-12 22:53:52 -------- d-----w- C:\Program Files (x86)\PFPortChecker
2013-12-12 03:33:59 -------- d--h--w- C:\Windows\PIF
2013-12-12 03:33:23 -------- d-----w- C:\Program Files\7DaysToDie-Alpha
2013-12-09 00:37:31 -------- d-----w- C:\Program Files\Paint.NET
2013-12-09 00:37:15 -------- d-----w- C:\Users\Drdan\AppData\Local\Paint.NET
2013-12-06 18:13:54 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6DC5D570-C569-4152-8DBF-8AB11F5DD756}\gapaengine.dll
2013-12-06 05:05:43 -------- d-----w- C:\Users\Drdan\AppData\Local\4A Games
2013-12-04 16:58:42 -------- d-----w- C:\Users\Drdan\AppData\Roaming\3909
.
==================== Find3M  ====================
.
2013-12-16 10:03:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-16 10:03:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-11 15:02:02 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-11-11 13:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-11-04 12:42:02 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-10-23 10:30:23 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll
2013-10-23 10:30:23 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 17:40:03.36 ===============
 

Attached Files


Edited by canadadan7, 30 December 2013 - 05:51 PM.


#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 31 December 2013 - 05:28 AM

Hi there,

 

 


Please download ComboFix from one of these locations:
 
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.
     

    Query_RC.gif

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
     

    RC_successful.gif

     
     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
     
     
     
     
     
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #8 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:06:55 AM

    Posted 02 January 2014 - 04:10 AM

    Hi,

     

    Do you still need help? Please let me know. 

     

     

     

    Elle


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #9 canadadan7

    canadadan7
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:11:55 PM

    Posted 03 January 2014 - 03:39 AM

    Yes I still need help. I'll get that log soon.



    #10 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:06:55 AM

    Posted 03 January 2014 - 08:38 PM

    Hi there,

     

     

    I am waiting for your reply. :)

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #11 canadadan7

    canadadan7
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:11:55 PM

    Posted 04 January 2014 - 09:19 PM

    Hi Elle, sorry for the delay. Here is the ComboFix Log:

     

     

