Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus Help


  • This topic is locked This topic is locked
6 replies to this topic

#1 traplord

traplord

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 December 2013 - 06:00 PM

I found this thread: http://www.bleepingcomputer.com/forums/t/519061/google-chrome-redirect-virus/ but I couldn't reply for some reason.
 

Good evening.  :)

Please go here, follow step six, and then post accordingly into this thread.

 

This quoted post is an answer from that thread. As follows, here are my logs.

 

I'd like to mention that I've tried steps 1-5 of http://malwaretips.com/blogs/remove-google-redirect-virus/ (I'm doing step 6 right now), but I still have the virus.

 

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.21.2
Run by Phillip at 17:41:11 on 2013-12-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3956.1656 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Phillip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
C:\Users\Phillip\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Users\Phillip\AppData\Local\VNT\vntldr.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phillip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\Phillip\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
BHO: GetRight IE Helper: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20130824115645.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
uRun: [PlayNC Launcher] <no file>
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VNT] C:\Program Files (x86)\VNT\vntldr.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\Phillip\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Phillip\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Phillip\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: Open &link target with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{245F2598-F1FB-4EC2-BFF8-7A20A274327B} : DHCPNameServer = 208.77.2.11 207.200.7.21 192.168.1.1
TCP: Interfaces\{CBF62857-7A71-4AAF-88E1-61EBD4427B08} : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{CBF62857-7A71-4AAF-88E1-61EBD4427B08}\1445C4D275946494 : DHCPNameServer = 172.16.40.2 205.152.37.23 205.152.144.23 205.152.132.23
TCP: Interfaces\{CBF62857-7A71-4AAF-88E1-61EBD4427B08}\355707562783F523 : DHCPNameServer = 4.2.2.1 8.8.8.8
TCP: Interfaces\{CBF62857-7A71-4AAF-88E1-61EBD4427B08}\37B6972796D6 : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{CBF62857-7A71-4AAF-88E1-61EBD4427B08}\7657563747 : DHCPNameServer = 4.2.2.2 4.2.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130824115644.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\caxqabwh.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Users\Phillip\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Phillip\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Phillip\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Phillip\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1206147.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; ejikznjvke@ejikznjvke.org; C:\Users\Phillip\Application Data\Mozilla\Firefox\Profiles\caxqabwh.default\extensions\ejikznjvke@ejikznjvke.org.xpi
FF - ExtSQL: !HIDDEN! 2013-03-22 03:05; infoatoms@infoatoms.com; C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-8-23 665768]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-8-23 303464]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-5 283200]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-4-8 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-4-8 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-4-8 62584]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-17 203264]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-6-17 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-6-17 867712]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-4-8 244624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 701512]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2013-3-22 130080]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-8-23 201864]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2011-9-14 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-8-23 170440]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2013-8-1 4278112]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-16 144640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-17 2320920]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-17 116240]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-8-20 245760]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-17 151936]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-8 406056]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-10 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-8-23 274880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-10 40448]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [2012-9-11 234776]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-8-23 101200]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-5-29 121416]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-16 50432]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-2-25 24176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-31 21:45:22 -------- d-----w- C:\Program Files (x86)\ESET
2013-12-31 21:40:39 -------- d-----w- C:\ProgramData\boost_interprocess
2013-12-31 21:24:35 -------- d-----w- C:\ProgramData\HitmanPro
2013-12-31 21:16:59 8064 ----a-w- C:\Windows\System32\drivers\mstee.sys.bak
2013-12-31 05:20:16 -------- d-----w- C:\Users\Phillip\AppData\Local\BhbePack
2013-12-28 12:19:40 -------- d-----w- C:\Users\Phillip\AppData\Local\VNT
2013-12-28 12:19:40 -------- d-----w- C:\Program Files (x86)\The Weather Channel
2013-12-28 12:19:38 -------- d-----w- C:\Users\Phillip\AppData\Roaming\ooVoo Details
2013-12-28 12:19:35 -------- d-----w- C:\Program Files (x86)\VNT
2013-12-28 12:19:24 -------- d-----w- C:\Users\Phillip\AppData\Local\The Weather Channel
2013-12-28 12:19:19 -------- d-----w- C:\Program Files (x86)\ooVoo
2013-12-25 04:39:31 -------- d-----w- C:\Users\Phillip\AppData\Roaming\redsn0w
2013-12-23 02:25:32 -------- d-----w- C:\Program Files\Nexus Mod Manager
2013-12-11 08:12:34 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 08:12:34 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 08:12:33 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 08:12:33 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 07:28:18 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 07:28:18 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 07:28:16 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-11 07:28:15 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 07:28:15 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 07:28:14 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-11 07:28:14 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-11 07:28:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-11 07:28:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-11 07:27:33 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-11 07:27:33 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-11 07:27:31 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-11 07:27:30 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-11 07:27:30 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-11 07:27:30 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-11 07:27:30 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-11 07:27:30 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-11 07:27:29 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-11 07:27:28 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-04 18:36:34 -------- d-----w- C:\Users\Phillip\AppData\Local\{DD22E311-076C-45FE-96E8-E5EBF9CFD4CC}
2013-12-02 23:50:57 -------- d-----w- C:\Users\Phillip\AppData\Local\Macromedia
.
==================== Find3M  ====================
.
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2012-08-30 22:57:40 81 ----a-w- C:\Program Files (x86)\update-walking-dead.bat
.
============= FINISH: 17:46:51.95 ===============
 
