Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't ID PERSISTANT nasty virus. Jumps drives. DDS attached


  • This topic is locked This topic is locked
27 replies to this topic

#1 SinisterLogik1

SinisterLogik1

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 29 December 2013 - 11:51 AM

Mod Edit..Merged posts,deleted duplicates ~~ boopme

 

Attached: DDS, Combofix, AdwCleaner

History:
Please Help. The virus is multiplatform. 3yrs ago started on xp. Could not reformat, fdisk stopped - windows reported bad sectors - virus prob there. Rewrote MBR, DoD formated disk. Feel like it reflashed the BIOS.

Behavior:
Windows 7. Network connection acts up first. A 3rd console shows up that i cannot disconnect from... imagine thats how the virus is updating. Programs stop working properly, but not that progressed yet. Keeping computer away from wifi bc I know it will get worse.

The virus transfers to everything I plug into the computer and I'm desperate to identify how to remove this thing from all my devices. I'm hoping someone can put a name to it.

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL

Internet Explorer: 10.0.9200.16686
Run by SinisterLogik at 11:17:50 on 2013-12-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1953.1254 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\SINIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B}\0527F6C696E656359676E6 : DHCPNameServer = 192.224.93.1 172.30.1.1
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B}\4303021402D4F6E64786 : DHCPNameServer = 207.14.235.234 67.238.98.162
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B}\6596277696E6D4F62696C65602D4966496232303030213933402355636572756 : DHCPNameServer = 192.168.1.1
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SinisterLogik\AppData\Roaming\Mozilla\Firefox\Profiles\j4tpf50h.default\
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\System32\drivers\assd.sys [2013-2-25 27264]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2013-2-25 16768]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-8-1 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-8-1 391144]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-10-31 142632]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-6 65336]
S0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-6 204880]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-25 1030952]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-25 378944]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2013-2-25 379520]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-25 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-25 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-29 46808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 DMAgent;Intel� PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-9 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-9 701512]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-25 2656280]
S2 WiMAXAppSrv;Intel� PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2013-12-28 57024]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-9-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-31 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-31 169584]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-9 25928]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-10 19456]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-10 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-28 1255736]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-29 02:50:37 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-29 02:00:59 77312 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys.bak
2013-12-29 01:19:39 -------- d-----w- C:\EEK
2013-12-29 01:15:14 -------- d-----w- C:\Users\SinisterLogik\AppData\Roaming\SUPERAntiSpyware.com
2013-12-29 01:13:55 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-12-29 01:13:55 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-12-29 01:13:45 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4086F6E-2C83-47BA-A59D-8C6C81C139D5}\offreg.dll
2013-12-28 20:54:10 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-28 20:53:24 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-28 20:35:56 98816 ----a-w- C:\Windows\sed.exe
2013-12-28 20:35:56 256000 ----a-w- C:\Windows\PEV.exe
2013-12-28 20:35:56 208896 ----a-w- C:\Windows\MBR.exe
2013-12-28 20:23:03 -------- d-----w- C:\AdwCleaner
2013-12-28 20:22:55 -------- d-----w- C:\Users\SinisterLogik\Pavark
2013-12-27 19:42:12 -------- d-----w- C:\FRST
2013-12-27 19:30:58 -------- d-----w- C:\Users\SinisterLogik\AppData\Roaming\WinPatrol
2013-12-27 19:30:56 -------- d-----w- C:\ProgramData\InstallMate
2013-12-27 19:30:56 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-12-22 15:19:24 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4086F6E-2C83-47BA-A59D-8C6C81C139D5}\mpengine.dll
.
==================== Find3M ====================
.
2013-12-28 21:41:39 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
.
============= FINISH: 11:17:58.77 ===============




ADWCLEANER:
# AdwCleaner v3.016 - Report created 28/12/2013 at 15:23:08

# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SinisterLogik - LOGIK
# Running from : C:\Users\SinisterLogik\Desktop\Bleeping Computer Programs\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\SinisterLogik\AppData\Roaming\Mozilla\Firefox\Profiles\j4tpf50h.default\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\SinisterLogik\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1037 octets] - [28/12/2013 15:23:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1097 octets] ##########




COMBOFIX




ComboFix 13-12-26.01 - SinisterLogik 12/28/2013 21:44:28.2.4 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1953.1280 [GMT -5:00]
Running from: c:\users\SinisterLogik\Desktop\Bleeping Computer Programs\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-29 )))))))))))))))))))))))))))))))
.
.
2013-12-29 02:48 . 2013-12-29 02:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-29 02:00 . 2013-12-29 02:10 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys.bak
2013-12-29 01:19 . 2013-12-29 01:21 -------- d-----w- C:\EEK
2013-12-29 01:15 . 2013-12-29 01:15 -------- d-----w- c:\users\SinisterLogik\AppData\Roaming\SUPERAntiSpyware.com
2013-12-29 01:13 . 2013-12-29 01:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-12-29 01:13 . 2013-12-29 01:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-12-29 01:13 . 2013-12-29 01:13 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4086F6E-2C83-47BA-A59D-8C6C81C139D5}\offreg.dll
2013-12-28 20:54 . 2013-12-28 21:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-28 20:53 . 2013-12-28 20:53 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-28 20:23 . 2013-12-29 02:40 -------- d-----w- C:\AdwCleaner
2013-12-28 20:22 . 2013-12-28 22:49 -------- d-----w- c:\users\SinisterLogik\Pavark
2013-12-27 19:42 . 2013-12-27 19:42 -------- d-----w- C:\FRST
2013-12-27 19:30 . 2013-12-27 19:30 -------- d-----w- c:\users\SinisterLogik\AppData\Roaming\WinPatrol
2013-12-27 19:30 . 2013-12-27 19:30 -------- d-----w- c:\programdata\InstallMate
2013-12-27 19:30 . 2013-12-27 19:30 -------- d-----w- c:\program files (x86)\BillP Studios
2013-12-22 15:19 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4086F6E-2C83-47BA-A59D-8C6C81C139D5}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-28 21:41 . 2013-02-25 16:20 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2013-12-01 19:42 . 2013-03-08 22:30 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-09-30 13:51 . 2013-03-19 15:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-30 13:51 . 2013-03-19 15:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-30 13:50 . 2013-09-30 13:50 9430408 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-08-13 439360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-19 6563096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-09-23 3331312]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
c:\users\SinisterLogik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-9-23 549040]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-6-30 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"Wireless Console 3"=c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
R0 aswRvrt;aswRvrt; [x]
R0 aswVmm;aswVmm; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 DMAgent;Intel� PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 WiMAXAppSrv;Intel� PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 assd;assd; [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-06 05:40 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 13:51]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-25 06:21]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-25 06:21]
.
2013-12-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 445a4d9e-67cc-4140-ab67-daf8d854278b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2013-12-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 6c7cdec1-ded2-499b-9a58-b2a4e44bf1b2.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\SinisterLogik\AppData\Roaming\Mozilla\Firefox\Profiles\j4tpf50h.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-28 21:50:32
ComboFix-quarantined-files.txt 2013-12-29 02:50
ComboFix2.txt 2013-12-28 20:43
.
Pre-Run: 140,079,706,112 bytes free
Post-Run: 139,724,763,136 bytes free
.
- - End Of File - - AACCE5096538C4DF966AD349AD016C1C