    ComboFix 14-01-04.03 - Drdan 04/01/2014  20:56:07.1.4 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.16351.13021 [GMT -5:00]
    Running from: c:\users\Drdan\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-12-05 to 2014-01-05  )))))))))))))))))))))))))))))))
    .
    .
    2014-01-05 02:12 . 2014-01-05 02:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-01-04 10:21 . 2014-01-04 10:21 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232F158F-CFA9-4222-8609-F7A8FA859D8D}\offreg.dll
    2014-01-04 10:21 . 2014-01-04 10:21 46768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232F158F-CFA9-4222-8609-F7A8FA859D8D}\MpKslecc73470.sys
    2014-01-04 10:18 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232F158F-CFA9-4222-8609-F7A8FA859D8D}\mpengine.dll
    2014-01-03 16:56 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-12-25 00:01 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2013-12-25 00:01 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2013-12-24 23:57 . 2013-12-28 03:22 -------- d-----w- c:\users\Drdan\AppData\Local\Arma 3
    2013-12-24 23:57 . 2013-12-24 23:57 -------- d-----w- c:\programdata\Bohemia Interactive
    2013-12-19 07:47 . 2013-12-19 07:47 -------- d-----w- c:\programdata\winLAME
    2013-12-19 07:47 . 2013-12-19 07:47 -------- d-----w- c:\program files (x86)\winLAME
    2013-12-19 06:55 . 2013-12-19 07:28 -------- d-----w- c:\users\Drdan\AppData\Roaming\ImgBurn
    2013-12-19 06:16 . 2013-12-19 06:16 -------- d-----w- c:\program files (x86)\ImgBurn
    2013-12-16 04:07 . 2013-12-16 19:49 -------- d-----w- c:\users\Drdan\AppData\Roaming\Zyobpa
    2013-12-12 22:53 . 2013-12-12 22:53 -------- d-----w- c:\program files (x86)\PFPortChecker
    2013-12-12 03:33 . 2013-12-12 03:33 -------- d--h--w- c:\windows\PIF
    2013-12-12 03:33 . 2013-12-12 03:42 -------- d-----w- c:\program files\7DaysToDie-Alpha
    2013-12-09 00:37 . 2013-12-09 00:37 -------- d-----w- c:\program files\Paint.NET
    2013-12-09 00:37 . 2013-12-09 02:31 -------- d-----w- c:\users\Drdan\AppData\Local\Paint.NET
    2013-12-06 18:13 . 2013-10-19 16:40 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DC5D570-C569-4152-8DBF-8AB11F5DD756}\gapaengine.dll
    2013-12-06 05:05 . 2013-12-06 05:05 -------- d-----w- c:\users\Drdan\AppData\Local\4A Games
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-04 05:38 . 2012-12-01 01:18 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2014-01-04 05:38 . 2012-12-01 01:17 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2014-01-04 05:00 . 2012-12-01 01:17 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2013-12-16 10:03 . 2012-11-30 03:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-16 10:03 . 2012-11-30 03:52 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-10 02:13 . 2013-11-05 08:17 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2013-12-10 02:13 . 2013-11-05 08:17 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
    2013-12-05 08:42 . 2013-08-22 18:32 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
    2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
    2013-11-14 11:55 . 2012-11-28 02:16 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2013-11-14 11:55 . 2012-10-11 02:23 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2013-11-14 11:55 . 2013-11-21 04:35 12613408 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2013-11-14 11:55 . 2013-11-21 04:35 9619872 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2013-11-14 11:55 . 2013-11-21 04:35 707360 ----a-w- c:\windows\system32\NvFBC64.dll
    2013-11-14 11:55 . 2013-11-21 04:35 657184 ----a-w- c:\windows\system32\NvIFR64.dll
    2013-11-14 11:55 . 2013-11-21 04:35 609568 ----a-w- c:\windows\SysWow64\NvFBC.dll
    2013-11-14 11:55 . 2013-11-21 04:35 562464 ----a-w- c:\windows\SysWow64\NvIFR.dll
    2013-11-14 11:55 . 2013-11-21 04:35 479520 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
    2013-11-14 11:55 . 2013-11-21 04:35 405280 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
    2013-11-14 11:55 . 2013-11-21 04:35 357152 ----a-w- c:\windows\system32\NvIFROpenGL.dll
    2013-11-14 11:55 . 2013-11-21 04:35 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
    2013-11-14 11:55 . 2013-11-21 04:35 314656 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
