Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Possible Zeroaccess


  • This topic is locked This topic is locked
11 replies to this topic

#1 Guest_sakartvelo_*

Guest_sakartvelo_*

  • Guests
  • OFFLINE
  •  

Posted 28 March 2014 - 06:48 AM

First of all, thank you guys so much for your help.  Seriously.
 
The original thread for this problem can be found here:
 
 
In this post, I followed steps 6, 7, and 8 in the Preparation Guide for Use Before Using Malware Removal Tools and Requesting Help.
 
The first time I ran the DDS program, I got an error message that said the program was unable to write files and that there may be an error with my temp folder.  Everything on my desktop disappeared including my Windows toolbar and only the browser windows that I had been looking at remained.  I turned off my computer manually, waited 10 seconds, then turned it back on.  I then searched for my temp file.  It was empty.  The only thing I noticed was that the file wasn't capitalized like the other files in my C drive.  Undoubtedly this means nothing, but I capitalized the file to read "Temp" instead of "temp" and tried running the program again.  The program worked the second time and this was the result:
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.21.2
Run by Allie at 4:29:30 on 2014-03-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4004.2238 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gizmo\gservice.exe
C:\windows\system32\HPSIsvc.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\windows\Explorer.EXE
C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\File Association Helper\FAHWindow.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Gizmo\gizmo.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Easy Wireless Net\EASYWIRELESSNET.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Allie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Mhauag] C:\Users\Allie\AppData\Roaming\Microsoft\Mhauag.exe
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [GizmoDriveDelegate] "C:\Program Files (x86)\Gizmo\gizmo.exe" /RemountStartupImages
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Gizmo.lnk - C:\Program Files (x86)\Gizmo\gizmo.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{3B7E8831-0B9C-42FD-9F57-F8BCE6BE6002} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{5C9934AA-C985-4933-8812-EFA91864F432} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5C9934AA-C985-4933-8812-EFA91864F432}\07275637370236166656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5C9934AA-C985-4933-8812-EFA91864F432}\251646963737F6E6F57457563747 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5C9934AA-C985-4933-8812-EFA91864F432}\4616272616A79602E623 : DHCPNameServer = 212.58.96.3 212.58.96.8
TCP: Interfaces\{5C9934AA-C985-4933-8812-EFA91864F432}\554574 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5C9934AA-C985-4933-8812-EFA91864F432}\56E667F697D2C433 : DHCPNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{5C9934AA-C985-4933-8812-EFA91864F432}\74D22414B4552594 : DHCPNameServer = 8.8.8.8 4.2.2.2
TCP: Interfaces\{5C9934AA-C985-4933-8812-EFA91864F432}\84F6C69646169794E6E6047457563747 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{71824391-FB5B-40F5-A8E1-0CA77FBC9B3D} : NameServer = 81.95.167.65 81.95.167.66
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Allie\AppData\Roaming\Mozilla\Firefox\Profiles\vaj82a52.default\
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Allie\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Allie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Allie\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-2-20 55856]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-11-1 212280]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 GizmoDrv;Gizmo Device Driver;C:\windows\System32\drivers\gizmodrv.sys [2014-3-1 34704]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-20 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-2-23 3782672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2014-3-1 34728]
R2 HPSIService;HP SI Service;C:\windows\System32\HPSIsvc.exe [2013-5-1 126520]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-20 13336]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-20 1692480]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-20 2656280]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;C:\windows\System32\drivers\adusbser.sys [2009-11-5 154112]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-2-20 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-2-20 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-2-20 176096]
R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2013-7-15 87040]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-20 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-20 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [2013-7-15 655712]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2013-7-15 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\windows\System32\drivers\ew_usbenumfilter.sys [2013-7-15 13952]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\windows\System32\drivers\ewusbwwan.sys [2013-7-15 421888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 mvusbews;USB EWS Device;C:\windows\System32\drivers\mvusbews.sys [2013-5-1 20480]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-20 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\windows\SysWow64\NOTEPAD.EXE %1
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2014-03-27 11:50:53 -------- d-----w- C:\Program Files (x86)\ESET
2014-03-27 11:35:11 -------- d-----w- C:\windows\ERUNT
2014-03-27 05:58:23 -------- d-----w- C:\AdwCleaner
2014-03-15 11:21:23 -------- d-----w- C:\Users\Allie\AppData\Local\Skype
2014-03-14 13:33:00 -------- d-----w- C:\17cfc88ff665cff8243daa3f1ec4b56a
2014-03-13 13:34:38 624128 ----a-w- C:\windows\System32\qedit.dll
2014-03-13 13:34:38 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-03-13 13:34:37 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-03-13 13:34:37 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-03-02 05:44:53 -------- d-----w- C:\Users\Allie\AppData\Roaming\TeraCopy
2014-03-02 05:44:48 -------- d-----w- C:\Program Files\TeraCopy
2014-03-02 05:43:12 -------- d-----w- C:\Users\Allie\AppData\Roaming\Gizmo
2014-03-02 05:43:06 34704 ----a-w- C:\windows\System32\drivers\gizmodrv.sys
2014-03-02 05:42:58 -------- d-----w- C:\Program Files (x86)\Gizmo
2014-02-27 11:03:37 -------- d-----w- C:\windows\Migration
.
==================== Find3M  ====================
.
2014-03-13 15:00:44 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-13 15:00:44 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\windows\System32\wwansvc.dll
2014-01-06 19:23:36 4558848 ----a-w- C:\windows\SysWow64\GPhotos.scr
.
============= FINISH:  4:32:18.44 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA

Posted 28 March 2014 - 06:59 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 Guest_sakartvelo_*

Guest_sakartvelo_*

  • Guests
  • OFFLINE
  •  

Posted 28 March 2014 - 09:48 AM

Hey Jeff!  Thanks for the quick reply!  Here is the log I got from Combofix.  I did not have any problems running the program.  The strange locked files are still in my C Drive, though.

 

Combofix:

 

ComboFix 14-03-24.01 - Allie 03/28/2014   7:26.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4004.2134 [GMT -7:00]
Running from: c:\users\Allie\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9a4d2a9e-ce47-421d-bbd6-98fd72255fed.dll
c:\users\Allie\Documents\~WRL0003.tmp
c:\users\Allie\Documents\~WRL1221.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-28 to 2014-03-28  )))))))))))))))))))))))))))))))
.
.
2014-03-28 14:41 . 2014-03-28 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-27 11:50 . 2014-03-27 11:50 -------- d-----w- c:\program files (x86)\ESET
2014-03-27 11:35 . 2014-03-27 11:35 -------- d-----w- c:\windows\ERUNT
2014-03-27 05:58 . 2014-03-27 06:00 -------- d-----w- C:\AdwCleaner
2014-03-25 16:04 . 2014-03-25 16:04 -------- d-----w- c:\program files\7-Zip
2014-03-15 11:21 . 2014-03-15 11:21 -------- d-----w- c:\users\Allie\AppData\Local\Skype
2014-03-15 11:21 . 2014-03-15 11:21 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-14 13:33 . 2014-03-14 13:33 -------- d-----w- C:\17cfc88ff665cff8243daa3f1ec4b56a
2014-03-13 13:34 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 13:34 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-13 13:34 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 13:34 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-06 18:37 . 2014-03-06 18:37 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2014-03-02 05:44 . 2014-03-02 05:45 -------- d-----w- c:\users\Allie\AppData\Roaming\TeraCopy
2014-03-02 05:44 . 2014-03-02 05:44 -------- d-----w- c:\program files\TeraCopy
2014-03-02 05:43 . 2014-03-02 05:43 -------- d-----w- c:\users\Allie\AppData\Roaming\Gizmo
2014-03-02 05:43 . 2014-03-02 05:43 34704 ----a-w- c:\windows\system32\drivers\gizmodrv.sys
2014-03-02 05:42 . 2014-03-02 05:43 -------- d-----w- c:\program files (x86)\Gizmo
2014-02-27 11:03 . 2014-02-27 11:03 -------- d-----w- c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-13 15:00 . 2012-04-14 17:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-13 15:00 . 2012-02-20 16:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2014-03-02 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-03-20 4971024]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
Gizmo.lnk - c:\program files (x86)\Gizmo\gizmo.exe /NoSplash /NoShow [2014-3-1 223640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 05:24 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 15:00]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31 11:49]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31 11:49]
.
2014-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2267965291-988733691-3139414737-1001Core.job
- c:\users\Allie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 17:20]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2267965291-988733691-3139414737-1001UA.job
- c:\users\Allie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2013-09-26 216248]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Allie\AppData\Roaming\Mozilla\Firefox\Profiles\vaj82a52.default\
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Mhauag - c:\users\Allie\AppData\Roaming\Microsoft\Mhauag.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-817732627.files.peacecorps.gov - c:\program files (x86)\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-28  07:44:06
ComboFix-quarantined-files.txt  2014-03-28 14:44
.
Pre-Run: 72,186,953,728 bytes free
Post-Run: 72,759,136,256 bytes free
.
- - End Of File - - 4734D16109FA6FF6D8CACA0B689FBDAD


