Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent/Gen.Downloader found by SAS


  • This topic is locked This topic is locked
26 replies to this topic

#1 linuxpowers

linuxpowers

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:11:22 PM

Posted 10 January 2014 - 08:37 AM

I was running my usual bi-weekly malware scanning process with SAS when it came up with the Trojan listed in the POSTED title. While doing some research on this, before I deleted anything, I noticed the PATH to the 2 files detected were:

 

c:\Program Files (86)\Driver Fusion\Driverbackup\xxxxx\xxxxx\updatus\packages\xxxx\detected file1.exe

c:\Program Files (86)\Driver Fusion\Driverbackup\xxxxx\xxxxx\updatus\packages\xxxx\detected file2.exe

 

I thought this to be interesting in that it was located in the Driver Fusion program directory I just downloaded from Treexy and used to correct a driver issue I was having. Is SAS creating a false flag or is this the directory that kept my old driver info, ...\Driverbackup\, and IT was infected?

 

In either case, I did some research on this detection and it sounds pretty nasty so, I decided to err on the side of caution and post. BTW, I'm not noticing any issues with my computer yet, I scan with MBAM intermittently with SAS and SAS just came up with this. Going back in my previous POST, I found that I ran Driver Fusion on 01-02-2014...8 days ago! My last scan before this was with MBAM on 01-04-2014, 6 days ago and it detected nothing.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Dad at 6:51:17 on 2014-01-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16329.14146 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe
C:\Program Files (x86)\Carroll\Carroll.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpage.com/en
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [VueMinder] "C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe" 1
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Carroll.lnk - C:\Program Files (x86)\Carroll\Carroll.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{E94CB7A5-BB1F-4057-9308-AA3156980484} : DHCPNameServer = 192.168.1.1 192.168.0.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORDTSUPTBT
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6cdeia1d.default\
FF - prefs.js: browser.search.selectedEngine - Startpage
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-11-10 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-11-10 42624]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2012-4-7 922240]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-4-7 586880]
R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2013-12-1 210024]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-11-10 46136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-7 565352]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-11-10 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Mstemnetp;Mstemnetp; [x]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-12-9 2151744]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-2 19456]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-9-19 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-2 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-8 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-09 18:11:04    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABF82E8F-7A98-4E59-90C1-9A6B1DA3E1D1}\mpengine.dll
2014-01-08 18:11:04    10315576    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-04 09:59:24    --------    d-----w-    C:\Users\Dad\dwhelper
2014-01-02 18:02:41    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3A85F53-9346-4326-A7AE-AE3825C1A272}\gapaengine.dll
2014-01-02 18:00:16    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2014-01-02 18:00:15    --------    d-----w-    C:\Program Files\Microsoft Security Client
2014-01-02 15:15:49    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA4F8761-397A-4D8E-A248-C0C45F31F220}\mpengine.dll
2014-01-02 13:14:28    --------    d-----w-    C:\Program Files (x86)\Driver Fusion
2014-01-01 20:52:20    --------    d-----w-    C:\Program Files (x86)\SSuitePersonalOffice
2014-01-01 20:51:30    --------    d-----w-    C:\Windows\SSuite Office Installations
2013-12-30 01:46:10    --------    d-----w-    C:\Program Files (x86)\SpeedFan
2013-12-29 07:30:27    --------    d-----w-    C:\Users\Dad\AppData\Roaming\JAM Software
2013-12-29 07:30:25    --------    d-----w-    C:\Program Files (x86)\JAM Software
2013-12-29 07:12:22    --------    d-----w-    C:\Program Files\Speccy
2013-12-28 12:27:22    --------    d-----w-    C:\SUPERDelete
2013-12-27 04:18:36    --------    d-----w-    C:\getservices
2013-12-26 23:51:08    --------    d-----w-    C:\ProgramData\SUPERSetup
2013-12-22 07:56:18    --------    d-----w-    C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com
2013-12-22 07:56:13    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-12-22 07:56:13    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-12-22 06:16:11    --------    d-----w-    C:\Program Files\Wireshark
2013-12-22 06:13:55    --------    d-----w-    C:\Users\Dad\AppData\Local\Secunia PSI
2013-12-22 06:13:48    --------    d-----w-    C:\Program Files (x86)\Secunia
2013-12-15 10:12:29    --------    d-----w-    C:\Windows\Migration
2013-12-12 09:02:23    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 09:02:23    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 09:02:22    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-12 09:02:22    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
.
==================== Find3M  ====================
.
2014-01-04 01:26:51    16152    ----a-w-    C:\Windows\System32\drivers\SWDUMon.sys
2013-12-11 02:01:35    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 02:01:35    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 02:01:24    9272200    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 18:25:52    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-27 22:30:39    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-27 15:12:42    1510176    ----a-w-    C:\Windows\System32\nvhdagenco64.dll
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH:  6:51:41.57 ===============
 