I know not to run anymore programs until I hear back. THANK YOU VERY MUCH!!!!!


Edited by boopme, 29 December 2013 - 01:09 PM.


BC AdBot (Login to Remove)

 


#2 SinisterLogik1

SinisterLogik1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 29 December 2013 - 12:36 PM

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SinisterLogik [Admin rights]
Mode : Scan -- Date : 12/28/2013 21:01:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9750423AS +++++
--- User ---
[MBR] 12044fba887c244b71dcb317024dcf99
[BSP] fd683c8bef1245830d682a0415c2a64b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 300062 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 666957824 | Size: 389740 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SD Card +++++
--- User ---
[MBR] 9316104665a782f81734208e2c0e3e52
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 30432 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_12282013_210151.txt >>


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750423AS +++++
--- User ---
[MBR] 12044fba887c244b71dcb317024dcf99
[BSP] fd683c8bef1245830d682a0415c2a64b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 300062 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 666957824 | Size: 389740 Mo

33 c0 8e d0 bc 00 7c 8e c0 8e d8 be 00 7c bf 00 06
b9 00 02 fc f3 a4 50 68 1c 06 cb fb b9 04 00 bd be
07 80 7e 00 00 7c 0b 0f 85 0e 01 83 c5 10 e2 f1 cd
18 88 56 00 55 c6 46 11 05 c6 46 10 00 b4 41 bb aa
55 cd 13 5d 72 0f 81 fb 55 aa 75 09 f7 c1 01 00 74
03 fe 46 10 66 60 80 7e 10 00 74 26 66 68 00 00 00
00 66 ff 76 08 68 00 00 68 00 7c 68 01 00 68 10 00
b4 42 8a 56 00 8b f4 cd 13 9f 83 c4 10 9e eb 14 b8
01 02 bb 00 7c 8a 56 00 8a 76 01 8a 4e 02 8a 6e 03
cd 13 66 61 73 1c fe 4e 11 75 0c 80 7e 00 80 0f 84
8a 00 b2 80 eb 84 55 32 e4 8a 56 00 cd 13 5d eb 9e
81 3e fe 7d 55 aa 75 6e ff 76 00 e8 8d 00 75 17 fa
b0 d1 e6 64 e8 83 00 b0 df e6 60 e8 7c 00 b0 ff e6
64 e8 75 00 fb b8 00 bb cd 1a 66 23 c0 75 3b 66 81
fb 54 43 50 41 75 32 81 f9 02 01 72 2c 66 68 07 bb
00 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66
53 66 55 66 68 00 00 00 00 66 68 00 7c 00 00 66 61
68 00 00 07 cd 1a 5a 32 f6 ea 00 7c 00 00 cd 18 a0
b7 07 eb 08 a0 b6 07 eb 03 a0 b5 07 32 e4 05 00 07
8b f0 ac 3c 00 74 09 bb 07 00 b4 0e cd 10 eb f2 f4
eb fd 2b c9 e4 64 eb 00 24 02 e0 f8 24 02 c3 49 6e
76 61 6c 69 64 20 70 61 72 74 69 74 69 6f 6e 20 74
61 62 6c 65 00 45 72 72 6f 72 20 6c 6f 61 64 69 6e
67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 65
6d 00 4d 69 73 73 69 6e 67 20 6f 70 65 72 61 74 69
6e 67 20 73 79 73 74 65 6d 00 00 00 63 7b 9a 88 a3
4c 1c 00 00

3.....|......|.........Ph...........~..|.............V.U.F...F...A..U..]r...U.u.....t..F.f`.~..t&fh....f.v.h..h.|h..h...B.V.................|.V..v..N..n...fas..N.u..~..........U2..V...]...>.}U.un.v....u.....d......`.|....d.u.......f#.u;f..TCPAu2....r,fh....fh....fh....fSfSfUfh....fh.|..fah.....Z2...|.................2.......<.t.............+..d..$...$..Invalid partition table.Error loading operating system.Missing operating system...c{...L...

User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 9316104665a782f81734208e2c0e3e52
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 30432 Mo

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00

..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

User = LL1 ... OK!
Error reading LL2 MBR!



Attached: DDS, Combofix, AdwCleaner, rkill

History:
Please Help. The virus is multiplatform. 3yrs ago started on xp. Could not reformat, fdisk stopped - windows reported bad sectors - virus prob there. Rewrote MBR, DoD formated disk. Feel like it reflashed the BIOS.

Behavior:
Windows 7. Network connection acts up first. A 3rd console shows up that i cannot disconnect from... imagine thats how the virus is updating. Programs stop working properly, but not that progressed yet. Keeping computer away from wifi bc I know it will get worse.

