Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

twunk 32


  • Please log in to reply
22 replies to this topic

#1 stevan1986

stevan1986

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 18 March 2014 - 02:44 PM

I scan my computer with combofix, and this is what I have...

ComboFix 14-03-16.01 - Stevan 18.03.2014 18:29:48.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4063.2254 [GMT 1:00]
Running from: c:\users\Stevan\Downloads\ComboFix.exe
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LinkSwift
c:\program files (x86)\LinkSwift\LinkSwift.ico
c:\program files (x86)\LinkSwift\LinkSwiftBHO.dll
c:\program files (x86)\LinkSwift\LinkSwiftUninstall.exe
c:\program files (x86)\LinkSwift\odpccdgkmiicgocepijnaeihjnjnomca.crx
c:\program files (x86)\LinkSwift\sqlite3.exe
c:\program files (x86)\LinkSwift\updateLinkSwift.exe
c:\program files (x86)\YoutubeAdblocker
c:\program files (x86)\YoutubeAdblocker\w.dat
c:\program files (x86)\YoutubeAdblocker\w.dll
c:\program files (x86)\YoutubeAdblocker\w.tlb
c:\program files (x86)\YoutubeAdblocker\w.x64.dll
c:\users\Stevan\AppData\Roaming\Tohaop
c:\users\Stevan\AppData\Roaming\Tohaop\oloho.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SecurityCenterServer2961576424
.
.
((((((((((((((((((((((((( Files Created from 2014-02-18 to 2014-03-18 )))))))))))))))))))))))))))))))
.
.
2014-03-18 13:40 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79EF0B82-7AFD-4E04-B9E2-3DE80DC56FC2}\mpengine.dll
2014-03-16 21:47 . 2014-03-16 21:47 -------- d-----w- c:\programdata\FuinDeals
2014-03-09 14:25 . 2014-03-09 14:25 -------- d-----w- c:\users\Stevan\AppData\Local\Skype
2014-03-09 14:17 . 2014-03-09 14:17 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-09 14:17 . 2014-03-09 14:17 -------- d-----r- c:\program files (x86)\Skype
2014-03-08 01:42 . 2014-03-08 01:42 -------- d-----w- c:\programdata\AllCheapPrIccee
2014-03-05 23:18 . 2014-03-05 23:18 -------- d-----w- c:\users\Stevan\AppData\Local\Macromedia
2014-03-05 22:38 . 2014-03-11 22:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-05 22:38 . 2014-03-11 22:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-05 22:37 . 2014-03-05 22:37 -------- d-----w- c:\windows\system32\Macromed
2014-03-05 22:33 . 2014-03-05 22:33 -------- d-----w- c:\users\Stevan\AppData\Local\Mozilla
2014-03-05 22:33 . 2014-03-05 22:33 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-03-05 22:08 . 2013-09-20 09:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-03-05 22:08 . 2014-03-05 22:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-05 22:08 . 2014-03-05 22:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-03-05 13:57 . 2014-03-05 13:57 124450 ----a-w- c:\program files\Windows Journal\Security\Manager\temp\tmp9DF4.exe
2014-03-01 09:52 . 2014-03-01 09:52 580096 ----a-w- c:\program files\Windows Journal\Security\Manager\temp\tmp7CCE.exe
2014-02-28 12:37 . 2014-02-28 12:37 -------- d-----w- c:\programdata\McAfee
2014-02-18 19:44 . 2014-02-18 19:44 390909 ----a-w- c:\program files\Windows Journal\Security\Manager\temp\tmp8935.exe
2014-02-18 05:43 . 2014-02-18 05:43 -------- d-----w- c:\programdata\UTAdReomOvallAppe
2014-02-18 05:43 . 2014-02-18 05:43 -------- d-----w- c:\programdata\jlanpelkooocholbjekildjlohcepeap
2014-02-17 21:26 . 2014-02-18 19:44 -------- d-----w- c:\users\Stevan\AppData\Roaming\wincrt
2014-02-17 21:26 . 2014-02-17 21:26 388533 ----a-w- c:\program files\Windows Journal\Security\Manager\temp\tmp2C5C.exe
2014-02-17 15:18 . 2013-10-26 04:06 286260 ----a-w- c:\windows\SysWow64\beecet.exe
2014-02-17 15:01 . 2014-02-17 15:01 110966 ----a-w- c:\program files\Windows Journal\Security\Manager\temp\tmp9EEE.exe
2014-02-17 15:01 . 2014-02-17 15:01 217088 ----a-w- c:\program files\Windows Journal\Security\Manager\temp\tmp8F24.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-08 19:41 . 2014-02-08 19:41 4241408 ----a-w- c:\program files (x86)\WS_x64.Enabler