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:22 PM

Posted 14 January 2014 - 03:05 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------

 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:11:22 PM

Posted 15 January 2014 - 02:26 AM

# AdwCleaner v3.017 - Report created 15/01/2014 at 01:08:10
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dad - WINDOWS7
# Running from : C:\Users\Dad\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6cdeia1d.default\prefs.js ]


[ File : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ynj6t02p.default.old\prefs.js ]


[ File : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4fj9ipq.default\prefs.js ]


[ File : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\yjyji1b6.default.old\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [12477 octets] - [10/12/2013 06:35:18]
AdwCleaner[R2].txt - [1359 octets] - [15/01/2014 01:08:10]
AdwCleaner[S0].txt - [12154 octets] - [10/12/2013 06:36:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1480 octets] ##########
 

Attached Files


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:22 PM

Posted 15 January 2014 - 11:09 AM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:11:22 PM

Posted 15 January 2014 - 12:03 PM

 

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

Just wanted to let you know, windows installed updates and rebooted last night!

 

 

ComboFix 14-01-14.02 - Dad 01/15/2014  10:47:14.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16329.13613 [GMT -6:00]
Running from: c:\users\Dad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijghpeolgmemglmknchfndclpkhppan
c:\users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijghpeolgmemglmknchfndclpkhppan\1\50e69e934cbb20.16898696.js
c:\users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijghpeolgmemglmknchfndclpkhppan\1\background.html
c:\users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijghpeolgmemglmknchfndclpkhppan\1\content.js
c:\users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijghpeolgmemglmknchfndclpkhppan\1\lsdb.js
c:\users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijghpeolgmemglmknchfndclpkhppan\1\manifest.json
c:\users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijghpeolgmemglmknchfndclpkhppan\1\sqlite.js
c:\users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oijghpeolgmemglmknchfndclpkhppan_0.localstorage
c:\users\Dad\AppData\Local\Google\Chrome\User Data\Default\preferences
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-15 to 2014-01-15  )))))))))))))))))))))))))))))))
.
.
2014-01-15 03:36 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 03:36 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 03:36 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 03:36 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 03:36 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 03:36 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 03:36 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 03:36 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-14 12:52 . 2013-12-04 01:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05D7FAE0-0FAF-4901-864C-3FEF9DB820BE}\mpengine.dll
2014-01-13 12:52 . 2013-12-04 01:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-04 09:59 . 2014-01-04 09:59    --------    d-----w-    c:\users\Dad\dwhelper
2014-01-02 18:02 . 2014-01-02 18:02    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3A85F53-9346-4326-A7AE-AE3825C1A272}\gapaengine.dll
2014-01-02 18:00 . 2014-01-02 18:00    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2014-01-02 18:00 . 2014-01-02 18:00    --------    d-----w-    c:\program files\Microsoft Security Client
2014-01-02 15:24 . 2014-01-02 15:24    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2014-01-02 15:24 . 2014-01-02 15:24    --------    d-----w-    c:\users\UpdatusUser
2014-01-02 15:15 . 2013-12-16 07:54    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA4F8761-397A-4D8E-A248-C0C45F31F220}\mpengine.dll
2014-01-02 13:14 . 2014-01-02 13:24    --------    d-----w-    c:\program files (x86)\Driver Fusion
2014-01-01 20:52 . 2014-01-01 20:52    --------    d-----w-    c:\program files (x86)\SSuitePersonalOffice
2014-01-01 20:51 . 2014-01-01 20:51    --------    d-----w-    c:\windows\SSuite Office Installations
2013-12-31 10:47 . 2013-12-31 10:47    --------    d-----w-    c:\users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2013-12-30 01:46 . 2014-01-01 09:48    --------    d-----w-    c:\program files (x86)\SpeedFan
2013-12-29 07:30 . 2013-12-29 07:30    --------    d-----w-    c:\users\Dad\AppData\Roaming\JAM Software
2013-12-29 07:30 . 2013-12-29 07:30    --------    d-----w-    c:\program files (x86)\JAM Software
2013-12-29 07:12 . 2013-12-29 07:12    --------    d-----w-    c:\program files\Speccy
2013-12-28 12:27 . 2013-12-28 12:27    --------    d-----w-    C:\SUPERDelete
2013-12-27 04:18 . 2013-12-27 04:38    --------    d-----w-    C:\getservices
2013-12-26 23:51 . 2013-12-26 23:51    --------    d-----w-    c:\programdata\SUPERSetup
2013-12-22 07:56 . 2013-12-22 07:56    --------    d-----w-    c:\users\Dad\AppData\Roaming\SUPERAntiSpyware.com
2013-12-22 07:56 . 2014-01-10 12:47    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-12-22 07:56 . 2013-12-22 07:56    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-12-22 06:22 . 2013-12-22 06:22    --------    d-----w-    c:\program files\Java
2013-12-22 06:16 . 2013-12-22 06:16    --------    d-----w-    c:\program files\Wireshark
2013-12-22 06:13 . 2013-12-22 06:13    --------    d-----w-    c:\users\Dad\AppData\Local\Secunia PSI
2013-12-22 06:13 . 2013-12-22 06:13    --------    d-----w-    c:\program files (x86)\Secunia
2013-12-18 18:42 . 2013-12-18 18:42    187248    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 09:00 . 2012-04-08 08:57    86054176    ----a-w-    c:\windows\system32\MRT.exe
2014-01-12 09:00 . 2012-09-20 05:53    16152    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-12-27 04:16 . 2013-12-27 04:16    130337    ----a-w-    C:\getservices.zip
2013-12-11 02:01 . 2012-04-09 10:03    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 02:01 . 2012-04-09 10:03    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 02:01 . 2013-12-11 02:01    9272200    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 18:25 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-26 11:54 . 2013-12-12 09:01    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 09:01    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 09:01    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 09:01    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 09:01    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 09:01    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 09:01    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 09:01    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 09:01    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 09:01    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 09:01    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 09:01    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 09:01    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 09:01    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 09:01    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 09:01    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 09:01    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 09:01    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 09:01    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 09:01    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 09:01    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 09:01    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 09:01    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 09:01    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 09:48    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 09:48    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-14 10:59 . 