The virus transfers to everything I plug into the computer and I'm desperate to identify how to remove this thing from all my devices. I'm hoping someone can put a name to it.

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL

Internet Explorer: 10.0.9200.16686
Run by SinisterLogik at 11:17:50 on 2013-12-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1953.1254 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\SINIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B}\0527F6C696E656359676E6 : DHCPNameServer = 192.224.93.1 172.30.1.1
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B}\4303021402D4F6E64786 : DHCPNameServer = 207.14.235.234 67.238.98.162
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B}\6596277696E6D4F62696C65602D4966496232303030213933402355636572756 : DHCPNameServer = 192.168.1.1
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SinisterLogik\AppData\Roaming\Mozilla\Firefox\Profiles\j4tpf50h.default\
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\System32\drivers\assd.sys [2013-2-25 27264]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2013-2-25 16768]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-8-1 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-8-1 391144]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-10-31 142632]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-6 65336]
S0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-6 204880]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-25 1030952]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-25 378944]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2013-2-25 379520]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-25 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-25 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-29 46808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 DMAgent;Intel� PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-9 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-9 701512]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-25 2656280]
S2 WiMAXAppSrv;Intel� PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2013-12-28 57024]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-9-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-31 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-31 169584]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-9 25928]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-10 19456]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-10 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-28 1255736]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-29 02:50:37 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-29 02:00:59 77312 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys.bak
2013-12-29 01:19:39 -------- d-----w- C:\EEK
2013-12-29 01:15:14 -------- d-----w- C:\Users\SinisterLogik\AppData\Roaming\SUPERAntiSpyware.com
2013-12-29 01:13:55 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-12-29 01:13:55 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-12-29 01:13:45 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4086F6E-2C83-47BA-A59D-8C6C81C139D5}\offreg.dll
2013-12-28 20:54:10 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-28 20:53:24 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-28 20:35:56 98816 ----a-w- C:\Windows\sed.exe
2013-12-28 20:35:56 256000 ----a-w- C:\Windows\PEV.exe
2013-12-28 20:35:56 208896 ----a-w- C:\Windows\MBR.exe
2013-12-28 20:23:03 -------- d-----w- C:\AdwCleaner
2013-12-28 20:22:55 -------- d-----w- C:\Users\SinisterLogik\Pavark
2013-12-27 19:42:12 -------- d-----w- C:\FRST
2013-12-27 19:30:58 -------- d-----w- C:\Users\SinisterLogik\AppData\Roaming\WinPatrol
2013-12-27 19:30:56 -------- d-----w- C:\ProgramData\InstallMate
2013-12-27 19:30:56 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-12-22 15:19:24 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4086F6E-2C83-47BA-A59D-8C6C81C139D5}\mpengine.dll
.
==================== Find3M ====================
.
2013-12-28 21:41:39 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
.
============= FINISH: 11:17:58.77 ===============




ADWCLEANER:
# AdwCleaner v3.016 - Report created 28/12/2013 at 15:23:08

# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SinisterLogik - LOGIK
# Running from : C:\Users\SinisterLogik\Desktop\Bleeping Computer Programs\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\SinisterLogik\AppData\Roaming\Mozilla\Firefox\Profiles\j4tpf50h.default\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\SinisterLogik\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1037 octets] - [28/12/2013 15:23:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1097 octets] ##########




COMBOFIX




ComboFix 13-12-26.01 - SinisterLogik 12/28/2013 21:44:28.2.4 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1953.1280 [GMT -5:00]
Running from: c:\users\SinisterLogik\Desktop\Bleeping Computer Programs\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-29 )))))))))))))))))))))))))))))))
.
.
2013-12-29 02:48 . 2013-12-29 02:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-29 02:00 . 2013-12-29 02:10 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys.bak
2013-12-29 01:19 . 2013-12-29 01:21 -------- d-----w- C:\EEK
2013-12-29 01:15 . 2013-12-29 01:15 -------- d-----w- c:\users\SinisterLogik\AppData\Roaming\SUPERAntiSpyware.com
2013-12-29 01:13 . 2013-12-29 01:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-12-29 01:13 . 2013-12-29 01:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-12-29 01:13 . 2013-12-29 01:13 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4086F6E-2C83-47BA-A59D-8C6C81C139D5}\offreg.dll
2013-12-28 20:54 . 2013-12-28 21:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-28 20:53 . 2013-12-28 20:53 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-28 20:23 . 2013-12-29 02:40 -------- d-----w- C:\AdwCleaner
2013-12-28 20:22 . 2013-12-28 22:49 -------- d-----w- c:\users\SinisterLogik\Pavark
2013-12-27 19:42 . 2013-12-27 19:42 -------- d-----w- C:\FRST
2013-12-27 19:30 . 2013-12-27 19:30 -------- d-----w- c:\users\SinisterLogik\AppData\Roaming\WinPatrol
2013-12-27 19:30 . 2013-12-27 19:30 -------- d-----w- c:\programdata\InstallMate
2013-12-27 19:30 . 2013-12-27 19:30 -------- d-----w- c:\program files (x86)\BillP Studios
2013-12-22 15:19 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4086F6E-2C83-47BA-A59D-8C6C81C139D5}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-28 21:41 . 2013-02-25 16:20 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2013-12-01 19:42 . 2013-03-08 22:30 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-09-30 13:51 . 2013-03-19 15:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-30 13:51 . 2013-03-19 15:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-30 13:50 . 2013-09-30 13:50 9430408 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-08-13 439360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-19 6563096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-09-23 3331312]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
c:\users\SinisterLogik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-9-23 549040]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-6-30 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"Wireless Console 3"=c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
R0 aswRvrt;aswRvrt; [x]
R0 aswVmm;aswVmm; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 DMAgent;Intel� PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 WiMAXAppSrv;Intel� PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 assd;assd; [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-06 05:40 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 13:51]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-25 06:21]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-25 06:21]
.
2013-12-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 445a4d9e-67cc-4140-ab67-daf8d854278b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2013-12-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 6c7cdec1-ded2-499b-9a58-b2a4e44bf1b2.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\SinisterLogik\AppData\Roaming\Mozilla\Firefox\Profiles\j4tpf50h.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-28 21:50:32
ComboFix-quarantined-files.txt 2013-12-29 02:50
ComboFix2.txt 2013-12-28 20:43
.
Pre-Run: 140,079,706,112 bytes free
Post-Run: 139,724,763,136 bytes free
.
- - End Of File - - AACCE5096538C4DF966AD349AD016C1C



RKreport



I may have accidentally pisted this topic twice. Looking into it.

