Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Windows detected a hard disk problem." Steam Virus?


  • Please log in to reply
7 replies to this topic

#1 fonz26

fonz26

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 30 March 2014 - 08:45 PM

I posted a topic in "Am I Infected? What Do I Do?," and I was referred here. I'll paste the details from that post here.

 

"My laptop is a Toshiba Satellite, L655D running on Windows 7, 64-bit. My hard disk is a Toshiba MK3265GSX ATA. I've had it for three-and-a-half years now, and aside from the occasional issue, its been good to me. However, earlier today [Mar. 23], I opened my computer from sleep mode, and after a few minutes of normal web-browsing, I got an error that shocked me. This error pops up every ten minutes or so. I'm not exactly sure how to add a picture to this post, so I'll just transcribe it.

 

"Windows detected a hard disk problem

Back up your files immediately to prevent information loss, and then contact the computer manufacturer to determine if you need to repair or replace the disk.

>Start the backup process

>Ask me again later

If the disk fails before the next warning, you could lose all of the programs and documents on the disk"

 

Toshiba Service Station also told me a similar tale. I immediately panicked, and furiously googled around for solutions. Some called it a final warning to back up the computer, while some called it a virus. I think I'm hoping for the latter. I ran a Malwarebytes scan, which found nothing. I also ran a Microsoft Security Essentials scan with the same results. I then ran a chkdsk scan, which took about two hours. All of it seemed normal, except for one line from the log, "windows replaced bad clusters in file 254647 of name \PROGRA~2\Steam\STEAMA~1\SOA66A~1.GCF" The end of the log also said that it had 4KB of bad clusters. I have no idea what this means, but it seemed like it had fixed whatever issue had occurred. But after rebooting the laptop, it had still displayed the same error.

 

I am extremely worried about this computer, and I am not in a position to start backing up data. All I've been able to save so far is my documents and pictures, and I have no money to buy a new computer or drive. I haven't done anything strange with this computer, so this error really took me by surprise. My laptop hasn't been running strangely either, which makes me think that something's not really wrong with it. I'm really hoping that this issue can be solved somehow, but I'm losing hope. My only hope is that this could be a virus that is giving Windows false positives, like some people have reported, and that I can remove it somehow. Any help at all would be greatly appreciated. Thank you in advance."

 

After a few days, a user believed that the line, "windows replaced bad clusters in file 254647 of name \PROGRA~2\Steam\STEAMA~1\SOA66A~1.GCF," indicated that the cause of my issues could be a virus that is posing as a Steam file, so I was told to post here. As an update, my laptop is still running normally, and I've backed up all of my documents and pictures. It is strange to me how normal this is running, but I'm still very worried about this computer. Hopefully this error is a virus that can be removed, and again, thank you in advance for any help.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 03 April 2014 - 08:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 fonz26

fonz26
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 03 April 2014 - 11:40 AM

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/3/2014
Scan Time: 11:26:20 AM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.0.1000
Malware Database: v2014.04.03.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Aj
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292146
Time Elapsed: 1 hr, 12 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
AdwCleaner
 
# AdwCleaner v3.023 - Report created 03/04/2014 at 12:11:07
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Aj - LAPTOP-PC
# Running from : C:\Users\Aj\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Laptop\AppData\Local\PackageAware
Folder Deleted : C:\Users\Aj\AppData\LocalLow\AskToolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKCU\Software\Softonic
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v17.0.1 (en-US)
 
[ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v82110h2.default\prefs.js ]
 
 
[ File : C:\Users\Aj\AppData\Roaming\Mozilla\Firefox\Profiles\r9vjuznj.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Aj\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1296 octets] - [03/04/2014 12:06:02]
AdwCleaner[S0].txt - [1196 octets] - [03/04/2014 12:11:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1256 octets] ##########