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 AM

Posted 28 March 2014 - 11:10 AM

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 Guest_sakartvelo_*

Guest_sakartvelo_*

  • Guests
  • OFFLINE
  •  

Posted 28 March 2014 - 01:00 PM

Here you are, Jeff.  Program ran smoothly, but my computer froze soon after.  Strange locked files still there.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Allie (administrator) on ALLIE-PC on 28-03-2014 09:42:28
Running from C:\Users\Allie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(HP) C:\windows\system32\HPSIsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gizmo.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Easy Wireless Net\EASYWIRELESSNET.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Allie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [FAHConsole] - C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RoxWatchTray] - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Run: [GizmoDriveDelegate] - C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2014-03-01] (Arainia Solutions)
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2267965291-988733691-3139414737-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{71824391-FB5B-40F5-A8E1-0CA77FBC9B3D}: [NameServer]81.95.167.65 81.95.167.66
 
FireFox:
========
FF ProfilePath: C:\Users\Allie\AppData\Roaming\Mozilla\Firefox\Profiles\vaj82a52.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Allie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Allie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Allie\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Allie\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Allie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Allie\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Yahoo! Toolbar - C:\Users\Allie\AppData\Roaming\Mozilla\Firefox\Profiles\vaj82a52.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-03-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Allie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Allie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Allie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Allie\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-08-03]
CHR Extension: (Media Hint) - C:\Users\Allie\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-06-12]
CHR Extension: (Google Docs) - C:\Users\Allie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-31]
CHR Extension: (Google Drive) - C:\Users\Allie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-31]
CHR Extension: (YouTube) - C:\Users\Allie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-31]
CHR Extension: (Google Search) - C:\Users\Allie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-31]
CHR Extension: (Skype Click to Call) - C:\Users\Allie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-04]
CHR Extension: (Google Wallet) - C:\Users\Allie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Allie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2014-03-01] (Arainia Solutions)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2013-07-15] ()
 