I know not to run anymore programs until I hear back. THANK YOU VERY MUCH!!!!!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 PM

Posted 03 January 2014 - 11:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518963 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 SinisterLogik1

SinisterLogik1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 04 January 2014 - 09:27 PM

I still need help please. I'm afraid to turn my machine on bc I think it will be attacked further remotely. Please help!

#5 polskamachina

polskamachina

  • Malware Response Team
  • 3,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 05 January 2014 - 12:37 PM

Hi SinisterLogik1 :)

 

I will be assisting you with your malware problem. Please give me some time to look over your reports and I will get back to you as soon as possible.

 

Thanks for your patience.

polskamachina



#6 SinisterLogik1

SinisterLogik1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 05 January 2014 - 01:09 PM

YESSS!!! I'm so happy you replied!!! Thank you!!! I'm an IT guy so I'm kinda embarrassed that I don't know how to resolve this issue! Lol.

I want to add that I noticed that there are multiple redundant hidden folder shortcuts to my docs, app data, etc.

Here is a list of my hidden files/folders in case it helps :).


��Show Hidden by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
Show Hidden will display all hidden folders on your computer.
You can use the -f argument to display hidden files as well.

Program started at: 01/05/2014 12:54:52 PM
Windows Version: Windows 7

Please be patient while your hard drives are scanned.