 

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 11/26/2011 3:26:42 PM
System Uptime: 12/31/2013 4:38:00 PM (1 hours ago)
.
Motherboard: Acer |  | JE70_CP
Processor: Intel® Core™ i5 CPU       M 480  @ 2.67GHz | CPU 1 | 1173/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 15.123 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP166: 12/24/2013 2:34:15 AM - Scheduled Checkpoint
RP167: 12/30/2013 10:20:02 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.2 MUI
Adobe Setup
Adobe Shockwave Player 12.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agatha Christie - 4:50 from Paddington
Aion
Alcor Micro USB Card Reader
Amnesia - The Dark Descent 
Apple Application Support
Apple Mobile Device Support
Apple Software Update
applicationupdater
Assassin's Creed
ATI Catalyst Install Manager
Backup Manager Basic
Bandicam
Bandisoft MPEG-1 Decoder
Batman Arkham City version 1.0
Batman: Arkham Asylum
Bejeweled 2 Deluxe
Bing Bar
Blacklight Retribution
Bonjour
Borderlands 2
Broadcom Gigabit NetLink Controller
Build-a-lot 2
Bulk Image Downloader v4.53.0.0
calibre
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
CyberLink PowerDVD 9
D3DX10
DAEMON Tools Pro
Dark Souls Prepare to Die Edition
Dead Space™
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III
Diablo III Public Test
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Dropbox
eBay Worldwide
ESET Online Scanner v3
f.lux
FATE - The Traitor Soul
Final Drive: Nitro
Galerie de photos Windows Live
gamelauncher-ps2-live
GetRight
GetSavin
Ghost Recon Online (NCSA-Live)
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Grand Theft Auto IV
Happy Cloud Client
HL-2270DW
iCloud
Identity Card
Instagram Downloader
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
Intel® Turbo Boost Technology Monitor
iSkysoft Video Converter Ultimate(Build 4.0.1.0)
iTunes
Java 7 Update 21
Java Auto Updater
Java™ 6 Update 31
Jewel Quest Heritage
Junk Mail filter update
L.A. Noire
Launch Manager
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
Mass Effect™ 3
Mathematica Extras 8.0 (2615434)
McAfee Agent
McAfee Security Scan Plus
McAfee VirusScan Enterprise
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MiKTeX 2.9
Minecraft 1.6.1 
Minecraft 1.6.2 1.00
Mirror's Edge™
MotioninJoy Gamepad tool 0.7.0000
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Mystery P.I. - Stolen in San Francisco
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Namco All-Stars: PAC-MAN
NCsoft Launcher
newsXpresso
NFOPad 1.64
NOOK for PC
Norton Online Backup
Norton Security Scan
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA PhysX
ooVoo
Oovoo Toolbar
Opanda IExif 2.3
Opanda PowerExif 1.2 Professional Trial
Pando Media Booster
Path of Exile
PCSX2 - Playstation 2 Emulator
PDF Settings
PeerBlock 1.1 (r518)
Penguins!
PlanetSide 2
Plants vs. Zombies - Game of the Year
Pokemon Online 1.0.53
Poker Superstars III
Polar Bowler
Polar Golfer
Portal
Portal 2
PunkBuster Services
PX Profile Update
QuickTime
Realtek High Definition Audio Driver
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shredder
Sid Meier's Civilization V
Skype Click to Call
Skype™ 6.9
Spotify
Star Wars: The Old Republic
Steam
swMSM
Synaptics Pointing Device Driver
TeamSpeak 3 Client
TERA
The Elder Scrolls Online Beta
The Elder Scrolls V Skyrim
The Weather Channel App
Times Reader
Torchlight
Unlocker 1.9.1-x64
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
VLC media player 2.0.1
Vuze
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinEdt 7
WinRAR 4.10 (32-bit)
WinRAR 4.10 (64-bit)
WinZip 16.5
Wolfram Mathematica 8 for Students (M-WIN-G 8.0.4 2615565)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/26/2013 5:09:12 AM, Error: Service Control Manager [7034]  - The Adobe Flash Player Update Service service terminated unexpectedly.  It has done this 1 time(s).
12/26/2013 11:04:13 AM, Error: Service Control Manager [7031]  - The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/25/2013 4:51:57 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee McShield service, but this action failed with the following error:  An instance of the service is already running.
.
==== End Of File ===========================
 

Edited by traplord, 31 December 2013 - 06:04 PM.