==================== Drivers (Whitelisted) ====================
 
R3 adusbser; C:\Windows\System32\DRIVERS\adusbser.sys [154112 2009-11-05] (AnyDATA.NET INC.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2014-03-01] (Arainia Solutions LLC)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2009-12-03] (Marvell Semiconductor, Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 SR; 
U2 srservice; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-28 09:42 - 2014-03-28 09:42 - 00025342 _____ () C:\Users\Allie\Desktop\FRST.txt
2014-03-28 09:42 - 2014-03-28 09:42 - 00000000 ____D () C:\FRST
2014-03-28 09:40 - 2014-03-28 09:42 - 02157056 _____ (Farbar) C:\Users\Allie\Desktop\FRST64.exe
2014-03-28 07:44 - 2014-03-28 07:44 - 00023781 _____ () C:\ComboFix.txt
2014-03-28 07:22 - 2014-03-28 07:44 - 00000000 ____D () C:\Qoobox
2014-03-28 07:22 - 2014-03-28 07:42 - 00000000 ____D () C:\windows\erdnt
2014-03-28 07:22 - 2011-06-25 23:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-28 07:22 - 2010-11-07 10:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-28 07:22 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-28 07:22 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-28 07:22 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-28 07:22 - 2000-08-30 17:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-28 07:22 - 2000-08-30 17:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-28 07:22 - 2000-08-30 17:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-28 07:19 - 2014-03-28 07:22 - 05192353 ____R (Swearware) C:\Users\Allie\Desktop\ComboFix.exe
2014-03-28 04:34 - 2014-03-28 04:34 - 00024540 _____ () C:\Users\Allie\Desktop\DDS1.txt
2014-03-28 04:34 - 2014-03-28 04:34 - 00010339 _____ () C:\Users\Allie\Desktop\Attach1.txt
2014-03-28 04:32 - 2014-03-28 04:32 - 00024540 _____ () C:\Users\Allie\Desktop\dds.txt
2014-03-28 04:32 - 2014-03-28 04:32 - 00010339 _____ () C:\Users\Allie\Desktop\attach.txt
2014-03-28 04:20 - 2014-03-28 04:20 - 00688992 ____R (Swearware) C:\Users\Allie\Desktop\dds.com
2014-03-27 04:50 - 2014-03-27 04:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-27 04:49 - 2014-03-27 04:49 - 02347384 _____ (ESET) C:\Users\Allie\Desktop\esetsmartinstaller_enu.exe
2014-03-27 04:45 - 2014-03-27 04:45 - 00002248 _____ () C:\Users\Allie\Desktop\JRT.txt
2014-03-27 04:35 - 2014-03-27 04:35 - 00000000 ____D () C:\windows\ERUNT
2014-03-27 04:29 - 2014-03-27 04:30 - 01038974 _____ (Thisisu) C:\Users\Allie\Desktop\JRT.exe
2014-03-26 22:58 - 2014-03-26 23:00 - 00000000 ____D () C:\AdwCleaner
2014-03-26 22:57 - 2014-03-26 22:58 - 01950720 _____ () C:\Users\Allie\Desktop\AdwCleaner.exe
2014-03-26 22:53 - 2014-03-26 22:53 - 00000000 ____D () C:\Users\Allie\Desktop\tdsskiller
2014-03-26 22:52 - 2014-03-26 22:53 - 04113320 _____ () C:\Users\Allie\Desktop\tdsskiller.zip
2014-03-26 22:47 - 2014-03-26 22:47 - 00032379 _____ () C:\Users\Allie\Desktop\Result.txt
2014-03-26 22:46 - 2014-03-26 22:46 - 00982016 _____ (Farbar) C:\Users\Allie\Desktop\MiniToolBox.exe
2014-03-25 12:14 - 2014-03-25 12:14 - 00001268 _____ () C:\Users\Public\Desktop\NCH Software.lnk
2014-03-25 12:14 - 2014-03-25 12:14 - 00001136 _____ () C:\Users\Public\Desktop\Express Zip.lnk
2014-03-25 09:07 - 2014-03-25 09:07 - 00000000 ____D () C:\Users\Allie\Documents\Gemma Doyle Trilogy by Libba Bray
2014-03-25 09:04 - 2014-03-25 09:04 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-25 09:02 - 2014-03-25 09:03 - 01376768 _____ () C:\Users\Allie\Desktop\7z920-x64.msi
2014-03-22 09:01 - 2014-03-22 09:07 - 11190406 _____ () C:\Users\Allie\Desktop\calibre-1.29.0.msi
2014-03-22 05:58 - 2014-03-23 06:10 - 00000000 ____D () C:\Users\Allie\Desktop\The Complete Guide to the Toefl Test - IBT Edition (Malestrom)
2014-03-22 05:56 - 2014-03-22 05:57 - 00000000 ____D () C:\Users\Allie\Desktop\Cambridge - English In Use Collection [Books & Audio CD-ROMs] by Cloud Dancing
2014-03-22 05:51 - 2014-03-22 05:51 - 00000000 ____D () C:\Users\Allie\Desktop\Cambridge - Advanced Grammar In Use (With CD) #foreignlanguagecollection
2014-03-22 03:26 - 2014-03-22 03:26 - 00018628 _____ () C:\Users\Allie\Desktop\stuffed_elephant_solo_librivox_archive.torrent
2014-03-22 01:43 - 2014-03-23 21:59 - 00000000 ____D () C:\Users\Allie\Desktop\Audiobooks
2014-03-18 09:00 - 2014-03-18 09:08 - 00000000 ____D () C:\Users\Allie\Desktop\2013 Tests for Gulnara