Scanning the C:\ drive

* C:\$RECYCLE.BIN
* C:\$RECYCLE.BIN\S-1-5-21-2184483427-1707427289-3862429120-1000
* C:\Documents and Settings\All Users\Apple Computer\iTunes\SC Info
* C:\Documents and Settings\All Users\CanonBJ
* C:\Documents and Settings\All Users\CanonBJ\IJPrinter
* C:\Documents and Settings\All Users\CanonBJ\IJPrinter\CNMWindows
* C:\Documents and Settings\All Users\CanonBJ\IJPrinter\CNMWindows\Canon Inkjet MP830 Series
* C:\Documents and Settings\All Users\CyberLink\EvoParser
* C:\Documents and Settings\All Users\Intel\Wireless\PANDevices
* C:\Documents and Settings\All Users\Intel\Wireless\Settings
* C:\Documents and Settings\All Users\Intel\Wireless\WLANProfiles
* C:\Documents and Settings\All Users\Microsoft\DRM\Server
* C:\Documents and Settings\All Users\Microsoft\Windows\DRM
* C:\Documents and Settings\All Users\Microsoft\Windows\DRM\Cache
* C:\Documents and Settings\All Users\Microsoft\WwanSvc
* C:\Documents and Settings\All Users\Microsoft\WwanSvc\Profiles
* C:\Documents and Settings\All Users\{8AE336A1-F82F-4ABF-A02A-B6ABA86CB4C5}
* C:\Documents and Settings\Default
* C:\Documents and Settings\Default\AppData
* C:\Documents and Settings\Public\Desktop
* C:\Documents and Settings\Public\Libraries
* C:\Documents and Settings\SinisterLogik\AppData
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Feeds Cache
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\AppCache
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\AppCache\VJRW6JRT
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Burn\Burn
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Burn\Burn1
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\History
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013121620131223
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122320131230
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122720131228
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122820131229
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013123020131231
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\History\Low\History.IE5
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NJQHZJ2
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8R643K9I
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3FR5HNH
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVTYYJ4E
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4J1SUIP
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9QW29E2
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7J901TW
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZSPBKI50
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Local
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Roaming
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Roaming\Microsoft
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\PrivacIE
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
* C:\Documents and Settings\SinisterLogik\AppData\Local\Microsoft\Windows\WebCache
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2ZC7Z6LH
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\52A8SC38
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6IZA8LGR
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6JFDA01W
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\C5G7JT0Y
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\FAT292GE
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OOWKOQQZ
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\U3FJEWAY
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Windows\AppCache
* C:\Documents and Settings\SinisterLogik\AppData\LocalLow\Microsoft\Windows\AppCache\K7RMIHZ5
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\CyberLink\MediaCache\Power2Go
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Intel\Wireless\Settings
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Intel\Wireless\WLANProfiles
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\FZC2XBVG
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\GJ4OKQXC
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\OKUAMSF3
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\XHTX5V3B
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Windows\Cookies
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Windows\Cookies\Low
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Windows\IECompatCache
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Windows\IECompatUACache
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Windows\IETldCache\Low
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Windows\PrivacIE
* C:\Documents and Settings\SinisterLogik\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
* C:\Documents and Settings\SinisterLogik\Desktop\Music
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F00
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F01
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F02
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F03
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F04
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F05
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F06
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F07
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F08
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F09
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F10
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F11
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F12
* C:\Documents and Settings\SinisterLogik\Desktop\Music\F13
* C:\Documents and Settings\SinisterLogik\Local Settings\Microsoft\Device Metadata\dmrccache\downloads
* C:\Documents and Settings\SinisterLogik\Local Settings\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
* C:\Documents and Settings\SinisterLogik\Local Settings\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
* C:\Documents and Settings\SinisterLogik\Local Settings\Microsoft\Media Player\Art Cache
* C:\Documents and Settings\SinisterLogik\Roaming\Intel\Wireless\Settings
* C:\Program Files\Intel\WiFi\bin\WLANProfiles
* C:\Program Files\Uninstall Information
* C:\Program Files (x86)\Common Files\Windows Live\.cache
* C:\Program Files (x86)\InstallShield Installation Information
* C:\Program Files (x86)\Temp
* C:\Program Files (x86)\Uninstall Information
* C:\ProgramData\Apple Computer\iTunes\SC Info
* C:\ProgramData\CanonBJ
* C:\ProgramData\CanonBJ\IJPrinter
* C:\ProgramData\CanonBJ\IJPrinter\CNMWindows
* C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon Inkjet MP830 Series
* C:\ProgramData\CyberLink\EvoParser
* C:\ProgramData\Intel\Wireless\PANDevices
* C:\ProgramData\Intel\Wireless\Settings
* C:\ProgramData\Intel\Wireless\WLANProfiles
* C:\ProgramData\Microsoft\DRM\Server
* C:\ProgramData\Microsoft\Windows\DRM
* C:\ProgramData\Microsoft\Windows\DRM\Cache
* C:\ProgramData\Microsoft\WwanSvc
* C:\ProgramData\Microsoft\WwanSvc\Profiles
* C:\ProgramData\{8AE336A1-F82F-4ABF-A02A-B6ABA86CB4C5}
* C:\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa
* C:\System Volume Information\Chkdsk
* C:\System Volume Information\SPP
* C:\System Volume Information\SPP\OnlineMetadataCache
* C:\System Volume Information\SPP\SppCbsHiveStore
* C:\System Volume Information\SPP\SppGroupCache
* C:\Users\All Users\Apple Computer\iTunes\SC Info
* C:\Users\All Users\CanonBJ
* C:\Users\All Users\CanonBJ\IJPrinter
* C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows
* C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon Inkjet MP830 Series
* C:\Users\All Users\CyberLink\EvoParser
* C:\Users\All Users\Intel\Wireless\PANDevices
* C:\Users\All Users\Intel\Wireless\Settings
* C:\Users\All Users\Intel\Wireless\WLANProfiles
* C:\Users\All Users\Microsoft\DRM\Server
* C:\Users\All Users\Microsoft\Windows\DRM
* C:\Users\All Users\Microsoft\Windows\DRM\Cache
* C:\Users\All Users\Microsoft\WwanSvc
* C:\Users\All Users\Microsoft\WwanSvc\Profiles
* C:\Users\All Users\{8AE336A1-F82F-4ABF-A02A-B6ABA86CB4C5}
* C:\Users\Default
* C:\Users\Default\AppData
* C:\Users\Public\Desktop
* C:\Users\Public\Libraries
* C:\Users\SinisterLogik\AppData
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Feeds Cache
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\AppCache
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\AppCache\VJRW6JRT
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Burn\Burn
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Burn\Burn1
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\History
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013121620131223
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122320131230
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122720131228
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122820131229
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013123020131231
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\History\Low\History.IE5
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NJQHZJ2
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8R643K9I
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3FR5HNH
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVTYYJ4E
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4J1SUIP
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9QW29E2
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7J901TW
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZSPBKI50
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Local
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Roaming
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Roaming\Microsoft
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\PrivacIE
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
* C:\Users\SinisterLogik\AppData\Local\Microsoft\Windows\WebCache
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2ZC7Z6LH
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\52A8SC38
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6IZA8LGR
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6JFDA01W
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\C5G7JT0Y
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\FAT292GE
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OOWKOQQZ
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\U3FJEWAY
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Windows\AppCache
* C:\Users\SinisterLogik\AppData\LocalLow\Microsoft\Windows\AppCache\K7RMIHZ5
* C:\Users\SinisterLogik\AppData\Roaming\CyberLink\MediaCache\Power2Go
* C:\Users\SinisterLogik\AppData\Roaming\Intel\Wireless\Settings
* C:\Users\SinisterLogik\AppData\Roaming\Intel\Wireless\WLANProfiles
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\FZC2XBVG
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\GJ4OKQXC
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\OKUAMSF3
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\XHTX5V3B
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\Cookies
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\Cookies\Low
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\IECompatCache
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\IECompatUACache
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\IETldCache\Low
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\PrivacIE
* C:\Users\SinisterLogik\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
* C:\Users\SinisterLogik\Desktop\Music
* C:\Users\SinisterLogik\Desktop\Music\F00
* C:\Users\SinisterLogik\Desktop\Music\F01
* C:\Users\SinisterLogik\Desktop\Music\F02
* C:\Users\SinisterLogik\Desktop\Music\F03
* C:\Users\SinisterLogik\Desktop\Music\F04
* C:\Users\SinisterLogik\Desktop\Music\F05
* C:\Users\SinisterLogik\Desktop\Music\F06
* C:\Users\SinisterLogik\Desktop\Music\F07
* C:\Users\SinisterLogik\Desktop\Music\F08
* C:\Users\SinisterLogik\Desktop\Music\F09
* C:\Users\SinisterLogik\Desktop\Music\F10
* C:\Users\SinisterLogik\Desktop\Music\F11
* C:\Users\SinisterLogik\Desktop\Music\F12
* C:\Users\SinisterLogik\Desktop\Music\F13
* C:\Users\SinisterLogik\Local Settings\Microsoft\Device Metadata\dmrccache\downloads
* C:\Users\SinisterLogik\Local Settings\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
* C:\Users\SinisterLogik\Local Settings\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
* C:\Users\SinisterLogik\Local Settings\Microsoft\Media Player\Art Cache
* C:\Users\SinisterLogik\Roaming\Intel\Wireless\Settings
* C:\Windows\Globalization\MCT
* C:\Windows\Installer
* C:\Windows\Installer\$PatchCache$
* C:\Windows\Installer\$PatchCache$\Managed
* C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC
* C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC\12.0.6015
* C:\Windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC
* C:\Windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763
* C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133
* C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE
* C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066
* C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183
* C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B
* C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B\15.4.3508
* C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E
* C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032
* C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D
* C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D\15.4.2862
* C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440
* C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8
* C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722
* C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010
* C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0
* C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B
* C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020
* C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4
* C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4\15.4.3508
* C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80
* C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694
* C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\9eab5ec6ac3d99b498a1d16c1c815acf
* C:\Windows\Installer\$PatchCache$\Managed\9eab5ec6ac3d99b498a1d16c1c815acf\8.0.59192
* C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03
* C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E
* C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\C28643E881181F13CBC489DC69571E2C
* C:\Windows\Installer\$PatchCache$\Managed\C28643E881181F13CBC489DC69571E2C\4.0.30319
* C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84
* C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\CF454FAAAC2892F4BA13A60149587EE6
* C:\Windows\Installer\$PatchCache$\Managed\CF454FAAAC2892F4BA13A60149587EE6\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98
* C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98\9.0.30729
* C:\Windows\Installer\$PatchCache$\Managed\D111535A8C59F78468E9ECC43299272D
* C:\Windows\Installer\$PatchCache$\Managed\D111535A8C59F78468E9ECC43299272D\11.1.1
* C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057
* C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729
* C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
* C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
* C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B
* C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319
* C:\Windows\Installer\$PatchCache$\Managed\E08F45ADC1622A148A5545A941F4F295
* C:\Windows\Installer\$PatchCache$\Managed\E08F45ADC1622A148A5545A941F4F295\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F
* C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\EC9BCB90B469ADB4EA645B0ABAFED1F3
* C:\Windows\Installer\$PatchCache$\Managed\EC9BCB90B469ADB4EA645B0ABAFED1F3\1.0.0
* C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276
* C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC
* C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC\9.0.30729
* C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571
* C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502
* C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B
* C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B\15.4.3502
* C:\Windows\Installer\$PatchCache$\UnManaged
* C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-2184483427-1707427289-3862429120-1000
* C:\Windows\ServiceProfiles\LocalService\AppData
* C:\Windows\ServiceProfiles\NetworkService\AppData
* C:\Windows\SoftwareDistribution\Download\566e2aae74f1078189cd24f419758e8e\$dpx$.tmp
* C:\Windows\SoftwareDistribution\Download\5960c74dfb44a70bd9a9b7e78116b734\$dpx$.tmp
* C:\Windows\SoftwareDistribution\Download\8bc6e6dab4242173d80f9a2dc0d926a7\$dpx$.tmp
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GX2K0B82
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVA3UWT1
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA
* C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUW0DUJP
* C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GX2K0B82
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVA3UWT1
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA
* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUW0DUJP
* C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
* C:\Windows\winsxs\Temp\PendingDeletes