BC AdBot (Login to Remove)

 


#2 traplord

traplord
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 01 January 2014 - 04:57 PM

bump



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 04 January 2014 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#4 traplord

traplord
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 04 January 2014 - 02:20 PM

Thanks so much nasdaq! I think that the virus is gone now. Do you think that I should change my passwords? (i.e., do you think that the virus phished for my account info?)

 

Here are the logs by the way.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

AdwCleaner[S0].txt

# AdwCleaner v3.016 - Report created 04/01/2014 at 13:02:09
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Phillip - PHILLIP-PC
# Running from : C:\Users\Phillip\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v18.0.1 (en-US)
 
-\\ Google Chrome v
 
[ File : C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [843 octets] - [04/01/2014 12:55:57]
AdwCleaner[R1].txt - [902 octets] - [04/01/2014 12:59:32]
AdwCleaner[S0].txt - [828 octets] - [04/01/2014 13:02:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [887 octets] ##########
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Phillip on Sat 01/04/2014 at 13:19:18.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{01B4404A-F979-4566-AAEC-377EBE498C9C}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{052C6B15-8622-422B-A545-BFCA769414CB}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{1F302352-5796-4F6A-BA1B-30CC0E2337DE}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{20CB4267-E630-40B4-80F1-FA0249B86D10}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{345B97F7-1489-4A4E-8E26-1C71696F5486}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{48FC48AF-CD7B-43F2-AC4E-790F90A9FBD4}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{524D8FCD-B8BA-4A3D-B31C-0DFBE28DAE49}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{542F8389-9F09-404F-A7F9-1AD643A34584}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{661B8C91-5DBA-4FF3-BFB4-30E27E9651D0}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{72C6AD40-805C-42AC-A882-586F855B02BB}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{731E5212-EBC7-4D8F-B8A6-741D8CCC50EC}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{7DE2D1E2-BE00-4D6C-B142-71CAF0C81139}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{7F2F5AE8-EB74-43C2-A0B6-1C6A708E89B5}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{84CBA508-E012-441C-B6BB-7F9A5AF4999A}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{A5E01264-117B-42B6-A710-84A8E737508D}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{A76E10FE-402B-415A-A1E6-56F13C9837CF}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{AB6393CB-A795-4DC1-BA50-F2D695EE3266}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{AD15FEF0-EDA7-48D3-9E81-DBB10D3CA53C}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{B2AA79D4-8653-4A31-A109-DFEABF7D53F6}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{D846D6A0-0DC4-41B0-8B9F-1C8DEF9C811A}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{DBE544C9-A346-4D02-8F2E-1EFC95D0CDC1}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{DD22E311-076C-45FE-96E8-E5EBF9CFD4CC}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{E82AEBC2-1C5B-4CD9-AB76-5C65BAB311A9}
Successfully deleted: [Empty Folder] C:\Users\Phillip\appdata\local\{F6C641D9-8D3A-419B-8187-8CBCD6694F30}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/04/2014 at 13:28:10.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
combofix log
ComboFix 14-01-04.03 - Phillip 01/04/2014  13:52:17.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3956.2700 [GMT -5:00]
Running from: c:\users\Phillip\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Phillip\AppData\Local\assembly\tmp
c:\users\Phillip\AppData\Local\Microsoft\Windows\Temporary Internet Files\{36E9E157-58DB-4D5D-90F1-EB6F7F7C20B8}.xps
c:\users\Phillip\AppData\Roaming\Local
c:\users\Phillip\AppData\Roaming\Local\Skyrim\DLCList.txt
c:\users\Phillip\AppData\Roaming\Local\Skyrim\plugins.txt
c:\windows\wininit.ini
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-04 to 2014-01-04  )))))))))))))))))))))))))))))))
.
.
2014-01-04 19:01 . 2014-01-04 19:01 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-01-04 19:01 . 2014-01-04 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-04 18:19 . 2014-01-04 18:19 -------- d-----w- c:\windows\ERUNT
2014-01-04 18:05 . 2014-01-04 18:42 -------- d-----w- c:\programdata\boost_interprocess
2014-01-04 17:55 . 2014-01-04 18:02 -------- d-----w- C:\AdwCleaner
2013-12-31 21:45 . 2013-12-31 21:45 -------- d-----w- c:\program files (x86)\ESET
2013-12-31 21:24 . 2013-12-31 21:32 -------- d-----w- c:\programdata\HitmanPro
2013-12-31 21:16 . 2013-12-31 21:16 8064 ----a-w- c:\windows\system32\drivers\mstee.sys.bak
2013-12-31 05:20 . 2013-12-31 05:37 -------- d-----w- c:\users\Phillip\AppData\Local\BhbePack
2013-12-28 12:19 . 2013-12-28 12:19 -------- d-----w- c:\users\Phillip\AppData\Local\VNT
2013-12-28 12:19 . 2013-12-28 12:19 -------- d-----w- c:\program files (x86)\The Weather Channel
2013-12-28 12:19 . 2013-12-28 12:19 -------- d-----w- c:\users\Phillip\AppData\Roaming\ooVoo Details
2013-12-28 12:19 . 2013-12-28 12:19 -------- d-----w- c:\program files (x86)\VNT