2014-02-08 19:41 . 2014-02-08 19:41 175952 ----a-w- c:\program files (x86)\WSSvc.dll
2014-02-08 19:41 . 2014-02-08 19:41 4248576 ----a-w- c:\program files (x86)\WS.Enabler
2014-02-07 23:23 . 2014-02-07 22:04 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-02-07 23:23 . 2014-02-07 22:04 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-02-07 23:23 . 2014-02-07 22:04 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-02-07 23:23 . 2014-02-07 22:04 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-02-05 10:51 . 2014-02-05 10:51 204800 ----a-w- c:\users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe
2014-01-24 15:56 . 2013-11-15 20:05 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-01-24 15:56 . 2014-01-24 15:56 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-01-24 15:56 . 2014-01-24 15:56 9619872 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-01-24 15:56 . 2014-01-24 15:56 30361888 ----a-w- c:\windows\system32\nvoglv64.dll
2014-01-24 15:56 . 2014-01-24 15:56 22951200 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-01-24 15:56 . 2014-01-24 15:56 11514624 ----a-w- c:\windows\system32\nvopencl.dll
2014-01-24 15:56 . 2014-01-24 15:56 707360 ----a-w- c:\windows\system32\NvFBC64.dll
2014-01-24 15:56 . 2014-01-24 15:56 657184 ----a-w- c:\windows\system32\NvIFR64.dll
2014-01-24 15:56 . 2014-01-24 15:56 609568 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-01-24 15:56 . 2014-01-24 15:56 562464 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-01-24 15:56 . 2014-01-24 15:56 12613408 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-01-24 15:56 . 2014-01-24 15:56 9691888 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-01-24 15:56 . 2014-01-24 15:56 3132704 ----a-w- c:\windows\system32\nvcuvid.dll
2014-01-24 15:56 . 2014-01-24 15:56 3125024 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-01-24 15:56 . 2014-01-24 15:56 2947872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-01-24 15:56 . 2014-01-24 15:56 2747680 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-01-24 15:56 . 2014-01-24 15:56 18208624 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-01-24 15:56 . 2014-01-24 15:56 11600432 ----a-w- c:\windows\system32\nvcuda.dll
2014-01-24 15:56 . 2013-11-15 20:05 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-01-24 15:56 . 2014-01-24 15:56 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-01-24 15:56 . 2014-01-24 15:56 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
2014-01-24 15:56 . 2014-01-24 15:56 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-01-24 15:56 . 2013-11-15 20:05 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2014-01-24 15:38 . 2014-01-24 15:38 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-01-24 15:38 . 2014-01-24 15:38 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2014-01-24 15:38 . 2014-01-24 15:38 888536 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2014-01-24 15:01 . 2014-01-24 15:01 1884448 ----a-w- c:\windows\system32\nvdispco6433182.dll
2014-01-24 15:01 . 2014-01-24 15:01 1511712 ----a-w- c:\windows\system32\nvdispgenco6433182.dll
2014-01-16 00:42 . 2014-01-16 00:42 608032 ----a-w- C:\SecurityScanner.dll
2014-01-11 00:08 . 2014-01-11 00:08 1510328 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-01-06 15:20 . 2013-09-20 01:38 86054176 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{67380385-EA1D-6060-3DAB-C1F9CDB6B2B2}]
2014-03-16 21:47 426496 ----a-w- c:\programdata\FuinDeals\Mhe9C.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
2014-02-25 09:32 464720 ----a-w- c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A8DEBB67-A185-BEFC-0689-78A0C49B8424}]
2014-03-08 01:42 425984 ----a-w- c:\programdata\AllCheapPrIccee\4O8.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F65F0AFC-585B-FDA0-E41D-06E10C556AFD}]
2014-02-18 05:43 425984 ----a-w- c:\programdata\UTAdReomOvallAppe\w.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Stevan\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-23 905296]