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Aj (administrator) on LAPTOP-PC on 03-04-2014 12:24:59
Running from C:\Users\Aj\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\windows\system32\DFDWiz.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
( ) C:\windows\system32\lxctcoms.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
() C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Aj\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [517176 2010-01-29] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [lxctmon.exe] - C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM-x32\...\Run: [UnlockerAssistant] - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
Startup: C:\Users\Aj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Aj\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9585D94E-47B8-4A08-B377-4B4DDF9D2295} URL = 
SearchScopes: HKCU - {B0B21DB5-3C68-41C0-8F60-B278D17A81B6} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 131.183.2.111 136.247.82.83
 
FireFox:
========
FF ProfilePath: C:\Users\Aj\AppData\Roaming\Mozilla\Firefox\Profiles\r9vjuznj.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Aj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Aj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\Aj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-25]
CHR Extension: (YouTube) - C:\Users\Aj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google Search) - C:\Users\Aj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Metal Gear Solid) - C:\Users\Aj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcailgidfliimkbcfjejbenodcoklhfc [2014-01-20]
CHR Extension: (Google Wallet) - C:\Users\Aj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Aj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-02-22]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
R2 lxct_device; C:\windows\system32\lxctcoms.exe [566192 2006-11-22] ( )
R2 lxct_device; C:\windows\SysWOW64\lxctcoms.exe [537520 2006-11-22] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () <===== ATTENTION Necurs Rootkit?
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-03 12:24 - 2014-04-03 12:25 - 00013302 _____ () C:\Users\Aj\Downloads\FRST.txt
2014-04-03 12:24 - 2014-04-03 12:24 - 00000000 ____D () C:\FRST
2014-04-03 12:05 - 2014-04-03 12:11 - 00000000 ____D () C:\AdwCleaner
2014-04-03 12:03 - 2014-04-03 12:03 - 02157056 _____ (Farbar) C:\Users\Aj\Downloads\FRST64.exe
2014-04-03 12:02 - 2014-04-03 12:02 - 01426178 _____ () C:\Users\Aj\Downloads\adwcleaner.exe
2014-04-03 11:27 - 2014-04-03 11:27 - 00001048 _____ () C:\mbam.txt
2014-04-03 10:11 - 2014-04-03 10:13 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 10:11 - 2014-04-03 10:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 10:11 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 10:11 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 10:07 - 2014-04-03 10:07 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Aj\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-30 21:22 - 2014-03-30 21:22 - 00018492 _____ () C:\Users\Aj\Documents\DDS.txt
2014-03-30 21:21 - 2014-03-30 21:21 - 00010904 _____ () C:\Users\Aj\Documents\Attach.txt
2014-03-30 21:13 - 2014-03-30 21:13 - 00010904 _____ () C:\Users\Aj\Desktop\attach.txt
2014-03-30 21:13 - 2014-03-30 21:12 - 00018492 _____ () C:\Users\Aj\Desktop\dds.txt
2014-03-30 21:08 - 2014-03-30 21:09 - 00688992 ____R (Swearware) C:\Users\Aj\Downloads\dds.com
2014-03-26 08:45 - 2014-03-26 09:39 - 00000000 ____D () C:\Users\Aj\Downloads\Chapter 01
2014-03-26 08:44 - 2014-03-26 08:45 - 00063333 _____ () C:\Users\Aj\Downloads\Chapter 01.zip
2014-03-25 15:38 - 2014-03-25 15:39 - 02486272 _____ () C:\Users\Aj\Downloads\PCAST March 3, 2003.ppt
2014-03-23 21:08 - 2014-04-03 12:14 - 00000000 ___RD () C:\Users\Aj\Dropbox
2014-03-23 21:08 - 2014-03-23 21:08 - 00001009 _____ () C:\Users\Aj\Desktop\Dropbox.lnk
2014-03-23 21:07 - 2014-03-23 21:08 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\DropboxMaster
2014-03-23 21:07 - 2014-03-23 21:07 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-23 21:04 - 2014-04-03 12:14 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Dropbox
2014-03-23 21:04 - 2014-03-23 21:04 - 36813664 _____ (Dropbox, Inc.) C:\Users\Aj\Downloads\Dropbox 2.6.20.exe
2014-03-23 20:22 - 2014-03-23 20:22 - 00003544 ____N () C:\bootsqm.dat
2014-03-21 11:01 - 2014-03-21 11:01 - 00000000 ____D () C:\Users\Aj\Documents\RPGVXAce
2014-03-21 09:02 - 2014-03-21 09:02 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Warsow 1.0
2014-03-21 09:00 - 2014-03-21 09:00 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Warsow 1.02
2014-03-21 08:33 - 2014-03-21 08:33 - 00000000 ____D () C:\Program Files (x86)\Enterbrain
2014-03-20 16:35 - 2014-03-20 16:35 - 56527019 _____ () C:\Users\Aj\Downloads\Fallout_Bible_gog.zip
2014-03-19 16:16 - 2014-03-19 16:16 - 00000000 ____D () C:\Users\Aj\Downloads\omikron_wallpaper
2014-03-19 16:15 - 2014-03-19 16:15 - 02295705 _____ () C:\Users\Aj\Downloads\omikron_wallpaper.zip
2014-03-19 16:11 - 2014-03-19 16:11 - 00000000 ____D () C:\Users\Aj\Downloads\outlast_wallpaper
2014-03-19 16:10 - 2014-03-19 16:10 - 01277348 _____ () C:\Users\Aj\Downloads\outlast_wallpaper.zip
2014-03-19 13:35 - 2014-03-19 13:35 - 00000000 ____D () C:\Program Files (x86)\Blackboard
2014-03-17 20:25 - 2014-03-17 20:25 - 00001639 _____ () C:\Users\Public\Desktop\Outlast.lnk
2014-03-13 16:08 - 2014-03-13 16:08 - 00001393 _____ () C:\Users\Aj\Downloads\URLLink (1).acsm
2014-03-13 16:07 - 2014-03-13 16:07 - 00001393 _____ () C:\Users\Aj\Downloads\URLLink.acsm