2013-11-14 10:59    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-14 10:59 . 2013-11-14 10:59    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-14 10:59 . 2013-11-14 10:59    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-14 10:59 . 2013-11-14 10:59    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-14 10:59 . 2013-11-14 10:59    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-14 10:59 . 2013-11-14 10:59    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-14 10:59 . 2013-11-14 10:59    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-14 10:59 . 2013-11-14 10:59    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-14 10:59 . 2013-11-14 10:59    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-14 10:59 . 2013-11-14 10:59    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-14 10:59 . 2013-11-14 10:59    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-14 10:59 . 2013-11-14 10:59    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-14 10:59 . 2013-11-14 10:59    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-14 10:59 . 2013-11-14 10:59    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-14 10:59 . 2013-11-14 10:59    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-14 10:59 . 2013-11-14 10:59    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-14 10:59 . 2013-11-14 10:59    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-14 10:59 . 2013-11-14 10:59    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-14 10:59 . 2013-11-14 10:59    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-14 10:59 . 2013-11-14 10:59    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-14 10:59 . 2013-11-14 10:59    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-14 10:59 . 2013-11-14 10:59    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-14 10:59 . 2013-11-14 10:59    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-14 10:59 . 2013-11-14 10:59    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-14 10:59 . 2013-11-14 10:59    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-14 10:59 . 2013-11-14 10:59    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-14 10:59 . 2013-11-14 10:59    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 10:59 . 2013-11-14 10:59    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-14 10:59 . 2013-11-14 10:59    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-14 10:59 . 2013-11-14 10:59    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-14 10:59 . 2013-11-14 10:59    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-14 10:59 . 2013-11-14 10:59    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-14 10:59 . 2013-11-14 10:59    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-14 10:59 . 2013-11-14 10:59    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-14 10:59 . 2013-11-14 10:59    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-14 10:59 . 2013-11-14 10:59    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-14 10:59 . 2013-11-14 10:59    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-14 10:59 . 2013-11-14 10:59    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-14 10:59 . 2013-11-14 10:59    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-14 10:59 . 2013-11-14 10:59    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-14 10:59 . 2013-11-14 10:59    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-14 10:59 . 2013-11-14 10:59    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-14 10:59 . 2013-11-14 10:59    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-14 10:59 . 2013-11-14 10:59    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-14 10:59 . 2013-11-14 10:59    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-14 10:59 . 2013-11-14 10:59    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-14 10:59 . 2013-11-14 10:59    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-14 10:59 . 2013-11-14 10:59    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-14 10:59 . 2013-11-14 10:59    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-14 10:59 . 2013-11-14 10:59    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-14 10:59 . 2013-11-14 10:59    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-14 10:59 . 2013-11-14 10:59    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-14 10:59 . 2013-11-14 10:59    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-14 10:59 . 2013-11-14 10:59    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-14 10:59 . 2013-11-14 10:59    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-14 10:59 . 2013-11-14 10:59    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-14 10:59 . 2013-11-14 10:59    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-14 10:59 . 2013-11-14 10:59    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-14 10:59 . 2013-11-14 10:59    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-12 02:23 . 2013-12-11 09:48    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 09:48    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 09:48    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 09:48    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-10-27 22:30 . 2013-10-27 22:30    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-27 15:12 . 2013-10-27 15:12    1510176    ----a-w-    c:\windows\system32\nvhdagenco64.dll
2013-10-19 02:18 . 2013-12-11 09:48    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 09:48    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-12-17 5973272]
"VueMinder"="c:\program files (x86)\VueSoft\VueMinder\VueMinder.exe" [2013-04-19 7193088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2000-01-01 43608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-05 642728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-7-1 113664]
Carroll.lnk - c:\program files (x86)\Carroll\Carroll.exe /OnlySet [2013-5-15 294912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mstemnetp;Mstemnetp; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-15 00:17    1211672    ----a-w-    c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:01]
.
2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 22:27]
.
2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 22:27]
.
2012-05-27 c:\windows\Tasks\GOOGLE~2.JOB
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 22:27]
.
2014-01-15 c:\windows\Tasks\SlimDrivers Scan.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24 18:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7204568]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 1361112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.startpage.com/en
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.202.166
FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6cdeia1d.default\
FF - prefs.js: browser.search.selectedEngine - Startpage
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-01-15  10:56:06 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-15 16:56
.
Pre-Run: 411,087,192,064 bytes free
Post-Run: 410,930,315,264 bytes free
.
- - End Of File - - 9BC8894FCCECCAD28F4EDFF5A2D3688F
A36C5E4F47E84449FF07ED3517B43A31
 