"Laatleiknoegopa"="c:\users\Stevan\AppData\Roaming\Tohaop\oloho.exe" [2014-03-18 0]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-12-13 1573184]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Laatleiknoegopa"="c:\users\Stevan\AppData\Roaming\Tohaop\oloho.exe" [2014-03-18 0]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2013-12-18 2285344]
.
c:\users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EPUHelp.exe [2014-2-5 204800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files\Autodesk\3ds Max 2014\Server\WkSvMgr.exe [2013-10-25 5724472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 mts mobilni internet. RunOuc;mts mobilni internet. OUC;c:\program files (x86)\mts mobilni internet\UpdateDog\ouc.exe;c:\program files (x86)\mts mobilni internet\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 1a34a8e0;WS.Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-05 22:42]
.
2014-03-18 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-15 13:16]
.
2014-03-18 c:\windows\Tasks\Security Center Update - 2961576424.job
- c:\users\Stevan\AppData\Roaming\Tohaop\oloho.exe [2014-03-18 19:10]
.
2014-03-18 c:\windows\Tasks\WS.Enabler-S-71009536.job
- c:\programdata\setapp\ws.enabler\WS.Enabler.exe [2013-02-08 19:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-02-02 11:04 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67380385-EA1D-6060-3DAB-C1F9CDB6B2B2}]
2014-03-16 21:47 476160 ----a-w- c:\programdata\FuinDeals\Mhe9C.x64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8DEBB67-A185-BEFC-0689-78A0C49B8424}]
2014-03-08 01:42 475136 ----a-w- c:\programdata\AllCheapPrIccee\4O8.x64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F65F0AFC-585B-FDA0-E41D-06E10C556AFD}]
2014-02-18 05:43 475136 ----a-w- c:\programdata\UTAdReomOvallAppe\w.x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecurityInfoIcons]
@="{C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A}"
[HKEY_CLASSES_ROOT\CLSID\{C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A}]
2014-01-23 21:19 2487808 ----a-w- c:\program files\Windows Journal\Security\Manager\SecurityManager.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-05-13 487424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Laatleiknoegopa"="c:\users\Stevan\AppData\Roaming\Tohaop\oloho.exe" [2014-03-18 0]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.webisgreat.info/?pid=688&r=2014/02/08&hid=1233594694552349490&lg=EN&cc=RS&unqvl=48
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{9C702D34-C8E9-4569-AFF0-B5852E6B496B}: NameServer = 172.21.21.158 172.21.21.157
TCP: Interfaces\{EFA28B94-8935-4E0D-8A72-3CF078674FAA}: NameServer = 195.178.38.3 195.178.38.8
FF - ProfilePath - c:\users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\3z7d64lo.default-1395163179574\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{323420b6-65e5-4657-8106-a27392d4d4aa} - c:\program files (x86)\LinkSwift\LinkSwiftbho.dll
BHO-{CCA17F57-12A7-9DD0-2AE0-438174653DA5} - c:\program files (x86)\YoutubeAdblocker\w.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
BHO-{CCA17F57-12A7-9DD0-2AE0-438174653DA5} - c:\program files (x86)\YoutubeAdblocker\w.x64.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3259496993-2155270243-2555351654-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (S-1-5-21-3259496993-2155270243-2555351654-1000)
@Denied: (2) (LocalSystem)
"Progid"="Photoshop.Image.13"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-3259496993-2155270243-2555351654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\AutoCare.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-03-18 20:11:52 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-18 19:11
.
Pre-Run: 25.047.293.952 bytes free
Post-Run: 24.055.537.664 bytes free
.
- - End Of File - - B981C62EE5F2D1C896348E54C7BC2131
A36C5E4F47E84449FF07ED3517B43A31