2014-03-13 12:37 - 2014-03-13 12:38 - 00018432 _____ () C:\Users\Aj\Downloads\Viewing midterm grades.ppt
2014-03-13 08:29 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 08:29 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 08:29 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 08:29 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 08:29 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 08:29 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 08:29 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 08:29 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 08:29 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 08:29 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 08:29 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 08:29 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 08:28 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 08:28 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 08:28 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 08:28 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 08:28 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 08:28 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 08:28 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 08:28 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 08:28 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 08:28 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 08:28 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 08:28 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 08:28 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 08:28 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 08:28 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 08:28 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 08:28 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 08:28 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 08:28 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 08:28 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 08:28 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 08:28 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 08:28 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 08:28 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 08:28 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 08:28 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 08:28 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 08:28 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 08:28 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 08:28 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 08:28 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 08:28 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 08:28 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 08:28 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 08:28 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 08:28 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-12 10:50 - 2014-03-12 10:50 - 05777288 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-04 15:45 - 2014-04-03 10:11 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Malwarebytes
2014-03-04 15:32 - 2014-03-04 15:33 - 00282808 _____ () C:\windows\Minidump\030414-45645-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-04-03 12:25 - 2014-04-03 12:24 - 00013302 _____ () C:\Users\Aj\Downloads\FRST.txt
2014-04-03 12:24 - 2014-04-03 12:24 - 00000000 ____D () C:\FRST
2014-04-03 12:23 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 12:23 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 12:20 - 2013-01-03 21:55 - 01203098 _____ () C:\windows\WindowsUpdate.log
2014-04-03 12:17 - 2014-01-20 14:17 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 12:14 - 2014-03-23 21:08 - 00000000 ___RD () C:\Users\Aj\Dropbox
2014-04-03 12:14 - 2014-03-23 21:04 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Dropbox
2014-04-03 12:13 - 2014-01-20 14:17 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 12:13 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-03 12:13 - 2009-07-14 00:51 - 00050431 _____ () C:\windows\setupact.log
2014-04-03 12:11 - 2014-04-03 12:05 - 00000000 ____D () C:\AdwCleaner
2014-04-03 12:03 - 2014-04-03 12:03 - 02157056 _____ (Farbar) C:\Users\Aj\Downloads\FRST64.exe
2014-04-03 12:02 - 2014-04-03 12:02 - 01426178 _____ () C:\Users\Aj\Downloads\adwcleaner.exe
2014-04-03 11:59 - 2013-01-05 15:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 11:27 - 2014-04-03 11:27 - 00001048 _____ () C:\mbam.txt
2014-04-03 10:13 - 2014-04-03 10:11 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 10:11 - 2014-04-03 10:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 10:11 - 2014-03-04 15:45 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Malwarebytes
2014-04-03 10:11 - 2013-01-04 20:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 10:07 - 2014-04-03 10:07 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Aj\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-04-02 15:30 - 2013-01-05 16:50 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\TP
2014-03-30 21:22 - 2014-03-30 21:22 - 00018492 _____ () C:\Users\Aj\Documents\DDS.txt
2014-03-30 21:21 - 2014-03-30 21:21 - 00010904 _____ () C:\Users\Aj\Documents\Attach.txt
2014-03-30 21:13 - 2014-03-30 21:13 - 00010904 _____ () C:\Users\Aj\Desktop\attach.txt
2014-03-30 21:12 - 2014-03-30 21:13 - 00018492 _____ () C:\Users\Aj\Desktop\dds.txt
2014-03-30 21:09 - 2014-03-30 21:08 - 00688992 ____R (Swearware) C:\Users\Aj\Downloads\dds.com