    2013-11-14 11:55 . 2013-11-21 04:35 30361888 ----a-w- c:\windows\system32\nvoglv64.dll
    2013-11-14 11:55 . 2013-11-21 04:35 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
    2013-11-14 11:55 . 2013-11-21 04:35 22951200 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2013-11-14 11:55 . 2013-11-21 04:35 168616 ----a-w- c:\windows\system32\nvinitx.dll
    2013-11-14 11:55 . 2013-11-21 04:35 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
    2013-11-14 11:55 . 2013-11-21 04:35 1242400 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2013-11-14 11:55 . 2013-11-21 04:35 11514624 ----a-w- c:\windows\system32\nvopencl.dll
    2013-11-14 11:55 . 2012-11-28 02:16 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
    2013-11-14 11:55 . 2013-11-21 04:35 1884448 ----a-w- c:\windows\system32\nvdispco6433182.dll
    2013-11-14 11:55 . 2013-11-21 04:35 1511712 ----a-w- c:\windows\system32\nvdispgenco6433182.dll
    2013-11-14 11:55 . 2013-11-21 04:35 9691888 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2013-11-14 11:55 . 2013-11-21 04:35 3132704 ----a-w- c:\windows\system32\nvcuvid.dll
    2013-11-14 11:55 . 2013-11-21 04:35 3125024 ----a-w- c:\windows\system32\nvcuvenc.dll
    2013-11-14 11:55 . 2013-11-21 04:35 2947872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2013-11-14 11:55 . 2013-11-21 04:35 2747680 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2013-11-14 11:55 . 2013-11-21 04:35 18208624 ----a-w- c:\windows\system32\nvd3dumx.dll
    2013-11-14 11:55 . 2012-11-28 02:15 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-11-14 11:55 . 2013-11-21 04:35 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2013-11-14 11:55 . 2013-11-21 04:35 11600432 ----a-w- c:\windows\system32\nvcuda.dll
    2013-11-14 11:55 . 2013-11-21 04:35 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
    2013-11-14 11:55 . 2012-11-28 02:15 3069608 ----a-w- c:\windows\system32\nvapi64.dll
    2013-11-14 11:55 . 2012-10-11 02:22 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-11-11 15:02 . 2012-11-28 02:17 6674208 ----a-w- c:\windows\system32\nvcpl.dll
    2013-11-11 15:02 . 2012-11-28 02:17 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
    2013-11-11 15:01 . 2012-11-28 02:17 922912 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-11-11 15:01 . 2012-11-28 02:17 63776 ----a-w- c:\windows\system32\nvshext.dll
    2013-11-11 15:01 . 2012-11-28 02:17 219424 ----a-w- c:\windows\system32\nvmctray.dll
    2013-11-11 15:01 . 2012-11-28 02:17 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
    2013-11-11 13:59 . 2013-11-11 13:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2013-11-07 21:00 . 2012-11-30 00:26 82896128 ----a-w- c:\windows\system32\MRT.exe
    2013-11-04 12:42 . 2013-11-04 12:42 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
    2013-10-23 10:30 . 2013-11-05 08:21 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
    2013-10-23 10:30 . 2013-11-05 08:21 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
    2013-10-19 16:40 . 2013-03-12 18:52 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-10-12 08:45 . 2013-11-23 02:09 51712 ----a-w- c:\windows\system32\ie4uinit.exe
    2013-10-12 08:45 . 2013-11-23 02:09 2241536 ----a-w- c:\windows\system32\wininet.dll
    2013-10-12 08:45 . 2013-11-23 02:09 1364992 ----a-w- c:\windows\system32\urlmon.dll
    2013-10-12 08:43 . 2013-11-23 02:09 19269632 ----a-w- c:\windows\system32\mshtml.dll
    2013-10-12 08:43 . 2013-11-23 02:09 603136 ----a-w- c:\windows\system32\msfeeds.dll
    2013-10-12 08:43 . 2013-11-23 02:09 855552 ----a-w- c:\windows\system32\jscript.dll
    2013-10-12 08:43 . 2013-11-23 02:09 3959808 ----a-w- c:\windows\system32\jscript9.dll
    2013-10-12 08:43 . 2013-11-23 02:09 53248 ----a-w- c:\windows\system32\jsproxy.dll
    2013-10-12 08:43 . 2013-11-23 02:09 526336 ----a-w- c:\windows\system32\ieui.dll
    2013-10-12 08:43 . 2013-11-23 02:09 67072 ----a-w- c:\windows\system32\iesetup.dll
    2013-10-12 08:43 . 2013-11-23 02:09 39936 ----a-w- c:\windows\system32\iernonce.dll
    2013-10-12 08:43 . 2013-11-23 02:09 2648576 ----a-w- c:\windows\system32\iertutil.dll
    2013-10-12 08:43 . 2013-11-23 02:09 136704 ----a-w- c:\windows\system32\iesysprep.dll
    2013-10-12 08:43 . 2013-11-23 02:09 15404544 ----a-w- c:\windows\system32\ieframe.dll