2014-03-16 01:07 - 2014-03-16 01:27 - 00000000 ____D () C:\Users\Allie\Desktop\Calendar
2014-03-15 04:21 - 2014-03-15 04:21 - 00000000 ____D () C:\Users\Allie\AppData\Local\Skype
2014-03-14 06:33 - 2014-03-14 06:33 - 00000000 ____D () C:\17cfc88ff665cff8243daa3f1ec4b56a
2014-03-13 06:36 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 06:36 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 06:36 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 06:36 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 06:36 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 06:36 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 06:36 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 06:36 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 06:36 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 06:36 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 06:36 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 06:36 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 06:36 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 06:36 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 06:36 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 06:36 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 06:36 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 06:36 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 06:36 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 06:36 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 06:36 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 06:36 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 06:36 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 06:36 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 06:36 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 06:36 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 06:36 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 06:36 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 06:36 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 06:36 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 06:36 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 06:36 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 06:36 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 06:36 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 06:36 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 06:36 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 06:36 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 06:36 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 06:36 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 06:36 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 06:36 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 06:36 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 06:36 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 06:36 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 06:34 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 06:34 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 06:34 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 06:34 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-06 11:37 - 2014-03-06 11:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-06 11:37 - 2014-03-06 11:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-06 00:09 - 2014-03-19 22:38 - 00000000 ____D () C:\Users\Allie\Desktop\Video Contest
2014-03-03 02:56 - 2014-03-03 02:56 - 01194128 _____ () C:\Users\Allie\Desktop\tellusvideocontest.zip
2014-03-02 00:41 - 2014-03-02 00:42 - 00000000 ____D () C:\Users\Allie\Desktop\Warez
2014-03-02 00:37 - 2014-03-02 00:38 - 00000000 ____D () C:\Users\Allie\Desktop\GRE Prep
2014-03-02 00:37 - 2014-03-02 00:37 - 00000000 ____D () C:\Users\Allie\Desktop\Rosetta Stone
2014-03-01 22:44 - 2014-03-01 22:45 - 00000000 ____D () C:\Users\Allie\AppData\Roaming\TeraCopy
2014-03-01 22:44 - 2014-03-01 22:44 - 00000000 ____D () C:\Program Files\TeraCopy
2014-03-01 22:43 - 2014-03-01 23:06 - 00000000 ____D () C:\Users\Allie\Documents\Gizmo
2014-03-01 22:43 - 2014-03-01 22:43 - 00034704 _____ (Arainia Solutions LLC) C:\windows\system32\Drivers\gizmodrv.sys
2014-03-01 22:43 - 2014-03-01 22:43 - 00003994 _____ () C:\windows\System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B}
2014-03-01 22:43 - 2014-03-01 22:43 - 00000000 ____D () C:\Users\Allie\AppData\Roaming\Gizmo
2014-03-01 22:42 - 2014-03-01 22:43 - 00000000 ____D () C:\Program Files (x86)\Gizmo
 