2013-12-28 12:19 . 2013-12-28 12:19 -------- d-----w- c:\users\Phillip\AppData\Local\The Weather Channel
2013-12-28 12:19 . 2013-12-28 12:19 -------- d-----w- c:\program files (x86)\ooVoo
2013-12-25 04:39 . 2013-12-25 04:39 -------- d-----w- c:\users\Phillip\AppData\Roaming\redsn0w
2013-12-23 02:25 . 2013-12-26 18:43 -------- d-----w- c:\program files\Nexus Mod Manager
2013-12-11 08:12 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 08:12 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 08:12 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 08:12 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-11 08:12 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 08:11 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-11 07:28 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 07:28 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-11 07:28 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 07:28 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-11 07:28 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 07:28 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 07:28 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-11 07:28 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 07:28 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-11 07:27 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 07:27 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 07:27 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 07:27 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 07:27 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-11 07:27 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 07:27 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 07:27 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-11 07:27 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-11 07:27 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-30 15:21 . 2012-04-04 22:53 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-10-14 01:24 . 2013-10-14 01:24 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-12 02:30 . 2013-11-13 06:25 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 06:25 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 06:25 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 06:25 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 06:25 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2012-08-30 22:57 . 2013-02-09 06:27 81 ----a-w- c:\program files (x86)\update-walking-dead.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Phillip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-11 1168896]
"F.lux"="c:\users\Phillip\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2013-12-18 36125760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-15 215656]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2013-03-22 337440]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2013-11-11 202192]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Phillip\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe [2012-9-11 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23 22:01]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889134617-3695564910-1692994308-1001Core.job
- c:\users\Phillip\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 20:34]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889134617-3695564910-1692994308-1001UA.job
- c:\users\Phillip\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 20:34]
.
2014-01-03 c:\windows\Tasks\Norton Security Scan for Phillip.job
- c:\progra~2\NORTON~2\Engine\403~1.27\Nss.exe [2013-11-21 07:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files (x86)\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: Open &link target with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Open with GetRight Browser - c:\program files (x86)\GetRight\GRbrowse.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-iSkysoft Helper Compact.exe - c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-8461-7759-5462-8226 - c:\program files (x86)\Vuze\uninstall.exe
AddRemove-BN_DesktopReader - c:\program files (x86)\Barnes & Noble\BNDesktopReader\uninstall.exe
AddRemove-GetSavin - c:\users\Phillip\AppData\Local\getsavin\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-889134617-3695564910-1692994308-1001\Software\SecuROM\License information*]
"datasecu"=hex:e0,bb,6b,dc,46,2a,15,4c,28,6d,bd,bc,1c,e5,37,1d,bf,cb,ad,97,52,
   b3,32,85,49,2f,7b,2f,fe,e1,ae,32,15,9b,bb,a6,01,50,cd,73,b8,04,ed,0b,8c,29,\
"rkeysecu"=hex:1c,5e,94,35,fc,58,21,5c,58,0e,da,dc,11,74,36,64
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\00\1a\03$!?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2014-01-04  14:10:20 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-04 19:10
.
Pre-Run: 14,998,077,440 bytes free
Post-Run: 15,224,700,928 bytes free
.
- - End Of File - - A0501398FFC99CB986686BB907F3F9C6
 


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 05 January 2014 - 08:11 AM

Do you think that I should change my passwords? (i.e., do you think that the virus phished for my account info?)

I do not think your accout was compromised.
For you added security and peace of mind you should changed your passwords.
===

One more scan.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 11 January 2014 - 08:10 AM

Are you still with me?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 17 January 2014 - 09:53 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users