2014-03-29 09:16 - 2013-01-13 22:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-29 08:44 - 2013-01-04 00:42 - 00001945 _____ () C:\windows\epplauncher.mif
2014-03-29 08:43 - 2013-01-04 00:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-29 08:43 - 2013-01-04 00:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-28 19:10 - 2009-07-14 01:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-27 22:11 - 2014-01-20 14:17 - 00003886 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 22:11 - 2014-01-20 14:17 - 00003634 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 19:04 - 2013-11-18 17:24 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\uTorrent
2014-03-27 17:10 - 2013-01-05 16:50 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-26 22:06 - 2013-02-14 18:54 - 00000000 ____D () C:\Program Files\Lx_cats
2014-03-26 09:39 - 2014-03-26 08:45 - 00000000 ____D () C:\Users\Aj\Downloads\Chapter 01
2014-03-26 08:49 - 2013-07-15 07:14 - 00000000 ____D () C:\windows\system32\MRT
2014-03-26 08:45 - 2014-03-26 08:44 - 00063333 _____ () C:\Users\Aj\Downloads\Chapter 01.zip
2014-03-26 08:39 - 2013-01-05 01:16 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-25 15:39 - 2014-03-25 15:38 - 02486272 _____ () C:\Users\Aj\Downloads\PCAST March 3, 2003.ppt
2014-03-23 21:08 - 2014-03-23 21:08 - 00001009 _____ () C:\Users\Aj\Desktop\Dropbox.lnk
2014-03-23 21:08 - 2014-03-23 21:07 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\DropboxMaster
2014-03-23 21:08 - 2013-01-05 16:21 - 00000000 ____D () C:\Users\Aj
2014-03-23 21:07 - 2014-03-23 21:07 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-23 21:07 - 2013-01-05 16:21 - 00000000 ___RD () C:\Users\Aj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-23 21:04 - 2014-03-23 21:04 - 36813664 _____ (Dropbox, Inc.) C:\Users\Aj\Downloads\Dropbox 2.6.20.exe
2014-03-23 20:50 - 2013-01-03 23:28 - 00000000 ____D () C:\Users\Laptop
2014-03-23 20:49 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-03-23 20:22 - 2014-03-23 20:22 - 00003544 ____N () C:\bootsqm.dat
2014-03-21 11:01 - 2014-03-21 11:01 - 00000000 ____D () C:\Users\Aj\Documents\RPGVXAce
2014-03-21 09:02 - 2014-03-21 09:02 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Warsow 1.0
2014-03-21 09:00 - 2014-03-21 09:00 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Warsow 1.02
2014-03-21 08:33 - 2014-03-21 08:33 - 00000000 ____D () C:\Program Files (x86)\Enterbrain
2014-03-20 16:35 - 2014-03-20 16:35 - 56527019 _____ () C:\Users\Aj\Downloads\Fallout_Bible_gog.zip
2014-03-19 16:16 - 2014-03-19 16:16 - 00000000 ____D () C:\Users\Aj\Downloads\omikron_wallpaper
2014-03-19 16:15 - 2014-03-19 16:15 - 02295705 _____ () C:\Users\Aj\Downloads\omikron_wallpaper.zip
2014-03-19 16:11 - 2014-03-19 16:11 - 00000000 ____D () C:\Users\Aj\Downloads\outlast_wallpaper
2014-03-19 16:10 - 2014-03-19 16:10 - 01277348 _____ () C:\Users\Aj\Downloads\outlast_wallpaper.zip
2014-03-19 13:35 - 2014-03-19 13:35 - 00000000 ____D () C:\Program Files (x86)\Blackboard
2014-03-17 20:40 - 2013-07-12 22:50 - 00000000 ____D () C:\Users\Aj\Documents\My Games
2014-03-17 20:28 - 2010-03-23 21:12 - 00235161 _____ () C:\windows\DirectX.log
2014-03-17 20:25 - 2014-03-17 20:25 - 00001639 _____ () C:\Users\Public\Desktop\Outlast.lnk
2014-03-17 20:14 - 2013-12-12 19:17 - 00000000 ____D () C:\GOG Games
2014-03-15 08:54 - 2009-07-14 00:45 - 00376360 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-15 08:53 - 2013-03-16 10:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 08:53 - 2013-03-16 10:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 08:53 - 2010-03-23 21:29 - 00486456 _____ () C:\windows\PFRO.log
2014-03-15 08:33 - 2013-01-03 22:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 18:43 - 2013-07-16 17:02 - 00000000 ____D () C:\Users\Aj\Documents\Thief - Deadly Shadows
2014-03-13 16:08 - 2014-03-13 16:08 - 00001393 _____ () C:\Users\Aj\Downloads\URLLink (1).acsm
2014-03-13 16:07 - 2014-03-13 16:07 - 00001393 _____ () C:\Users\Aj\Downloads\URLLink.acsm
2014-03-13 12:38 - 2014-03-13 12:37 - 00018432 _____ () C:\Users\Aj\Downloads\Viewing midterm grades.ppt
2014-03-12 10:51 - 2013-01-05 15:08 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:51 - 2013-01-05 15:08 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 10:51 - 2013-01-05 15:08 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 10:50 - 2014-03-12 10:50 - 05777288 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 16:12 - 2013-11-18 17:29 - 00000000 ____D () C:\[Fuwanovel] Ever 17 -English-
2014-03-11 09:52 - 2012-08-30 23:03 - 00133928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NisDrvWFP.sys
2014-03-10 15:18 - 2014-02-03 12:12 - 00002048 _____ () C:\Users\Aj\Downloads\CorruptedROM.srm
2014-03-10 15:18 - 2014-02-02 21:57 - 04194816 _____ () C:\Users\Aj\Downloads\CorruptedROM
2014-03-09 00:38 - 2014-01-12 14:58 - 00000000 ____D () C:\Users\Aj\Documents\Telltale Games
2014-03-06 10:13 - 2013-04-26 09:07 - 00775084 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-05 09:26 - 2014-04-03 10:11 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-03 10:11 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2013-01-04 20:28 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-04 16:00 - 2013-09-27 19:29 - 00000000 ____D () C:\Users\Aj\AppData\Roaming\Spotify
2014-03-04 15:33 - 2014-03-04 15:32 - 00282808 _____ () C:\windows\Minidump\030414-45645-01.dmp
2014-03-04 15:32 - 2013-05-23 13:06 - 00000000 ____D () C:\windows\Minidump
2014-03-04 15:32 - 2013-05-23 13:05 - 293937460 _____ () C:\windows\MEMORY.DMP
 