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:22 PM

Posted 15 January 2014 - 01:39 PM

Hi,
 
No worries about the updates.   :)
 
 
81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
Post the new AdwCleaner log and let me know how your system is running?   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:11:22 PM

Posted 15 January 2014 - 03:23 PM

# AdwCleaner v3.017 - Report created 15/01/2014 at 14:19:45
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dad - WINDOWS7
# Running from : C:\Users\Dad\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6cdeia1d.default\prefs.js ]


[ File : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ynj6t02p.default.old\prefs.js ]


[ File : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4fj9ipq.default\prefs.js ]


[ File : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\yjyji1b6.default.old\prefs.js ]


*************************

AdwCleaner[R1].txt - [12477 octets] - [10/12/2013 06:35:18]
AdwCleaner[R2].txt - [1560 octets] - [15/01/2014 01:08:10]
AdwCleaner[R3].txt - [1411 octets] - [15/01/2014 14:19:01]
AdwCleaner[S0].txt - [12154 octets] - [10/12/2013 06:36:06]
AdwCleaner[S1].txt - [1336 octets] - [15/01/2014 14:19:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1396 octets] ##########
 


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:22 PM

Posted 15 January 2014 - 03:28 PM

and let me know how your system is running?

 

:)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:11:22 PM

Posted 15 January 2014 - 04:34 PM

Well jeffce, I really haven't noticed anything out of the ordinary for quite some time. I 'm just not quite sure why SAS popped up with this detection.

 

I've done just about everything I can find to protect myself from malware. I have software as well as hardware protection...MSE/firewall-Router. I run scans w/MBAM every other week with SAS. Anything I download, to my desktop only, I run a MBAM scan on it before installing or running. I changed my email to text only and I don't visit sites with known malware issues, ie. porn, games, shareware sites or any others.

 

If I could just figure out the point of entry of malware into my system, I could find a way to block that off as well. I built this system about a year ago and only have 2 user accounts configured, mine the admin and my wife's the user type, and this is the second time malware has been found on this system. Can you recommend any other protections I might try? Or, am I just being "anal/OCD" about keeping my system clean?

 

BTW, if my system is looking clean to you at this point, should I reset a restore point? I wouldn't want to do that immediately, just after a couple days to see how it's running.


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:22 PM

Posted 15 January 2014 - 07:02 PM

Hi,
 
It is really hard to tell where an infection really came from.  With the hundreds of new variants of malware created daily, there is something bound to slip through occasionally.  The best we can do is sometimes just that....the best we can do.  No antivirus catches 100% of malware 100% of the time.  Just continue doing what it is you have been.   :)
 
When you ran DDS first there should have been a log named Attach.txt....could you post that please?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:11:22 PM

Posted 16 January 2014 - 04:01 AM

Oops, my apologies...