    2013-10-12 07:03 . 2013-11-23 02:09 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-10-12 07:02 . 2013-11-23 02:09 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
    2013-10-12 07:02 . 2013-11-23 02:09 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-10-12 07:02 . 2013-11-23 02:09 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2013-10-12 06:35 . 2013-11-23 02:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-10-12 06:08 . 2013-11-23 02:09 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-10-12 05:44 . 2013-11-23 02:09 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-10-12 05:15 . 2013-11-23 02:09 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-10-12 02:30 . 2013-11-23 23:11 830464 ----a-w- c:\windows\system32\nshwfp.dll
    2013-10-12 02:29 . 2013-11-23 23:11 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-12 02:29 . 2013-11-23 23:11 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-12 02:03 . 2013-11-23 23:11 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
    2013-10-12 02:01 . 2013-11-23 23:11 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-10-18 03:08 1527496 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-18 1527496]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "7 Taskbar Tweaker"="c:\users\Drdan\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe" [2013-11-29 337920]
    "MediaFire Tray"="c:\users\Drdan\AppData\Local\MediaFire Express\mf_systray.exe" [2013-02-11 2252360]
    "Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2013-10-31 2990304]
    "AQDworks"="c:\users\Drdan\AppData\Local\AQDworks\Addonenc80.dll" [2013-11-14 24576]
    "GameServer507"="c:\users\Drdan\AppData\Roaming\MotioninJoy\WIN7A28.exe" [2013-12-16 190464]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-11 291096]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-19 152392]
    .
    c:\users\Drdan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-11-4 565464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 abzqepro;abzqepro;c:\windows\system32\drivers\abzqepro.sys;c:\windows\SYSNATIVE\drivers\abzqepro.sys [x]
    R1 fbvptymr;fbvptymr;c:\windows\system32\drivers\fbvptymr.sys;c:\windows\SYSNATIVE\drivers\fbvptymr.sys [x]
    R1 hmtcokcp;hmtcokcp;c:\windows\system32\drivers\hmtcokcp.sys;c:\windows\SYSNATIVE\drivers\hmtcokcp.sys [x]
    R1 lnhhjrfl;lnhhjrfl;c:\windows\system32\drivers\lnhhjrfl.sys;c:\windows\SYSNATIVE\drivers\lnhhjrfl.sys [x]
    R1 rdixaear;rdixaear;c:\windows\system32\drivers\rdixaear.sys;c:\windows\SYSNATIVE\drivers\rdixaear.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe;c:\program files\BitComet\tools\BitCometService.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S1 MpKslecc73470;MpKslecc73470;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232F158F-CFA9-4222-8609-F7A8FA859D8D}\MpKslecc73470.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232F158F-CFA9-4222-8609-F7A8FA859D8D}\MpKslecc73470.sys [x]
    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSLECC73470
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-05 07:04 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-30 10:03]
    .
    2014-01-05 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-12-04 16:16]
    .
    2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-01 10:24]
    .
    2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-01 10:24]
    .
    2014-01-05 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]
    .
    2014-01-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-11 13374568]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ca/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Ledusoalkubil - c:\users\Drdan\AppData\Roaming\Zyobpa\omfaere.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2915823206-904435687-3835346418-1000\Software\SecuROM\License information*]
    "datasecu"=hex:e6,e7,a3,e9,c8,82,1c,4a,c0,f9,d3,07,d1,0a,69,11,f5,cc,3b,2c,87,
       38,0a,5a,af,d9,7d,aa,06,e2,c1,48,59,70,c2,5c,62,c1,c0,16,36,03,08,c5,49,ad,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-01-04  21:15:38
    ComboFix-quarantined-files.txt  2014-01-05 02:15
    .
    Pre-Run: 1,243,026,739,200 bytes free
    Post-Run: 1,244,937,986,048 bytes free
    .
    - - End Of File - - E03EF9F2388C7F0B7E7982176D49B993
    A36C5E4F47E84449FF07ED3517B43A31
     