Some content of TEMP:
====================
C:\Users\Aj\AppData\Local\Temp\AutoRun.exe
C:\Users\Aj\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Aj\AppData\Local\Temp\bdfilters.dll
C:\Users\Aj\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Aj\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpie5h7v.dll
C:\Users\Aj\AppData\Local\Temp\eauninstall.exe
C:\Users\Aj\AppData\Local\Temp\GUR2E99.exe
C:\Users\Aj\AppData\Local\Temp\mgxfonts.exe
C:\Users\Aj\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Aj\AppData\Local\Temp\NGM.exe
C:\Users\Aj\AppData\Local\Temp\NGMDll.dll
C:\Users\Aj\AppData\Local\Temp\NGMResource.dll
C:\Users\Aj\AppData\Local\Temp\NGMSetup.exe
C:\Users\Aj\AppData\Local\Temp\Quarantine.exe
C:\Users\Aj\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aj\AppData\Local\Temp\SSMInstaller64.exe
C:\Users\Aj\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Aj\AppData\Local\Temp\unicows.dll
C:\Users\Aj\AppData\Local\Temp\VP6Install.exe
C:\Users\Aj\AppData\Local\Temp\VP6VFW.dll
C:\Users\Aj\AppData\Local\Temp\_is65CA.exe
C:\Users\Laptop\AppData\Local\Temp\AutoRun.exe
C:\Users\Laptop\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Laptop\AppData\Local\Temp\VP6Install.exe
C:\Users\Laptop\AppData\Local\Temp\VP6VFW.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-06 18:40
 