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2012 4:48:06 PM
System Uptime: 1/10/2014 6:40:31 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | M5A99X EVO
Processor: AMD FX™-8120 Eight-Core Processor            | AM3r2 | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 380.171 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 466 GiB total, 188.551 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 376.333 GiB free.
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ASInsHelp
Device ID: ROOT\LEGACY_ASINSHELP\0000
Manufacturer:
Name: ASInsHelp
PNP Device ID: ROOT\LEGACY_ASINSHELP\0000
Service: ASInsHelp
.
==== System Restore Points ===================
.
RP509: 1/1/2014 1:49:56 AM - Windows Update
RP510: 1/1/2014 2:52:09 PM - Installed SSuite Office - Personal Edition
RP511: 1/4/2014 12:10:57 PM - Windows Update
RP512: 1/6/2014 5:00:16 AM - Windows Backup
RP513: 1/8/2014 3:15:15 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.1.8)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
Age of Empires® III: Complete Collection
Amazing Slow Downer (remove only)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS nVidia Driver
Audacity 2.0.2
BZFlag 2.4.0 32Bit (remove only)
Carroll 1.13
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
Combined Community Codec Pack 2011-11-11
DocProc
Driver Fusion
e-Sword
FeedDemon
Foxit Reader 5.1
GnuCash 2.4.13
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
HTML-Kit 292
HTML-Kit Tools
Java 7 Update 45
Java Auto Updater
Java SE Development Kit 7 Update 45 (64-bit)
JavaFX 2.1.1
JMicron JMB36X Driver
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Mathematics (64-bit)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Small Basic v1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.2.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
NVIDIA 3D Vision Controller Driver 314.22
NVIDIA 3D Vision Driver 314.22
NVIDIA Control Panel 314.22
NVIDIA Graphics Driver 314.22
NVIDIA HD Audio Driver 1.3.23.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.12.12
NVIDIA Update Components
OCR Software by I.R.I.S. 13.0
Python 2.7.5 (64-bit)
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
SlimDrivers
Speccy
SpeedFan (remove only)
SSuite Office - Personal Edition
Steam
SUPERAntiSpyware
swMSM
TreeSize Free V2.7
VueMinder Lite
Windows Live ID Client Runtime
WinPcap 4.1.3
Wireshark 1.10.4 (64-bit)
XRECODE
.
==== Event Viewer Messages From Past Week ========
.
1/3/2014 2:08:42 AM, Error: Microsoft-Windows-WMPNSS-Service [14365]  - Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
1/3/2014 2:02:51 AM, Error: cdrom [11]  - The driver detected a controller error on \Device\CdRom0.
1/10/2014 6:43:08 AM, Error: Service Control Manager [7023]  - The HP Network Devices Support service terminated with the following error:  The specified module could not be found.
1/10/2014 6:40:56 AM, Error: Service Control Manager [7000]  - The ASInsHelp service failed to start due to the following error:  The system cannot find the file specified.
1/10/2014 6:39:54 AM, Error: Service Control Manager [7034]  - The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:22 PM

Posted 16 January 2014 - 08:02 AM

Good!  Thanks.   :)
 
GUZVCQN.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:11:22 PM

Posted 16 January 2014 - 05:26 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Dad :: WINDOWS7 [administrator]

1/16/2014 11:43:57 AM
mbam-log-2014-01-16 (11-43-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260414
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

ESET

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir    Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\ProgramData\Zoomex\50e69e934cdd2.dll.vir    Win32/Adware.MultiPlug.G application
C:\AdwCleaner\Quarantine\C\ProgramData\Zoomex\settings.ini.vir    Win32/Adware.MultiPlug.F application
C:\AdwCleaner\Quarantine\C\Users\Dad\AppData\LocalLow\SweetPacks\ldrtbSwee.dll.vir    a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Users\Dad\AppData\LocalLow\SweetPacks\tbSwee.dll.vir    a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Users\Dad\AppData\LocalLow\SweetPacks\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A application
C:\Qoobox\Quarantine\C\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijghpeolgmemglmknchfndclpkhppan\1\50e69e934cbb20.16898696.js.vir    Win32/Adware.MultiPlug.H application
E:\WINDOWS7\Backup Set 2013-02-11 050001\Backup Files 2013-02-11 050001\Backup files 1.zip    Win32/Adware.MultiPlug.H application
E:\WINDOWS7\Backup Set 2013-02-11 050001\Backup Files 2013-02-11 050001\Backup files 2.zip    Win32/Adware.MultiPlug.H application
E:\WINDOWS7\Backup Set 2013-02-11 050001\Backup Files 2013-04-22 050001\Backup files 1.zip    Win32/AdInstaller application
E:\WINDOWS7\Backup Set 2013-05-27 050001\Backup Files 2013-05-27 050001\Backup files 2.zip    Win32/Adware.MultiPlug.H application
E:\WINDOWS7\Backup Set 2013-05-27 050001\Backup Files 2013-06-17 095807\Backup files 1.zip    Java/Exploit.Agent.OKY trojan
E:\WINDOWS7\Backup Set 2013-09-02 093906\Backup Files 2013-09-02 093906\Backup files 2.zip    Win32/Adware.MultiPlug.H application
E:\WINDOWS7\Backup Set 2013-09-02 093906\Backup Files 2013-09-02 093906\Backup files 6.zip    Java/Exploit.Agent.OKY trojan
E:\WINDOWS7\Backup Set 2013-09-02 093906\Backup Files 2013-11-04 085449\Backup files 1.zip    multiple threats
E:\WINDOWS7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 2.zip    Win32/Adware.MultiPlug.H application
E:\WINDOWS7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 6.zip    multiple threats
E:\WINDOWS7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 7.zip    Java/Exploit.Agent.OKY trojan
E:\WINDOWS7\Backup Set 2014-01-13 050000\Backup Files 2014-01-13 050000\Backup files 3.zip    Win32/Adware.MultiPlug.H application
 


Edited by linuxpowers, 16 January 2014 - 05:28 PM.

AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:22 PM

Posted 16 January 2014 - 05:55 PM

Hi,
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    File::
    E:\WINDOWS7\Backup Set 2013-02-11 050001\Backup Files 2013-02-11 050001\Backup files 1.zip    
    E:\WINDOWS7\Backup Set 2013-02-11 050001\Backup Files 2013-02-11 050001\Backup files 2.zip    
    E:\WINDOWS7\Backup Set 2013-02-11 050001\Backup Files 2013-04-22 050001\Backup files 1.zip    
    E:\WINDOWS7\Backup Set 2013-05-27 050001\Backup Files 2013-05-27 050001\Backup files 2.zip    
    E:\WINDOWS7\Backup Set 2013-05-27 050001\Backup Files 2013-06-17 095807\Backup files 1.zip    
    E:\WINDOWS7\Backup Set 2013-09-02 093906\Backup Files 2013-09-02 093906\Backup files 2.zip    
    E:\WINDOWS7\Backup Set 2013-09-02 093906\Backup Files 2013-09-02 093906\Backup files 6.zip    
    E:\WINDOWS7\Backup Set 2013-09-02 093906\Backup Files 2013-11-04 085449\Backup files 1.zip    
    E:\WINDOWS7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 2.zip    
    E:\WINDOWS7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 6.zip    
    E:\WINDOWS7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 7.zip    
    E:\WINDOWS7\Backup Set 2014-01-13 050000\Backup Files 2014-01-13 050000\Backup files 3.zip

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and let me know what remaining malware problems you are having.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:11:22 PM

Posted 17 January 2014 - 12:23 AM

The only thing I'm noticing now is I get an "error #2035" when trying to view certian flash videos. I visit wimp.com and view those. The interesting thing about this is that I can view the ones from a couple days ago but I get the error from the last 2 days posted videos. Don't know if this is related to the cleaning process and I don't want to add any additional issues as to confuse the process, but it is what I notice different.

 