Attached Files


Edited by nasdaq, 24 March 2014 - 08:23 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 22 March 2014 - 07:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 stevan1986

stevan1986
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 22 March 2014 - 08:14 AM

# AdwCleaner v3.022 - Report created 22/03/2014 at 14:11:33
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : Stevan - STEVAN-PC
# Running from : C:\Users\Stevan\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\3z7d64lo.default-1395163179574\prefs.js ]


*************************

AdwCleaner[R0].txt - [4684 octets] - [22/03/2014 14:02:37]
AdwCleaner[R1].txt - [696 octets] - [22/03/2014 14:11:33]
AdwCleaner[S0].txt - [4420 octets] - [22/03/2014 14:03:43]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [815 octets] ##########
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 22 March 2014 - 12:46 PM

Waiting for the other logs.

#5 stevan1986

stevan1986
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 22 March 2014 - 01:16 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Stevan on sub 22.03.2014 at 14:18:19,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{519857C1-183A-4BD3-8BD8-C0D837C9B913}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Stevan\AppData\Roaming\mozilla\firefox\profiles\3z7d64lo.default-1395163179574\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on sub 22.03.2014 at 15:00:19,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 stevan1986

stevan1986
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 22 March 2014 - 01:24 PM

Farbar Service Scanner Version: 25-02-2014
Ran by Stevan (administrator) on 22-03-2014 at 19:20:20
Running from "C:\Users\Stevan\Desktop"
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-09-20 01:58] - [2013-01-04 06:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 23 March 2014 - 07:33 AM

Did you remove anything from the FRST log or was it all you got?
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Let me know what problems you are having with this computer.

#8 stevan1986

stevan1986
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 23 March 2014 - 04:40 PM

This was everything I had...one of the problems is when I push right button on mouse on my desktop, all icons desapear on 10sec, and I hear sound like windows starts; some of programs not responding, like mozilla, autocad, 3ds max...



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 24 March 2014 - 07:15 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Remove Policies Set By Infections
Repair Icons
Remove Temp Files
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
How is it now?

#10 stevan1986

stevan1986
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 24 March 2014 - 08:10 AM

I did it, but still having the same problems...:(



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 24 March 2014 - 08:38 AM

I have now reviewed you ComboFix log and suggest the removal of these items.

Open notepad and copy/paste the text in the quote box below into it:
 
Folder::
c:\programdata\FuinDeals
c:\programdata\AllCheapPrIccee
c:\programdata\UTAdReomOvallAppe
c:\users\Stevan\AppData\Roaming\Tohaop

Driver::
1a34a8e0

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{67380385-EA1D-6060-3DAB-C1F9CDB6B2B2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A8DEBB67-A185-BEFC-0689-78A0C49B8424}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F65F0AFC-585B-FDA0-E41D-06E10C556AFD}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Laatleiknoegopa"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Laatleiknoegopa"=-

ClearJavaCache::

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Restart the computer normally to reset the registry.
===

Run the Farbar Service Scanner tool one more time and post a fresh log for my review.

Let me know what problem persists.

#12 stevan1986

stevan1986
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 24 March 2014 - 09:18 AM