Finished scanning the C:\ drive. 355 hidden items found.

Scanning the D:\ drive

* D:\$RECYCLE.BIN\S-1-5-21-2184483427-1707427289-3862429120-1000

Finished scanning the D:\ drive. 1 hidden items found.

Scanning the F:\ drive


Finished scanning the F:\ drive. 0 hidden items found.

Program finished at: 01/05/2014 12:56:34 PM
Execution time: 0 hours(s), 1 minute(s), and 42 seconds(s)

#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 06 January 2014 - 01:54 PM

Hi SinisterLogik1 :)
 
Let's begin with checking the condition of your hard drive. The test may take a while to complete so please be patient.
 
Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the C: drive, then -> Properties -> Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes -> Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check -> OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the <ENTER> key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Let me know if you have any questions.

 

polskamachina



#8 SinisterLogik1

SinisterLogik1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 06 January 2014 - 05:54 PM

I don't know if this is going to work. It was in stage 4 of 5 and was probably somewhere past 50% and has started over.

#9 SinisterLogik1

SinisterLogik1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 06 January 2014 - 07:03 PM

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 1/6/2014 6:37:45 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Logik
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
177408 file records processed.

File verification completed.
450 large file records processed.

0 bad file records processed.

0 EA records processed.

8 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
Unable to locate the file name attribute of index entry softwarehealth.log
of index $I30 with parent 0x19032 in file 0x270.
Deleting index entry softwarehealth.log in index $I30 of file 102450.
237996 index entries processed.

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file SOFTWA~2.LOG (602) into directory file 102450.
Recovering orphaned file softwarehealth.log (602) into directory file 102450.
2 unindexed files scanned.

Recovering orphaned file softwarehealth.backup.log (624) into directory file 102450.
0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
177408 file SDs/SIDs processed.

Cleaning up 319 unused index entries from index $SII of file 0x9.
Cleaning up 319 unused index entries from index $SDH of file 0x9.
Cleaning up 319 unused security descriptors.
Security descriptor verification completed.
30295 data files processed.

CHKDSK is verifying Usn Journal...
34151096 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
177392 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
34043231 free clusters processed.

Free space verification is complete.
Windows has made corrections to the file system.

307263487 KB total disk space.
170712092 KB in 137487 files.
90712 KB in 30296 indexes.
0 KB in bad sectors.
287759 KB in use by the system.
65536 KB occupied by the log file.
136172924 KB available on disk.

4096 bytes in each allocation unit.
76815871 total allocation units on disk.
34043231 allocation units available on disk.

Internal Info:
00 b5 02 00 72 8f 02 00 a1 dc 04 00 00 00 00 00 ....r...........
88 67 00 00 08 00 00 00 00 00 00 00 00 00 00 00 .g..............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-01-06T23:37:45.000000000Z" />
<EventRecordID>9822</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Logik</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
177408 file records processed.

File verification completed.
450 large file records processed.

0 bad file records processed.

0 EA records processed.

8 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
Unable to locate the file name attribute of index entry softwarehealth.log
of index $I30 with parent 0x19032 in file 0x270.
Deleting index entry softwarehealth.log in index $I30 of file 102450.
237996 index entries processed.

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file SOFTWA~2.LOG (602) into directory file 102450.
Recovering orphaned file softwarehealth.log (602) into directory file 102450.
2 unindexed files scanned.

Recovering orphaned file softwarehealth.backup.log (624) into directory file 102450.
0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
177408 file SDs/SIDs processed.

Cleaning up 319 unused index entries from index $SII of file 0x9.
Cleaning up 319 unused index entries from index $SDH of file 0x9.
Cleaning up 319 unused security descriptors.
Security descriptor verification completed.
30295 data files processed.