    #12 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:06:55 AM

    Posted 06 January 2014 - 03:37 PM

    Hi there,

     

     

    1. Close any open browsers.
     
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
     
    3. Open notepad and copy/paste the text in the quotebox below into it:
     

    File::
    c:\windows\SYSNATIVE\drivers\abzqepro.sys
    c:\windows\SYSNATIVE\drivers\fbvptymr.sys
    c:\windows\SYSNATIVE\drivers\hmtcokcp.sys
    c:\windows\SYSNATIVE\drivers\lnhhjrfl.sys
    c:\windows\SYSNATIVE\drivers\rdixaear.sy
    c:\windows\system32\drivers\abzqepro.sys
    c:\windows\system32\drivers\fbvptymr.sys
    c:\windows\system32\drivers\hmtcokcp.sys
    c:\windows\system32\drivers\lnhhjrfl.sys
    c:\windows\system32\drivers\rdixaear.sys
    C:\Users\Drdan\3595351.exe
     
    Folder::
    C:\Users\Drdan\AppData\Roaming\Zyobpa
     
    Driver::
    abzqepro
    fbvptymr
    hmtcokcp
    lnhhjrf
    rdixaear
     
     
    Save this as CFScript.txt, in the same location as ComboFix.exe
     
     
    CFScriptB-4.gif
     
    Refering to the picture above, drag CFScript into ComboFix.exe
     
    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
     
     
    Elle 

    Edited by Blind Faith, 06 January 2014 - 03:37 PM.