==================== One Month Modified Files and Folders =======
 
2014-03-28 09:42 - 2014-03-28 09:42 - 00025342 _____ () C:\Users\Allie\Desktop\FRST.txt
2014-03-28 09:42 - 2014-03-28 09:42 - 00000000 ____D () C:\FRST
2014-03-28 09:42 - 2014-03-28 09:40 - 02157056 _____ (Farbar) C:\Users\Allie\Desktop\FRST64.exe
2014-03-28 09:22 - 2013-05-31 04:49 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 09:16 - 2012-02-20 09:09 - 01311568 _____ () C:\windows\WindowsUpdate.log
2014-03-28 09:05 - 2013-02-09 10:20 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2267965291-988733691-3139414737-1001UA.job
2014-03-28 09:00 - 2012-04-14 10:18 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 08:13 - 2013-12-26 00:58 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-28 07:44 - 2014-03-28 07:44 - 00023781 _____ () C:\ComboFix.txt
2014-03-28 07:44 - 2014-03-28 07:22 - 00000000 ____D () C:\Qoobox
2014-03-28 07:44 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-03-28 07:42 - 2014-03-28 07:22 - 00000000 ____D () C:\windows\erdnt
2014-03-28 07:41 - 2009-07-13 19:34 - 00000215 _____ () C:\windows\system.ini
2014-03-28 07:22 - 2014-03-28 07:19 - 05192353 ____R (Swearware) C:\Users\Allie\Desktop\ComboFix.exe
2014-03-28 07:21 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 07:21 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 07:14 - 2013-05-31 04:49 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 07:14 - 2012-02-20 10:00 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-28 07:14 - 2012-02-20 10:00 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-28 07:14 - 2012-02-20 09:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-28 07:13 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-28 07:13 - 2009-07-13 21:51 - 00160456 _____ () C:\windows\setupact.log
2014-03-28 04:34 - 2014-03-28 04:34 - 00024540 _____ () C:\Users\Allie\Desktop\DDS1.txt
2014-03-28 04:34 - 2014-03-28 04:34 - 00010339 _____ () C:\Users\Allie\Desktop\Attach1.txt
2014-03-28 04:32 - 2014-03-28 04:32 - 00024540 _____ () C:\Users\Allie\Desktop\dds.txt
2014-03-28 04:32 - 2014-03-28 04:32 - 00010339 _____ () C:\Users\Allie\Desktop\attach.txt
2014-03-28 04:20 - 2014-03-28 04:20 - 00688992 ____R (Swearware) C:\Users\Allie\Desktop\dds.com
2014-03-28 04:05 - 2009-07-13 22:08 - 00032628 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-03-28 01:36 - 2009-07-13 22:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-27 07:04 - 2013-06-11 11:10 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-03-27 04:50 - 2014-03-27 04:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-27 04:49 - 2014-03-27 04:49 - 02347384 _____ (ESET) C:\Users\Allie\Desktop\esetsmartinstaller_enu.exe
2014-03-27 04:45 - 2014-03-27 04:45 - 00002248 _____ () C:\Users\Allie\Desktop\JRT.txt
2014-03-27 04:35 - 2014-03-27 04:35 - 00000000 ____D () C:\windows\ERUNT
2014-03-27 04:30 - 2014-03-27 04:29 - 01038974 _____ (Thisisu) C:\Users\Allie\Desktop\JRT.exe
2014-03-26 23:00 - 2014-03-26 22:58 - 00000000 ____D () C:\AdwCleaner
2014-03-26 22:58 - 2014-03-26 22:57 - 01950720 _____ () C:\Users\Allie\Desktop\AdwCleaner.exe
2014-03-26 22:53 - 2014-03-26 22:53 - 00000000 ____D () C:\Users\Allie\Desktop\tdsskiller
2014-03-26 22:53 - 2014-03-26 22:52 - 04113320 _____ () C:\Users\Allie\Desktop\tdsskiller.zip
2014-03-26 22:47 - 2014-03-26 22:47 - 00032379 _____ () C:\Users\Allie\Desktop\Result.txt
2014-03-26 22:46 - 2014-03-26 22:46 - 00982016 _____ (Farbar) C:\Users\Allie\Desktop\MiniToolBox.exe
2014-03-25 22:13 - 2010-11-20 20:47 - 00177296 _____ () C:\windows\PFRO.log
2014-03-25 12:14 - 2014-03-25 12:14 - 00001268 _____ () C:\Users\Public\Desktop\NCH Software.lnk
2014-03-25 12:14 - 2014-03-25 12:14 - 00001136 _____ () C:\Users\Public\Desktop\Express Zip.lnk
2014-03-25 12:14 - 2014-01-17 06:44 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2014-03-25 12:14 - 2014-01-10 11:38 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-25 12:14 - 2014-01-10 11:37 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-03-25 12:01 - 2014-01-01 01:11 - 00000000 ____D () C:\Users\Allie\AppData\Roaming\tixati
2014-03-25 09:07 - 2014-03-25 09:07 - 00000000 ____D () C:\Users\Allie\Documents\Gemma Doyle Trilogy by Libba Bray
2014-03-25 09:04 - 2014-03-25 09:04 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-25 09:03 - 2014-03-25 09:02 - 01376768 _____ () C:\Users\Allie\Desktop\7z920-x64.msi
2014-03-25 08:57 - 2013-04-03 23:29 - 00000000 ____D () C:\Program Files\Webroot
2014-03-25 06:08 - 2012-12-13 04:41 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-25 06:08 - 2012-12-13 04:40 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-03-25 06:01 - 2013-08-03 12:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 05:58 - 2013-08-03 13:33 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-03-23 21:59 - 2014-03-22 01:43 - 00000000 ____D () C:\Users\Allie\Desktop\Audiobooks
2014-03-23 06:10 - 2014-03-22 05:58 - 00000000 ____D () C:\Users\Allie\Desktop\The Complete Guide to the Toefl Test - IBT Edition (Malestrom)
2014-03-23 05:51 - 2012-02-20 09:36 - 00000000 ____D () C:\ProgramData\Sonic
2014-03-22 09:07 - 2014-03-22 09:01 - 11190406 _____ () C:\Users\Allie\Desktop\calibre-1.29.0.msi
2014-03-22 09:02 - 2012-07-03 08:31 - 00000000 ____D () C:\Users\Allie\AppData\Roaming\Skype
2014-03-22 05:57 - 2014-03-22 05:56 - 00000000 ____D () C:\Users\Allie\Desktop\Cambridge - English In Use Collection [Books & Audio CD-ROMs] by Cloud Dancing
2014-03-22 05:51 - 2014-03-22 05:51 - 00000000 ____D () C:\Users\Allie\Desktop\Cambridge - Advanced Grammar In Use (With CD) #foreignlanguagecollection
2014-03-22 04:05 - 2013-02-09 10:20 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2267965291-988733691-3139414737-1001Core.job
2014-03-22 03:26 - 2014-03-22 03:26 - 00018628 _____ () C:\Users\Allie\Desktop\stuffed_elephant_solo_librivox_archive.torrent
2014-03-19 22:38 - 2014-03-06 00:09 - 00000000 ____D () C:\Users\Allie\Desktop\Video Contest
2014-03-19 07:41 - 2012-10-28 06:55 - 00000000 ____D () C:\Users\Allie\Desktop\Desktop Word Files & Pics