ComboFix 14-01-16.03 - Dad 01/16/2014  17:02:33.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16329.14045 [GMT -6:00]
Running from: c:\users\Dad\Desktop\ComboFix.exe
Command switches used :: c:\users\Dad\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"e:\windows7\Backup Set 2013-02-11 050001\Backup Files 2013-02-11 050001\Backup files 1.zip"
"e:\windows7\Backup Set 2013-02-11 050001\Backup Files 2013-02-11 050001\Backup files 2.zip"
"e:\windows7\Backup Set 2013-02-11 050001\Backup Files 2013-04-22 050001\Backup files 1.zip"
"e:\windows7\Backup Set 2013-05-27 050001\Backup Files 2013-05-27 050001\Backup files 2.zip"
"e:\windows7\Backup Set 2013-05-27 050001\Backup Files 2013-06-17 095807\Backup files 1.zip"
"e:\windows7\Backup Set 2013-09-02 093906\Backup Files 2013-09-02 093906\Backup files 2.zip"
"e:\windows7\Backup Set 2013-09-02 093906\Backup Files 2013-09-02 093906\Backup files 6.zip"
"e:\windows7\Backup Set 2013-09-02 093906\Backup Files 2013-11-04 085449\Backup files 1.zip"
"e:\windows7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 2.zip"
"e:\windows7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 6.zip"
"e:\windows7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 7.zip"
"e:\windows7\Backup Set 2014-01-13 050000\Backup Files 2014-01-13 050000\Backup files 3.zip"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\windows7\Backup Set 2013-02-11 050001\Backup Files 2013-02-11 050001\Backup files 1.zip
e:\windows7\Backup Set 2013-02-11 050001\Backup Files 2013-02-11 050001\Backup files 2.zip
e:\windows7\Backup Set 2013-02-11 050001\Backup Files 2013-04-22 050001\Backup files 1.zip
e:\windows7\Backup Set 2013-05-27 050001\Backup Files 2013-05-27 050001\Backup files 2.zip
e:\windows7\Backup Set 2013-05-27 050001\Backup Files 2013-06-17 095807\Backup files 1.zip
e:\windows7\Backup Set 2013-09-02 093906\Backup Files 2013-09-02 093906\Backup files 2.zip
e:\windows7\Backup Set 2013-09-02 093906\Backup Files 2013-09-02 093906\Backup files 6.zip
e:\windows7\Backup Set 2013-09-02 093906\Backup Files 2013-11-04 085449\Backup files 1.zip
e:\windows7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 2.zip
e:\windows7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 6.zip
e:\windows7\Backup Set 2013-12-02 050000\Backup Files 2013-12-02 050000\Backup files 7.zip
e:\windows7\Backup Set 2014-01-13 050000\Backup Files 2014-01-13 050000\Backup files 3.zip
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-16 23:09 . 2014-01-16 23:09    --------    d-----w-    c:\users\Mom\AppData\Local\temp
2014-01-16 23:09 . 2014-01-16 23:09    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-16 20:33 . 2013-12-04 01:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3739E43D-49C6-4C44-9B6C-A255D66E7A0F}\mpengine.dll
2014-01-16 17:55 . 2014-01-16 17:55    --------    d-----w-    c:\program files (x86)\ESET
2014-01-16 09:00 . 2013-12-19 03:09    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 20:33 . 2013-12-04 01:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-15 03:36 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 03:36 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 03:36 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 03:36 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 03:36 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 03:36 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 03:36 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 03:36 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-04 09:59 . 2014-01-04 09:59    --------    d-----w-    c:\users\Dad\dwhelper
2014-01-02 18:02 . 2014-01-02 18:02    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3A85F53-9346-4326-A7AE-AE3825C1A272}\gapaengine.dll
2014-01-02 18:00 . 2014-01-02 18:00    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2014-01-02 18:00 . 2014-01-02 18:00    --------    d-----w-    c:\program files\Microsoft Security Client
2014-01-02 15:24 . 2014-01-02 15:24    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2014-01-02 15:24 . 2014-01-02 15:24    --------    d-----w-    c:\users\UpdatusUser
2014-01-02 15:15 . 2013-12-16 07:54    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA4F8761-397A-4D8E-A248-C0C45F31F220}\mpengine.dll
2014-01-02 13:14 . 2014-01-02 13:24    --------    d-----w-    c:\program files (x86)\Driver Fusion
2014-01-01 20:52 . 2014-01-01 20:52    --------    d-----w-    c:\program files (x86)\SSuitePersonalOffice
2014-01-01 20:51 . 2014-01-01 20:51    --------    d-----w-    c:\windows\SSuite Office Installations
2013-12-31 10:47 . 2013-12-31 10:47    --------    d-----w-    c:\users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2013-12-30 01:46 . 2014-01-01 09:48    --------    d-----w-    c:\program files (x86)\SpeedFan
2013-12-29 07:30 . 2013-12-29 07:30    --------    d-----w-    c:\users\Dad\AppData\Roaming\JAM Software
2013-12-29 07:30 . 2013-12-29 07:30    --------    d-----w-    c:\program files (x86)\JAM Software
2013-12-29 07:12 . 2013-12-29 07:12    --------    d-----w-    c:\program files\Speccy
2013-12-28 12:27 . 2013-12-28 12:27    --------    d-----w-    C:\SUPERDelete
2013-12-27 04:18 . 2013-12-27 04:38    --------    d-----w-    C:\getservices
2013-12-26 23:51 . 2013-12-26 23:51    --------    d-----w-    c:\programdata\SUPERSetup
2013-12-22 07:56 . 2013-12-22 07:56    --------    d-----w-    c:\users\Dad\AppData\Roaming\SUPERAntiSpyware.com
2013-12-22 07:56 . 2014-01-10 12:47    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-12-22 07:56 . 2013-12-22 07:56    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-12-22 06:22 . 2013-12-22 06:22    --------    d-----w-    c:\program files\Java
2013-12-22 06:16 . 2013-12-22 06:16    --------    d-----w-    c:\program files\Wireshark
2013-12-22 06:13 . 2013-12-22 06:13    --------    d-----w-    c:\users\Dad\AppData\Local\Secunia PSI
2013-12-22 06:13 . 2013-12-22 06:13    --------    d-----w-    c:\program files (x86)\Secunia
2013-12-18 18:42 . 2013-12-18 18:42    187248    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 09:00 . 2012-04-08 08:57    86054176    ----a-w-    c:\windows\system32\MRT.exe
2014-01-12 09:00 . 2012-09-20 05:53    16152    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-12-27 04:16 . 2013-12-27 04:16    130337    ----a-w-    C:\getservices.zip
2013-12-11 02:01 . 2012-04-09 10:03    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 02:01 . 2012-04-09 10:03    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 02:01 . 2013-12-11 02:01    9272200    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 18:25 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-26 11:54 . 2013-12-12 09:01    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 09:01    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 09:01    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 09:01    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 09:01    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 09:01    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 09:01    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 09:01    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 09:01    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 09:01    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 09:01    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 09:01    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 09:01    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 09:01    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 09:01    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 09:01    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 09:01    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 09:01    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 09:01    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 09:01    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 09:01    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 09:01    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 09:01    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 09:01    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 09:48    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 09:48    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-14 10:59 . 