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #13 canadadan7

    canadadan7
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:11:55 PM

    Posted 07 January 2014 - 12:40 AM

    ComboFix 14-01-04.03 - Drdan 07/01/2014   0:27.2.4 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.16351.13992 [GMT -5:00]
    Running from: c:\users\Drdan\Desktop\ComboFix.exe
    Command switches used :: c:\users\Drdan\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    FILE ::
    "c:\users\Drdan\3595351.exe"
    "c:\windows\system32\drivers\abzqepro.sys"
    "c:\windows\system32\drivers\fbvptymr.sys"
    "c:\windows\system32\drivers\hmtcokcp.sys"
    "c:\windows\system32\drivers\lnhhjrfl.sys"
    "c:\windows\system32\drivers\rdixaear.sy"
    "c:\windows\system32\drivers\abzqepro.sys"
    "c:\windows\system32\drivers\fbvptymr.sys"
    "c:\windows\system32\drivers\hmtcokcp.sys"
    "c:\windows\system32\drivers\lnhhjrfl.sys"
    "c:\windows\system32\drivers\rdixaear.sys"
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\DRM\7CA3.tmp
    c:\programdata\Microsoft\Windows\DRM\7CC3.tmp
    c:\users\Drdan\AppData\Roaming\Zyobpa
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_abzqepro
    -------\Service_fbvptymr
    -------\Service_hmtcokcp
    -------\Service_rdixaear
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-12-07 to 2014-01-07  )))))))))))))))))))))))))))))))
    .
    .
    2014-01-07 05:33 . 2014-01-07 05:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-01-06 01:12 . 2014-01-06 01:11 89913 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_23e8243918c8be1e6bfb05a577be12ad5bd653a_cab_05f9541d\1dsve2wefd.exe
    2014-01-05 20:44 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E4FC47E-A2CF-4555-B07B-3F397955E4A1}\mpengine.dll
    2014-01-05 02:22 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-12-25 00:01 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2013-12-25 00:01 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2013-12-24 23:57 . 2013-12-28 03:22 -------- d-----w- c:\users\Drdan\AppData\Local\Arma 3
    2013-12-24 23:57 . 2013-12-24 23:57 -------- d-----w- c:\programdata\Bohemia Interactive
    2013-12-19 07:47 . 2013-12-19 07:47 -------- d-----w- c:\programdata\winLAME
    2013-12-19 07:47 . 2013-12-19 07:47 -------- d-----w- c:\program files (x86)\winLAME
    2013-12-19 06:55 . 2013-12-19 07:28 -------- d-----w- c:\users\Drdan\AppData\Roaming\ImgBurn
    2013-12-19 06:16 . 2013-12-19 06:16 -------- d-----w- c:\program files (x86)\ImgBurn
    2013-12-12 22:53 . 2013-12-12 22:53 -------- d-----w- c:\program files (x86)\PFPortChecker
    2013-12-12 03:33 . 2013-12-12 03:33 -------- d--h--w- c:\windows\PIF
    2013-12-12 03:33 . 2013-12-12 03:42 -------- d-----w- c:\program files\7DaysToDie-Alpha
    2013-12-09 00:37 . 2013-12-09 00:37 -------- d-----w- c:\program files\Paint.NET
    2013-12-09 00:37 . 2013-12-09 02:31 -------- d-----w- c:\users\Drdan\AppData\Local\Paint.NET
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-06 08:17 . 2012-12-01 01:18 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2014-01-06 08:17 . 2012-12-01 01:17 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2014-01-06 06:21 . 2012-12-01 01:17 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2013-12-16 10:03 . 2012-11-30 03:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-16 10:03 . 2012-11-30 03:52 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-10 02:13 . 2013-11-05 08:17 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2013-12-10 02:13 . 2013-11-05 08:17 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
    2013-12-05 08:42 . 2013-08-22 18:32 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
    2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
    2013-11-14 11:55 . 2012-11-28 02:16 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2013-11-14 11:55 . 2012-10-11 02:23 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2013-11-14 11:55 . 2013-11-21 04:35 12613408 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2013-11-14 11:55 . 2013-11-21 04:35 9619872 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2013-11-14 11:55 . 2013-11-21 04:35 707360 ----a-w- c:\windows\system32\NvFBC64.dll
    2013-11-14 11:55 . 2013-11-21 04:35 657184 ----a-w- c:\windows\system32\NvIFR64.dll
    2013-11-14 11:55 . 2013-11-21 04:35 609568 ----a-w- c:\windows\SysWow64\NvFBC.dll
    2013-11-14 11:55 . 2013-11-21 04:35 562464 ----a-w- c:\windows\SysWow64\NvIFR.dll
    2013-11-14 11:55 . 2013-11-21 04:35 479520 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