2014-03-19 06:07 - 2012-04-14 10:01 - 00000000 ____D () C:\Users\Allie\AppData\Roaming\Mozilla
2014-03-18 09:08 - 2014-03-18 09:00 - 00000000 ____D () C:\Users\Allie\Desktop\2013 Tests for Gulnara
2014-03-16 01:27 - 2014-03-16 01:07 - 00000000 ____D () C:\Users\Allie\Desktop\Calendar
2014-03-15 13:37 - 2012-12-10 10:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-15 04:21 - 2014-03-15 04:21 - 00000000 ____D () C:\Users\Allie\AppData\Local\Skype
2014-03-15 04:21 - 2012-07-03 08:30 - 00000000 ____D () C:\ProgramData\Skype
2014-03-15 00:35 - 2009-07-13 21:45 - 00465024 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 15:41 - 2012-11-24 02:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 07:38 - 2013-03-13 12:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:38 - 2013-03-13 12:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 06:33 - 2014-03-14 06:33 - 00000000 ____D () C:\17cfc88ff665cff8243daa3f1ec4b56a
2014-03-13 08:00 - 2012-04-14 10:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 08:00 - 2012-04-14 10:18 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 08:00 - 2012-02-20 09:21 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 06:42 - 2014-02-03 04:14 - 00000000 ____D () C:\Users\Allie\Desktop\Global Dialogues
2014-03-09 01:55 - 2014-02-16 00:10 - 00000000 ____D () C:\Users\Allie\Desktop\Guitar
2014-03-08 09:02 - 2013-02-28 07:53 - 00000000 ____D () C:\Users\Allie\AppData\Roaming\vlc
2014-03-06 11:37 - 2014-03-06 11:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-06 11:37 - 2014-03-06 11:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-03 02:56 - 2014-03-03 02:56 - 01194128 _____ () C:\Users\Allie\Desktop\tellusvideocontest.zip
2014-03-02 01:29 - 2012-12-21 01:54 - 00000000 ____D () C:\Users\Allie\Desktop\Movies
2014-03-02 00:42 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Allie\Desktop\Warez
2014-03-02 00:38 - 2014-03-02 00:37 - 00000000 ____D () C:\Users\Allie\Desktop\GRE Prep
2014-03-02 00:37 - 2014-03-02 00:37 - 00000000 ____D () C:\Users\Allie\Desktop\Rosetta Stone
2014-03-01 23:06 - 2014-03-01 22:43 - 00000000 ____D () C:\Users\Allie\Documents\Gizmo
2014-03-01 22:45 - 2014-03-01 22:44 - 00000000 ____D () C:\Users\Allie\AppData\Roaming\TeraCopy
2014-03-01 22:44 - 2014-03-01 22:44 - 00000000 ____D () C:\Program Files\TeraCopy
2014-03-01 22:43 - 2014-03-01 22:43 - 00034704 _____ (Arainia Solutions LLC) C:\windows\system32\Drivers\gizmodrv.sys
2014-03-01 22:43 - 2014-03-01 22:43 - 00003994 _____ () C:\windows\System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B}
2014-03-01 22:43 - 2014-03-01 22:43 - 00000000 ____D () C:\Users\Allie\AppData\Roaming\Gizmo
2014-03-01 22:43 - 2014-03-01 22:42 - 00000000 ____D () C:\Program Files (x86)\Gizmo
2014-02-28 23:05 - 2014-03-13 06:36 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-28 22:17 - 2014-03-13 06:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-28 22:16 - 2014-03-13 06:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-28 21:58 - 2014-03-13 06:36 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-28 21:52 - 2014-03-13 06:36 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-28 21:51 - 2014-03-13 06:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-28 21:42 - 2014-03-13 06:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-28 21:40 - 2014-03-13 06:36 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-28 21:37 - 2014-03-13 06:36 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-28 21:33 - 2014-03-13 06:36 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-28 21:33 - 2014-03-13 06:36 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-28 21:32 - 2014-03-13 06:36 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-28 21:30 - 2014-03-13 06:36 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-28 21:23 - 2014-03-13 06:36 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-02-28 21:17 - 2014-03-13 06:36 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-28 21:11 - 2014-03-13 06:36 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-28 21:02 - 2014-03-13 06:36 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-28 20:54 - 2014-03-13 06:36 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-28 20:52 - 2014-03-13 06:36 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-28 20:51 - 2014-03-13 06:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-13 06:36 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-28 20:43 - 2014-03-13 06:36 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-28 20:43 - 2014-03-13 06:36 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-28 20:42 - 2014-03-13 06:36 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-28 20:40 - 2014-03-13 06:36 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-28 20:38 - 2014-03-13 06:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-28 20:37 - 2014-03-13 06:36 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-28 20:35 - 2014-03-13 06:36 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-28 20:18 - 2014-03-13 06:36 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-28 20:16 - 2014-03-13 06:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-28 20:14 - 2014-03-13 06:36 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-28 20:10 - 2014-03-13 06:36 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-28 20:03 - 2014-03-13 06:36 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-28 20:00 - 2014-03-13 06:36 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-28 19:57 - 2014-03-13 06:36 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-28 19:38 - 2014-03-13 06:36 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-28 19:32 - 2014-03-13 06:36 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-28 19:27 - 2014-03-13 06:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-28 19:25 - 2014-03-13 06:36 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-28 19:25 - 2014-03-13 06:36 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 12:24 - 2011-11-16 12:25 - 00775084 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-22 09:27
 