==================== End Of Log ============================
 
I am still getting the error mentioned in the first post, that my hard drive is dying,and I must backup immediately. There have been no issues with the computer, and everything appears to be working fine. I haven't run the backup through this error message for fear that there may be something malicious behind it, but I've already backed up irreplaceable files. Thank you for your help.

Attached Files


Edited by fonz26, 03 April 2014 - 11:44 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 03 April 2014 - 01:23 PM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM\...\Run: [] - [X]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9585D94E-47B8-4A08-B377-4B4DDF9D2295} URL =
SearchScopes: HKCU - {B0B21DB5-3C68-41C0-8F60-B278D17A81B6} URL =
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
C:\Users\Aj\AppData\Local\Temp\AutoRun.exe
C:\Users\Aj\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Aj\AppData\Local\Temp\bdfilters.dll
C:\Users\Aj\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Aj\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpie5h7v.dll
C:\Users\Aj\AppData\Local\Temp\eauninstall.exe
C:\Users\Aj\AppData\Local\Temp\GUR2E99.exe
C:\Users\Aj\AppData\Local\Temp\mgxfonts.exe
C:\Users\Aj\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Aj\AppData\Local\Temp\NGM.exe
C:\Users\Aj\AppData\Local\Temp\NGMDll.dll
C:\Users\Aj\AppData\Local\Temp\NGMResource.dll
C:\Users\Aj\AppData\Local\Temp\NGMSetup.exe
C:\Users\Aj\AppData\Local\Temp\SSMInstaller64.exe
C:\Users\Aj\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Aj\AppData\Local\Temp\unicows.dll
C:\Users\Aj\AppData\Local\Temp\VP6Install.exe
C:\Users\Aj\AppData\Local\Temp\VP6VFW.dll
C:\Users\Aj\AppData\Local\Temp\_is65CA.exe
C:\Users\Laptop\AppData\Local\Temp\AutoRun.exe
C:\Users\Laptop\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Laptop\AppData\Local\Temp\VP6Install.exe
C:\Users\Laptop\AppData\Local\Temp\VP6VFW.dll

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

====

Did you ever used Steam?
I do not see any refefences in your logs?