ComboFix 14-03-16.01 - Stevan 24.03.2014  14:57:24.3.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.4063.2706 [GMT 1:00]
Running from: c:\users\Stevan\Downloads\ComboFix.exe
Command switches used :: c:\users\Stevan\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\UTAdReomOvallAppe
c:\programdata\UTAdReomOvallAppe\w.dat
c:\programdata\UTAdReomOvallAppe\w.dll
c:\programdata\UTAdReomOvallAppe\w.exe
c:\programdata\UTAdReomOvallAppe\w.tlb
c:\programdata\UTAdReomOvallAppe\w.x64.dll
c:\users\Stevan\AppData\Roaming\Tohaop
c:\users\Stevan\AppData\Roaming\Tohaop\oloho.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_1a34a8e0
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-24 to 2014-03-24  )))))))))))))))))))))))))))))))
.
.
2014-03-24 14:06 . 2014-03-24 14:06    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-03-24 14:06 . 2014-03-24 14:06    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2014-03-24 14:06 . 2014-03-24 14:06    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-24 14:06 . 2014-03-24 14:06    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-03-24 13:01 . 2014-03-24 13:03    --------    d-----w-    c:\windows\system32\catroot2
2014-03-24 12:49 . 2014-03-24 14:10    --------    d-----w-    c:\windows\system32\wbem\repository
2014-03-24 12:48 . 2014-03-24 12:48    --------    d-----w-    c:\windows\SysWow64\wbem\Performance
2014-03-24 12:42 . 2014-03-24 13:00    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2014-03-24 12:41 . 2014-03-24 12:41    --------    d-----w-    C:\RegBackup
2014-03-22 13:18 . 2014-03-22 13:18    --------    d-----w-    c:\windows\ERUNT
2014-03-22 13:02 . 2014-03-22 13:14    --------    d-----w-    C:\AdwCleaner
2014-03-21 08:48 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA45D117-7A33-4271-A6D2-588E87B4587E}\mpengine.dll
2014-03-18 19:23 . 2014-03-18 19:23    --------    d-----w-    c:\programdata\Malwarebytes
2014-03-18 19:23 . 2014-03-18 20:13    119000    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-18 19:18 . 2014-03-18 19:18    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-03-09 14:25 . 2014-03-09 14:25    --------    d-----w-    c:\users\Stevan\AppData\Local\Skype
2014-03-09 14:17 . 2014-03-09 14:17    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-03-09 14:17 . 2014-03-09 14:17    --------    d-----r-    c:\program files (x86)\Skype
2014-03-05 23:18 . 2014-03-05 23:18    --------    d-----w-    c:\users\Stevan\AppData\Local\Macromedia
2014-03-05 22:38 . 2014-03-11 22:42    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-05 22:38 . 2014-03-11 22:42    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-05 22:37 . 2014-03-05 22:37    --------    d-----w-    c:\windows\system32\Macromed
2014-03-05 22:33 . 2014-03-05 22:33    --------    d-----w-    c:\users\Stevan\AppData\Local\Mozilla
2014-03-05 22:33 . 2014-03-05 22:33    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-03-05 22:08 . 2013-09-20 09:49    21040    ----a-w-    c:\windows\system32\sdnclean64.exe
2014-03-05 22:08 . 2014-03-05 22:27    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-03-05 22:08 . 2014-03-05 22:08    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2014-03-05 13:57 . 2014-03-05 13:57    124450    ----a-w-    c:\program files\Windows Journal\Security\Manager\temp\tmp9DF4.exe
2014-03-01 09:52 . 2014-03-01 09:52    580096    ----a-w-    c:\program files\Windows Journal\Security\Manager\temp\tmp7CCE.exe
2014-02-28 12:37 . 2014-02-28 12:37    --------    d-----w-    c:\programdata\McAfee
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-08 19:41 . 2014-02-08 19:41    4241408    ----a-w-    c:\program files (x86)\WS_x64.Enabler
2014-02-08 19:41 . 2014-02-08 19:41    175952    ----a-w-    c:\program files (x86)\WSSvc.dll
2014-02-08 19:41 . 2014-02-08 19:41    4248576    ----a-w-    c:\program files (x86)\WS.Enabler
2014-02-07 23:23 . 2014-02-07 22:04    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2014-02-07 23:23 . 2014-02-07 22:04    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2014-02-07 23:23 . 2014-02-07 22:04    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2014-02-07 23:23 . 2014-02-07 22:04    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2014-02-05 10:51 . 2014-02-05 10:51    204800    ----a-w-    c:\users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe
2014-01-24 15:56 . 2013-11-15 20:05    18293608    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-01-24 15:56 . 2014-01-24 15:56    15862272    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-01-24 15:56 . 2014-01-24 15:56    9619872    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2014-01-24 15:56 . 2014-01-24 15:56    30361888    ----a-w-    c:\windows\system32\nvoglv64.dll
2014-01-24 15:56 . 2014-01-24 15:56    22951200    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2014-01-24 15:56 . 2014-01-24 15:56    11514624    ----a-w-    c:\windows\system32\nvopencl.dll
2014-01-24 15:56 . 2014-01-24 15:56    707360    ----a-w-    c:\windows\system32\NvFBC64.dll
2014-01-24 15:56 . 2014-01-24 15:56    657184    ----a-w-    c:\windows\system32\NvIFR64.dll
2014-01-24 15:56 . 2014-01-24 15:56    609568    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2014-01-24 15:56 . 2014-01-24 15:56    562464    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2014-01-24 15:56 . 2014-01-24 15:56    12613408    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2014-01-24 15:56 . 2014-01-24 15:56    9691888    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2014-01-24 15:56 . 2014-01-24 15:56    3132704    ----a-w-    c:\windows\system32\nvcuvid.dll