==================== End Of Log ============================

Attached Files



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA

Posted 28 March 2014 - 05:47 PM

Strange locked files still there.

What are you referring to here??

 

 

Is there any reason why your system might be able to connect to the internet in Tbilisi Georgia?


Edited by jeffce, 28 March 2014 - 05:54 PM.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 Guest_sakartvelo_*

Guest_sakartvelo_*

  • Guests
  • OFFLINE
  •  

Posted 29 March 2014 - 12:45 AM

Yes, the Georgia thing is normal.  All of the "Magti" internet stuff is normal, too.  I live in Georgia.  :-)

 

I've attached screen shots of what I'm talking about.  There is one picture of both files in my C Drive, two of the security messages that I get when I try to open the files in the first locked file, and one of the files inside of the second locked file.  The second locked file only recently created itself (like about a week or so ago).  At first, it was just a locked file with a long random name and a readme inside.  When I tried to open the readme, I got an error message about not having access privileges.  I then left the file, but opened it soon after to find all of the Microsoft Silverlight files that you can see in the picture.  I have tried every normal thing to get rid of them, but going through the security tab to try to adjust my privileges doesn't seem to work ... and obviously just trying to delete them doesn't, either!

Attached Files


Edited by sakartvelo, 29 March 2014 - 12:52 AM.


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 AM

Posted 29 March 2014 - 08:52 AM

Download RogueKiller to your Desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • There will be a pre-scan that will run automatically (this is normal)
  • Once the pre-scan has finished, press the Scan button.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
  • Once the Scan is complete, press the Report button to generate the results. 

Please post the contents of the RKreport.txt in your next Reply.
 
----------------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 Guest_sakartvelo_*

Guest_sakartvelo_*

  • Guests
  • OFFLINE
  •  

Posted 29 March 2014 - 10:28 AM

Jeff,
 
The program ran smoothly and I didn't have any problems.  It didn't delete two HJ POL (?) that it identified, though, it said that they couldn't be found.  The two locked virus files are still on my computer.
 
Here's the report:
 
 RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allie [Admin rights]
Mode : Remove -- Date : 03/29/2014 08:24:01
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500LM012 HN-M500MBB +++++
--- User ---
[MBR] 56b44a50b338e298fe1a10207a443fd5
[BSP] 60d18a0a09abf50d75deaa6c8da51331 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_03292014_082401.txt >>


#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA

Posted 29 March 2014 - 01:29 PM

The two locked virus files are still on my computer.

I am not sure those are viruses yet though?  Nothing that I am seeing has been particularly bad.
 
VBJ9QO9.jpgJava
 
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
 
http://java.com/en/download/index.jsp
----------
 
See this page for instructions on how to clear java's cache.
 
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

----------
 

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.
     
          A3npGzM.jpg
       
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:
 
Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
 
Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 AM

Posted 01 April 2014 - 07:52 PM

Still with me?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA

Posted 03 April 2014 - 12:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users