Was a Check disk ever run on this Hard Drive.
From an Elevated Prompt execute CHKDSK c: and see if some problems are identified.
How TO:
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#5 fonz26

fonz26
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 03 April 2014 - 05:02 PM

FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Aj at 2014-04-03 17:20:34 Run:1
Running from C:\Users\Aj\Downloads\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [] - [X]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9585D94E-47B8-4A08-B377-4B4DDF9D2295} URL =
SearchScopes: HKCU - {B0B21DB5-3C68-41C0-8F60-B278D17A81B6} URL =
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
C:\Users\Aj\AppData\Local\Temp\AutoRun.exe
C:\Users\Aj\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Aj\AppData\Local\Temp\bdfilters.dll
C:\Users\Aj\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Aj\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpie5h7v.dll
C:\Users\Aj\AppData\Local\Temp\eauninstall.exe
C:\Users\Aj\AppData\Local\Temp\GUR2E99.exe
C:\Users\Aj\AppData\Local\Temp\mgxfonts.exe
C:\Users\Aj\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Aj\AppData\Local\Temp\NGM.exe
C:\Users\Aj\AppData\Local\Temp\NGMDll.dll
C:\Users\Aj\AppData\Local\Temp\NGMResource.dll
C:\Users\Aj\AppData\Local\Temp\NGMSetup.exe
C:\Users\Aj\AppData\Local\Temp\SSMInstaller64.exe
C:\Users\Aj\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Aj\AppData\Local\Temp\unicows.dll
C:\Users\Aj\AppData\Local\Temp\VP6Install.exe
C:\Users\Aj\AppData\Local\Temp\VP6VFW.dll
C:\Users\Aj\AppData\Local\Temp\_is65CA.exe
C:\Users\Laptop\AppData\Local\Temp\AutoRun.exe
C:\Users\Laptop\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Laptop\AppData\Local\Temp\VP6Install.exe
C:\Users\Laptop\AppData\Local\Temp\VP6VFW.dll
 
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9585D94E-47B8-4A08-B377-4B4DDF9D2295} => Key deleted successfully.
HKCR\CLSID\{9585D94E-47B8-4A08-B377-4B4DDF9D2295} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B0B21DB5-3C68-41C0-8F60-B278D17A81B6} => Key deleted successfully.
HKCR\CLSID\{B0B21DB5-3C68-41C0-8F60-B278D17A81B6} => Key not found.
HKCR\PROTOCOLS\Handler\belarc => Key deleted successfully.
HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\Aj\AppData\Local\Temp\AutoRun.exe => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\bdfilters.dll => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\drm_dyndata_7400006.dll => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpie5h7v.dll => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\eauninstall.exe => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\GUR2E99.exe => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\mgxfonts.exe => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\MgxVistaTools.dll => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\NGM.exe => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\NGMDll.dll => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\NGMResource.dll => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\NGMSetup.exe => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\SSMInstaller64.exe => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\unicows.dll => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\VP6Install.exe => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\VP6VFW.dll => Moved successfully.
C:\Users\Aj\AppData\Local\Temp\_is65CA.exe => Moved successfully.
C:\Users\Laptop\AppData\Local\Temp\AutoRun.exe => Moved successfully.
C:\Users\Laptop\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully.
C:\Users\Laptop\AppData\Local\Temp\VP6Install.exe => Moved successfully.
C:\Users\Laptop\AppData\Local\Temp\VP6VFW.dll => Moved successfully.
 