2013-11-14 10:59    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-14 10:59 . 2013-11-14 10:59    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-14 10:59 . 2013-11-14 10:59    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-14 10:59 . 2013-11-14 10:59    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-14 10:59 . 2013-11-14 10:59    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-14 10:59 . 2013-11-14 10:59    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-14 10:59 . 2013-11-14 10:59    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-14 10:59 . 2013-11-14 10:59    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-14 10:59 . 2013-11-14 10:59    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-14 10:59 . 2013-11-14 10:59    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-14 10:59 . 2013-11-14 10:59    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-14 10:59 . 2013-11-14 10:59    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-14 10:59 . 2013-11-14 10:59    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-14 10:59 . 2013-11-14 10:59    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-14 10:59 . 2013-11-14 10:59    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-14 10:59 . 2013-11-14 10:59    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-14 10:59 . 2013-11-14 10:59    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-14 10:59 . 2013-11-14 10:59    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-14 10:59 . 2013-11-14 10:59    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-14 10:59 . 2013-11-14 10:59    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-14 10:59 . 2013-11-14 10:59    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-14 10:59 . 2013-11-14 10:59    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-14 10:59 . 2013-11-14 10:59    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-14 10:59 . 2013-11-14 10:59    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-14 10:59 . 2013-11-14 10:59    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-14 10:59 . 2013-11-14 10:59    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-14 10:59 . 2013-11-14 10:59    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 10:59 . 2013-11-14 10:59    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-14 10:59 . 2013-11-14 10:59    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-14 10:59 . 2013-11-14 10:59    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-14 10:59 . 2013-11-14 10:59    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-14 10:59 . 2013-11-14 10:59    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-14 10:59 . 2013-11-14 10:59    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-14 10:59 . 2013-11-14 10:59    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-14 10:59 . 2013-11-14 10:59    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-14 10:59 . 2013-11-14 10:59    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-14 10:59 . 2013-11-14 10:59    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-14 10:59 . 2013-11-14 10:59    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-14 10:59 . 2013-11-14 10:59    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-14 10:59 . 2013-11-14 10:59    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-14 10:59 . 2013-11-14 10:59    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-14 10:59 . 2013-11-14 10:59    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-14 10:59 . 2013-11-14 10:59    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-14 10:59 . 2013-11-14 10:59    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-14 10:59 . 2013-11-14 10:59    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-14 10:59 . 2013-11-14 10:59    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-14 10:59 . 2013-11-14 10:59    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-14 10:59 . 2013-11-14 10:59    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-14 10:59 . 2013-11-14 10:59    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-14 10:59 . 2013-11-14 10:59    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-14 10:59 . 2013-11-14 10:59    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-14 10:59 . 2013-11-14 10:59    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-14 10:59 . 2013-11-14 10:59    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-14 10:59 . 2013-11-14 10:59    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-14 10:59 . 2013-11-14 10:59    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-14 10:59 . 2013-11-14 10:59    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-14 10:59 . 2013-11-14 10:59    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-14 10:59 . 2013-11-14 10:59    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-14 10:59 . 2013-11-14 10:59    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-12 02:23 . 2013-12-11 09:48    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 09:48    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 09:48    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 09:48    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-10-27 15:12 . 2013-10-27 15:12    1510176    ----a-w-    c:\windows\system32\nvhdagenco64.dll
2013-10-19 02:18 . 2013-12-11 09:48    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 09:48    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-12-17 5973272]
"VueMinder"="c:\program files (x86)\VueSoft\VueMinder\VueMinder.exe" [2013-04-19 7193088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2000-01-01 43608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-05 642728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-7-1 113664]
Carroll.lnk - c:\program files (x86)\Carroll\Carroll.exe /OnlySet [2013-5-15 294912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mstemnetp;Mstemnetp; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCMON23
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-15 00:17    1211672    ----a-w-    c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:01]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 22:27]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 22:27]
.
2012-05-27 c:\windows\Tasks\GOOGLE~2.JOB
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 22:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7204568]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 1361112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.startpage.com/en
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.202.166
FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6cdeia1d.default\
FF - prefs.js: browser.search.selectedEngine - Startpage
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-16  17:20:18
ComboFix-quarantined-files.txt  2014-01-16 23:20
ComboFix2.txt  2014-01-15 16:56
.
Pre-Run: 414,968,905,728 bytes free
Post-Run: 412,423,032,832 bytes free
.
- - End Of File - - EB6165CA90878299FEDEE2E152ED5D8E
A36C5E4F47E84449FF07ED3517B43A31
 


Edited by linuxpowers, 17 January 2014 - 12:28 AM.

AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users