CHKDSK is verifying Usn Journal...
34151096 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
177392 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
34043231 free clusters processed.

Free space verification is complete.
Windows has made corrections to the file system.

307263487 KB total disk space.
170712092 KB in 137487 files.
90712 KB in 30296 indexes.
0 KB in bad sectors.
287759 KB in use by the system.
65536 KB occupied by the log file.
136172924 KB available on disk.

4096 bytes in each allocation unit.
76815871 total allocation units on disk.
34043231 allocation units available on disk.

Internal Info:
00 b5 02 00 72 8f 02 00 a1 dc 04 00 00 00 00 00 ....r...........
88 67 00 00 08 00 00 00 00 00 00 00 00 00 00 00 .g..............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 07 January 2014 - 12:50 PM

Hi SinisterLogik1 :)
 
Now that it's determined that your hard drive doesn't have any bad sectors, let's run another DDS scan.

  • Double click on the DDS icon, allow it to run.
  • Mark the option attach.txt.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open both logfiles.
  • You can find them on your desktop as well.
  • Please post the content of both those logfiles with your next answer.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

 

Let me know if you have any questions.

polskamachina



#11 SinisterLogik1

SinisterLogik1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 07 January 2014 - 08:47 PM

Hey thanks so much for continuing to work wt me! :) :) :). Should I let my ipod hang off the computer while we do this? I'm sure its on there. I also know I gave the virsu to friend by attaching my ipod to his machine. He was able to expell it with AVG, which gets killed somehow when I run it in safemode. It must be on the sd chip I'm using to post the logs from my android too. Do you think we will be able to find it on removable drives?

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686
Run by SinisterLogik at 20:33:19 on 2014-01-07
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\HitmanPro\HitmanPro.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B}\0527F6C696E656359676E6 : DHCPNameServer = 192.224.93.1 172.30.1.1
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B}\4303021402D4F6E64786 : DHCPNameServer = 207.14.235.234 67.238.98.162
TCP: Interfaces\{F2B72FEF-7BCC-47F0-A6EC-02511F882F9B}\6596277696E6D4F62696C65602D4966496232303030213933402355636572756 : DHCPNameServer = 192.168.1.1
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SinisterLogik\AppData\Roaming\Mozilla\Firefox\Profiles\j4tpf50h.default\
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? intaud_WaveExtensible;Intel WiDi Audio Device
R? MyWiFiDHCPDNS;Wireless PAN DHCP Server
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AFBAgent;AFBAgent
S? AiCharger;ASUS Charger Driver
S? AmUStor;AM USB Stroage Driver
S? ASMMAP64;ASMMAP64
S? asmthub3;ASMedia USB3 Hub Service
S? asmtxhci;ASMEDIA XHCI Service
S? assd;assd
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;aswRvrt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;aswVmm
S? ATKWMIACPIIO;ATKWMIACPI Driver
S? avast! Antivirus;avast! Antivirus
S? Avgdiska;AVG Disk Driver
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgloga;AVG Logging Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgwd;AVG WatchDog
S? bpenum;Intel® Centrino® WiMAX Enumerator
S? bpmp;Intel® Centrino® WiMAX 6050 Series
S? bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver
S? cvhsvc;Client Virtualization Handler
S? DMAgent;Intelr PROSet/Wireless WiMAX Red Bend Device Management Service
S? ETD;ELAN PS/2 Port Input Device
S? HitmanProScheduler;HitmanPro Scheduler
S? IntcDAud;Intel® Display Audio
S? iwdbus;IWD Bus Enumerator
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? TurboB;Turbo Boost UI Monitor driver
S? TurboBoost;Intel® Turbo Boost Technology Monitor 2.0
S? UNS;Intel® Management and Security Application User Notification Service
S? wdkmd;Intel WiDi KMD
S? WiMAXAppSrv;Intelr PROSet/Wireless WiMAX Service
.
=============== Created Last 30 ================
.
2014-01-05 18:49:17 -------- d-----w- C:\Users\SinisterLogik\AppData\Roaming\AVG2014
2014-01-05 18:49:05 -------- d-----w- C:\Users\SinisterLogik\AppData\Roaming\TuneUp Software
2014-01-05 18:48:10 -------- d--h--w- C:\$AVG
2014-01-05 18:48:10 -------- d-----w- C:\ProgramData\AVG2014
2014-01-05 18:48:02 -------- d-----w- C:\Program Files (x86)\AVG
2014-01-05 18:24:18 -------- d--h--w- C:\ProgramData\Common Files
2014-01-05 18:24:18 -------- d-----w- C:\Users\SinisterLogik\AppData\Local\MFAData
2014-01-05 18:24:18 -------- d-----w- C:\Users\SinisterLogik\AppData\Local\Avg2014
2014-01-05 18:24:18 -------- d-----w- C:\ProgramData\MFAData
2014-01-05 18:11:55 -------- d-----w- C:\Program Files\HitmanPro
2014-01-05 17:50:45 1830 ----a-w- C:\FixitRegBackup.reg
2013-12-30 14:35:05 -------- d-----w- C:\Users\SinisterLogik\AppData\Local\Power2Go
2013-12-30 14:34:23 -------- d-----w- C:\Users\SinisterLogik\AppData\Local\VirtualStore
2013-12-30 14:34:22 -------- d-----w- C:\Users\SinisterLogik\AppData\Roaming\WinPatrol
2013-12-29 20:10:41 -------- d-----w- C:\ProgramData\HitmanPro
2013-12-29 02:01:29 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys.bak
2013-12-29 01:19:39 -------- d-----w- C:\EEK
2013-12-29 01:15:14 -------- d-----w- C:\Users\SinisterLogik\AppData\Roaming\SUPERAntiSpyware.com
2013-12-29 01:13:55 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-12-29 01:13:55 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-12-28 20:54:10 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-28 20:53:24 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-28 20:43:21 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-28 20:35:56 98816 ----a-w- C:\Windows\sed.exe
2013-12-28 20:35:56 256000 ----a-w- C:\Windows\PEV.exe
2013-12-28 20:35:56 208896 ----a-w- C:\Windows\MBR.exe
2013-12-28 20:23:03 -------- d-----w- C:\AdwCleaner
2013-12-28 20:22:55 -------- d-----w- C:\Users\SinisterLogik\Pavark
2013-12-27 19:42:12 -------- d-----w- C:\FRST
2013-12-27 19:30:56 -------- d-----w- C:\ProgramData\InstallMate
2013-12-27 19:30:56 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-12-22 15:19:24 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4086F6E-2C83-47BA-A59D-8C6C81C139D5}\mpengine.dll
.
==================== Find3M ====================
.
2014-01-08 01:29:55 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2013-11-06 02:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 02:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 04:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 03:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-10-25 03:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 20:35:06.93 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/25/2013 12:57:17 AM
System Uptime: 1/7/2014 8:29:11 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | U56E
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU 1 | 775/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 129.868 GiB free.
D: is FIXED (NTFS) - 381 GiB total, 380.031 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 10/20/2013 9:07:36 AM - Installed QuickTime
RP51: 10/22/2013 6:01:23 PM - Windows Update
RP52: 10/25/2013 9:09:02 PM - Removed Bonjour
RP53: 11/16/2013 3:44:15 PM - Scheduled Checkpoint
RP54: 12/15/2013 10:05:08 PM - Scheduled Checkpoint
RP55: 12/16/2013 9:19:03 AM - Removed Apple Application Support
RP56: 12/28/2013 5:07:20 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Secure Delete
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
AsusScr_U46_ENG
AsusVibe2.0
ATK Package
avast! Free Antivirus
AVG 2014
Best Buy pc app
Bonjour
CCleaner
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
ETDWare PS/2-X64 8.0.5.3_WHQL
Fast Boot
Google Chrome
Google Talk Plugin
Google Update Helper
HitmanPro 3.7
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Monitor 2.0
Intel® WiDi
Intel® Wireless Display
Intel� PROSet/Wireless WiMAX Software
iTunes
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Realtek High Definition Audio Driver
SceneSwitch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Sonic Focus
SpywareBlaster 5.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinPatrol
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
1/7/2014 8:29:54 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/6/2014 6:38:29 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2014 6:38:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
1/6/2014 3:51:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/6/2014 3:51:51 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2014 3:51:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/6/2014 3:51:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
1/6/2014 3:51:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
1/6/2014 3:51:02 PM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2014 3:50:09 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
1/5/2014 1:50:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2014 1:50:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/5/2014 1:50:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/5/2014 1:50:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/5/2014 1:50:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/5/2014 1:50:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/5/2014 1:50:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/5/2014 1:50:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm ATKWMIACPIIO Avgdiska AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2014 1:50:26 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2014 1:46:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm ATKWMIACPIIO DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
.
==== End Of File ===========================