    2013-11-14 11:55 . 2013-11-21 04:35 405280 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
    2013-11-14 11:55 . 2013-11-21 04:35 357152 ----a-w- c:\windows\system32\NvIFROpenGL.dll
    2013-11-14 11:55 . 2013-11-21 04:35 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
    2013-11-14 11:55 . 2013-11-21 04:35 314656 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
    2013-11-14 11:55 . 2013-11-21 04:35 30361888 ----a-w- c:\windows\system32\nvoglv64.dll
    2013-11-14 11:55 . 2013-11-21 04:35 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
    2013-11-14 11:55 . 2013-11-21 04:35 22951200 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2013-11-14 11:55 . 2013-11-21 04:35 168616 ----a-w- c:\windows\system32\nvinitx.dll
    2013-11-14 11:55 . 2013-11-21 04:35 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
    2013-11-14 11:55 . 2013-11-21 04:35 1242400 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2013-11-14 11:55 . 2013-11-21 04:35 11514624 ----a-w- c:\windows\system32\nvopencl.dll
    2013-11-14 11:55 . 2012-11-28 02:16 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
    2013-11-14 11:55 . 2013-11-21 04:35 1884448 ----a-w- c:\windows\system32\nvdispco6433182.dll
    2013-11-14 11:55 . 2013-11-21 04:35 1511712 ----a-w- c:\windows\system32\nvdispgenco6433182.dll
    2013-11-14 11:55 . 2013-11-21 04:35 9691888 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2013-11-14 11:55 . 2013-11-21 04:35 3132704 ----a-w- c:\windows\system32\nvcuvid.dll
    2013-11-14 11:55 . 2013-11-21 04:35 3125024 ----a-w- c:\windows\system32\nvcuvenc.dll
    2013-11-14 11:55 . 2013-11-21 04:35 2947872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2013-11-14 11:55 . 2013-11-21 04:35 2747680 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2013-11-14 11:55 . 2013-11-21 04:35 18208624 ----a-w- c:\windows\system32\nvd3dumx.dll
    2013-11-14 11:55 . 2012-11-28 02:15 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-11-14 11:55 . 2013-11-21 04:35 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2013-11-14 11:55 . 2013-11-21 04:35 11600432 ----a-w- c:\windows\system32\nvcuda.dll
    2013-11-14 11:55 . 2013-11-21 04:35 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
    2013-11-14 11:55 . 2012-11-28 02:15 3069608 ----a-w- c:\windows\system32\nvapi64.dll
    2013-11-14 11:55 . 2012-10-11 02:22 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-11-11 15:02 . 2012-11-28 02:17 6674208 ----a-w- c:\windows\system32\nvcpl.dll
    2013-11-11 15:02 . 2012-11-28 02:17 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
    2013-11-11 15:01 . 2012-11-28 02:17 922912 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-11-11 15:01 . 2012-11-28 02:17 63776 ----a-w- c:\windows\system32\nvshext.dll
    2013-11-11 15:01 . 2012-11-28 02:17 219424 ----a-w- c:\windows\system32\nvmctray.dll
    2013-11-11 15:01 . 2012-11-28 02:17 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
    2013-11-11 13:59 . 2013-11-11 13:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2013-11-07 21:00 . 2012-11-30 00:26 82896128 ----a-w- c:\windows\system32\MRT.exe
    2013-11-04 12:42 . 2013-11-04 12:42 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
    2013-10-23 10:30 . 2013-11-05 08:21 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
    2013-10-23 10:30 . 2013-11-05 08:21 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
    2013-10-19 16:40 . 2013-12-06 18:13 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DC5D570-C569-4152-8DBF-8AB11F5DD756}\gapaengine.dll
    2013-10-19 16:40 . 2013-03-12 18:52 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-10-12 08:45 . 2013-11-23 02:09 51712 ----a-w- c:\windows\system32\ie4uinit.exe
    2013-10-12 08:45 . 2013-11-23 02:09 2241536 ----a-w- c:\windows\system32\wininet.dll
    2013-10-12 08:45 . 2013-11-23 02:09 1364992 ----a-w- c:\windows\system32\urlmon.dll
    2013-10-12 08:43 . 2013-11-23 02:09 19269632 ----a-w- c:\windows\system32\mshtml.dll
    2013-10-12 08:43 . 2013-11-23 02:09 603136 ----a-w- c:\windows\system32\msfeeds.dll
    2013-10-12 08:43 . 2013-11-23 02:09 855552 ----a-w- c:\windows\system32\jscript.dll
    2013-10-12 08:43 . 2013-11-23 02:09 3959808 ----a-w- c:\windows\system32\jscript9.dll
    2013-10-12 08:43 . 2013-11-23 02:09 53248 ----a-w- c:\windows\system32\jsproxy.dll
    2013-10-12 08:43 . 2013-11-23 02:09 526336 ----a-w- c:\windows\system32\ieui.dll
    2013-10-12 08:43 . 2013-11-23 02:09 67072 ----a-w- c:\windows\system32\iesetup.dll
    2013-10-12 08:43 . 2013-11-23 02:09 39936 ----a-w- c:\windows\system32\iernonce.dll