2014-01-24 15:56 . 2014-01-24 15:56    3125024    ----a-w-    c:\windows\system32\nvcuvenc.dll
2014-01-24 15:56 . 2014-01-24 15:56    2947872    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2014-01-24 15:56 . 2014-01-24 15:56    2747680    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2014-01-24 15:56 . 2014-01-24 15:56    18208624    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-01-24 15:56 . 2014-01-24 15:56    11600432    ----a-w-    c:\windows\system32\nvcuda.dll
2014-01-24 15:56 . 2013-11-15 20:05    15218504    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-01-24 15:56 . 2014-01-24 15:56    17560352    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2014-01-24 15:56 . 2014-01-24 15:56    25257248    ----a-w-    c:\windows\system32\nvcompiler.dll
2014-01-24 15:56 . 2014-01-24 15:56    2697248    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-01-24 15:56 . 2013-11-15 20:05    3069608    ----a-w-    c:\windows\system32\nvapi64.dll
2014-01-24 15:38 . 2014-01-24 15:38    73800    ----a-w-    c:\windows\system32\RtNicProp64.dll
2014-01-24 15:38 . 2014-01-24 15:38    107552    ----a-w-    c:\windows\system32\RTNUninst64.dll
2014-01-24 15:38 . 2014-01-24 15:38    888536    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2014-01-24 15:01 . 2014-01-24 15:01    1884448    ----a-w-    c:\windows\system32\nvdispco6433182.dll
2014-01-24 15:01 . 2014-01-24 15:01    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433182.dll
2014-01-16 00:42 . 2014-01-16 00:42    608032    ----a-w-    C:\SecurityScanner.dll
2014-01-11 00:08 . 2014-01-11 00:08    1510328    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2014-01-06 15:20 . 2013-09-20 01:38    86054176    ----a-w-    c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
2014-02-25 09:32    464720    ----a-w-    c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Stevan\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-23 905296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-12-13 1573184]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2013-12-18 2285344]
.
c:\users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EPUHelp.exe [2014-2-5 204800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files\Autodesk\3ds Max 2014\Server\WkSvMgr.exe [2013-10-25 5724472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 mts mobilni internet. RunOuc;mts mobilni internet. OUC;c:\program files (x86)\mts mobilni internet\UpdateDog\ouc.exe;c:\program files (x86)\mts mobilni internet\UpdateDog\ouc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-05 22:42]
.
2014-03-24 c:\windows\Tasks\WS.Enabler-S-71009536.job
- c:\programdata\setapp\ws.enabler\WS.Enabler.exe [2013-02-08 19:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-02-02 11:04    2486592    ----a-w-    c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecurityInfoIcons]
@="{C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A}"
[HKEY_CLASSES_ROOT\CLSID\{C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A}]
2014-01-23 21:19    2487808    ----a-w-    c:\program files\Windows Journal\Security\Manager\SecurityManager.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-05-13 487424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{9C702D34-C8E9-4569-AFF0-B5852E6B496B}: NameServer = 172.21.21.158 172.21.21.157
TCP: Interfaces\{EFA28B94-8935-4E0D-8A72-3CF078674FAA}: NameServer = 195.178.38.3 195.178.38.8
FF - ProfilePath - c:\users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\3z7d64lo.default-1395163179574\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F65F0AFC-585B-FDA0-E41D-06E10C556AFD} - c:\programdata\UTAdReomOvallAppe\w.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-Laatleiknoegopa - c:\users\Stevan\AppData\Roaming\Tohaop\oloho.exe
AddRemove-{CF830981-8F31-C561-C7A0-FE2CE1878B40} - c:\programdata\YoutubeAdblocker\WMUnV.exe
AddRemove-{F4D73F4A-21B8-E2D9-F41C-5588F0799B3C} - c:\programdata\UTAdReomOvallAppe\w.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\programdata\mts mobilni internet\OnlineUpdate\ouc.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\AutoCare.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-03-24  15:16:38 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-24 14:16
ComboFix2.txt  2014-03-18 19:11
.
Pre-Run: 24.188.981.248 bytes free
Post-Run: 23.786.004.480 bytes free
.
- - End Of File - - 00E736E0E54ADBAD6FEDC369A0090B12
A36C5E4F47E84449FF07ED3517B43A31

 



#13 stevan1986

stevan1986
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 24 March 2014 - 09:22 AM

Farbar Service Scanner log

 

Farbar Service Scanner Version: 25-02-2014
Ran by Stevan (administrator) on 24-03-2014 at 15:20:29
Running from "C:\Users\Stevan\Downloads"
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
WAN connected
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-09-20 01:58] - [2013-01-04 06:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#14 stevan1986

stevan1986
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 24 March 2014 - 09:28 AM

Still the same problems...



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 24 March 2014 - 12:03 PM



Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users