#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 09 January 2014 - 11:40 AM

Hi SinisterLogik1 :)
 
The fact that your removable media is infecting other machines is of great concern. To make absolutely sure we terminate all the bad stuff on those devices, you will need to reformat them. Unfortunately you will lose all the data on those devices. If you absolutely must keep the data on those devices, then you may skip the format step. Please read all of these instructions prior to beginning the process.

  • To reformat your removable drive(s), make sure they are plugged in and recognized by the operating system.
  • Open My Computer.
  • Right click on the removable drive you would like to reformat.
  • Make absolutely sure you have selected the correct drive here. You don't want to format the wrong drive!!!
  • If you have any doubts about how to perform this procedure, STOP now and ask.
  • Select, Format...
  • After you have checked, double-checked, and triple-checked your selection, accept the default options then click on the Start button to begin the format.

Stat here if you do not want to reformat your removable drive.

  • Insert the removable media into your computer.
  • Click on this link to access the Panda USB Vaccine download page.
  • Click on the green download button and wait for the download prompt to appear. Do not click any other buttons when the new page opens up. Select your desktop as the destination for the download.
  • After the download is complete, double-click the software to open it.
  • You will be prompted to select your language and to accept the licensing agreement. You must click on the Agree box for the installation to continue.
  • When the Select Destination menu appears, click Next to accept the default folder location.
  • Uncheck the box that says, Run Panda USB Vaccine automatically when computer boots. No other boxes should be checked. Click the Next button.
  • When the installation is complete. Check the box to Run the software now.
  • A small window will open up. Select the USB drive you want to vaccinate by clicking on the drop down arrow in the lower half of the window. Then click on  Vaccinate USB.
  • Repeat this process for all your removable media and be sure to leave them in your computer for the ESET online scan which follows.
  • Now that you've vaccinated all your removable media, perform the following steps:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Quote

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 
Let me know if you have any questions.
polskamachina



#13 SinisterLogik1

SinisterLogik1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 09 January 2014 - 12:08 PM

Thank you for your continued support :)!!! You are awesome!!!

Ok, so panda will hopefully prevent the removable devices from becoming reinfected. The scanner sounds great, but I am concerned. I feel like the virus updates itself remotely. I had had a third wireless conection that I didn't create that I suspect was using Microsoft's remote access features to control my system. Anyway, I recently was able to delete the virus's connection. I may be able to establish a new wireless connection; I'm just concerned that the virus will progress to disabling helpful programs. I've seen it progress to being much worse.

I will follow what ever advice u give. Do u advise I reestablish network communications for online scanning? THANKS!!!! :-):-):-):-)

#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 09 January 2014 - 04:01 PM

Hi SinisterLogik1 :)

 

Considering your computer's history, I would like to modify my previous post. Therefore, please hold off running any diagnostic software until you hear back from me.

 

Thank you.

polskamachina



#15 SinisterLogik1

SinisterLogik1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 09 January 2014 - 05:29 PM

10-4! I'm very curious btw. Is it too early to say what type of virus this may be? Do you see any obviously infected files or suspicious items/modifications characteristic of a specific virus? I'm not going to modify the system, I'm just dying to know something as this has been going on for 3yrs... does the age of this virus help to ID it or is that inconsequential considering it updates online?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users