    2013-10-12 08:43 . 2013-11-23 02:09 2648576 ----a-w- c:\windows\system32\iertutil.dll
    2013-10-12 08:43 . 2013-11-23 02:09 136704 ----a-w- c:\windows\system32\iesysprep.dll
    2013-10-12 08:43 . 2013-11-23 02:09 15404544 ----a-w- c:\windows\system32\ieframe.dll
    2013-10-12 07:03 . 2013-11-23 02:09 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-10-12 07:02 . 2013-11-23 02:09 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
    2013-10-12 07:02 . 2013-11-23 02:09 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-10-12 07:02 . 2013-11-23 02:09 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2013-10-12 06:35 . 2013-11-23 02:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-10-12 06:08 . 2013-11-23 02:09 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-10-12 05:44 . 2013-11-23 02:09 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-10-12 05:15 . 2013-11-23 02:09 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-10-12 02:30 . 2013-11-23 23:11 830464 ----a-w- c:\windows\system32\nshwfp.dll
    2013-10-12 02:29 . 2013-11-23 23:11 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-12 02:29 . 2013-11-23 23:11 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-12 02:03 . 2013-11-23 23:11 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
    2013-10-12 02:01 . 2013-11-23 23:11 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-10-18 03:08 1527496 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-18 1527496]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "7 Taskbar Tweaker"="c:\users\Drdan\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe" [2013-11-29 337920]
    "MediaFire Tray"="c:\users\Drdan\AppData\Local\MediaFire Express\mf_systray.exe" [2013-02-11 2252360]
    "Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2013-10-31 2990304]
    "AQDworks"="c:\users\Drdan\AppData\Local\AQDworks\Addonenc80.dll" [2013-11-14 24576]
    "GameServer507"="c:\users\Drdan\AppData\Roaming\MotioninJoy\WIN7A28.exe" [2013-12-16 190464]
    "GameServer510"="c:\users\Drdan\AppData\Roaming\Media Center Programs\WIN851B.exe" [2014-01-06 169984]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-11 291096]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-19 152392]
    .
    c:\users\Drdan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-11-4 565464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 lnhhjrfl;lnhhjrfl;c:\windows\system32\drivers\lnhhjrfl.sys;c:\windows\SYSNATIVE\drivers\lnhhjrfl.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe;c:\program files\BitComet\tools\BitCometService.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-05 07:04 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-30 10:03]
    .
    2014-01-07 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-12-04 16:16]
    .
    2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-01 10:24]
    .
    2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-01 10:24]
    .
    2014-01-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]
    .
    2014-01-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-11 13374568]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ca/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2915823206-904435687-3835346418-1000\Software\SecuROM\License information*]
    "datasecu"=hex:e6,e7,a3,e9,c8,82,1c,4a,c0,f9,d3,07,d1,0a,69,11,f5,cc,3b,2c,87,
       38,0a,5a,af,d9,7d,aa,06,e2,c1,48,59,70,c2,5c,62,c1,c0,16,36,03,08,c5,49,ad,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2014-01-07  00:38:28 - machine was rebooted
    ComboFix-quarantined-files.txt  2014-01-07 05:38
    ComboFix2.txt  2014-01-05 02:15
    .
    Pre-Run: 1,242,966,761,472 bytes free
    Post-Run: 1,242,378,006,528 bytes free
    .
    - - End Of File - - 7F05637CBEED4ABCECE1D9F00B30EF18
    A36C5E4F47E84449FF07ED3517B43A31
     



    #14 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:06:55 AM

    Posted 07 January 2014 - 08:57 AM

    Hi there,

     

     

    Give me a little feedback on how the system is behaving now. Do you sense any improvement? :)

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #15 canadadan7

    canadadan7
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:11:55 PM

    Posted 08 January 2014 - 12:47 AM

    Seems good so far, and I haven't had any website redirects.

    But I can't be 100% sure as I haven't browsed the internet much today.

     

    If you don't mind keeping this thread open, I'd like to report back to you in 24-48 hours with better information.

     

    Thanks for the help so far :)

    Fingers crossed...






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users