==== End of Fixlog ====
 
I do have Steam, but I haven't used it recently and got rid of most of the games.
I ran a chkdsk through admin the first day I got this error. Everything was normal but one line, "windows replaced bad clusters in file 254647 of name \PROGRA~2\Steam\STEAMA~1\SOA66A~1.GCF" The end of the log also said that it had 4KB of bad clusters.
 
ComboFix
 
ComboFix 14-04-03.01 - Aj 04/03/2014  17:39:16.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.1760 [GMT -4:00]
Running from: c:\users\Aj\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{604A0973-F657-46CF-8F55-5201E21F976F}.xps
c:\users\Aj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{734EE525-CDBB-4CE4-9CF0-6984C93D79F0}.xps
c:\users\Aj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8B0C7934-725B-4D6B-8F0C-794530EDE93D}.xps
c:\users\Aj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8E9C2393-1A3B-4D9A-A393-16A55BC9008D}.xps
c:\users\Aj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AEC488AA-DAFE-41FB-A3C8-8075A0DD2439}.xps
c:\users\Aj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D3AA7327-7AC0-4ECA-A54A-7E152D732BEC}.xps
c:\users\Aj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD90438E-6BB4-40A2-A0AC-BA17B396ED68}.xps
c:\users\Aj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\windows\SysWow64\tmpA8BE.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-03 to 2014-04-03  )))))))))))))))))))))))))))))))
.
.
2014-04-03 21:50 . 2014-04-03 21:50 -------- d-----w- c:\users\Laptop\AppData\Local\temp
2014-04-03 21:50 . 2014-04-03 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-03 16:24 . 2014-04-03 21:20 -------- d-----w- C:\FRST
2014-04-03 16:05 . 2014-04-03 16:11 -------- d-----w- C:\AdwCleaner
2014-04-03 14:11 . 2014-04-03 16:33 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 14:11 . 2014-03-05 13:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 14:11 . 2014-04-03 14:11 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-03 14:11 . 2014-03-05 13:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 13:25 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4347280D-7D54-41D0-A430-24AB7F16CAB1}\mpengine.dll
2014-04-01 20:01 . 2014-02-20 17:25 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B0D2ED2-8DA0-4C75-AF41-C0F23FDD8089}\gapaengine.dll
2014-04-01 20:00 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-24 01:08 . 2014-04-03 16:14 -------- d-----r- c:\users\Aj\Dropbox
2014-03-24 01:04 . 2014-04-03 16:14 -------- d-----w- c:\users\Aj\AppData\Roaming\Dropbox
2014-03-21 14:58 . 2014-03-21 14:58 -------- d-----w- c:\program files (x86)\Common Files\Enterbrain
2014-03-21 13:02 . 2014-03-21 13:02 -------- d-----w- c:\users\Aj\AppData\Roaming\Warsow 1.0
2014-03-21 12:33 . 2014-03-21 12:33 -------- d-----w- c:\program files (x86)\Enterbrain
2014-03-19 17:35 . 2014-03-19 17:35 -------- d-----w- c:\program files (x86)\Blackboard
2014-03-13 12:28 . 2014-03-01 22:02 808152 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2014-03-12 14:50 . 2014-03-12 14:50 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-26 12:39 . 2013-01-05 05:16 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 14:51 . 2013-01-05 19:08 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 14:51 . 2013-01-05 19:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 13:52 . 2012-08-31 03:03 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-05 13:26 . 2013-01-05 00:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-20 17:25 . 2013-03-12 18:06 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-27 04:19 . 2014-01-27 04:19 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-01-27 04:19 . 2014-01-27 04:19 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-01-27 04:19 . 2014-01-27 04:19 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-01-27 04:19 . 2014-01-27 04:19 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-27 04:19 . 2014-01-27 04:19 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-01-27 04:19 . 2014-01-27 04:19 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-27 04:19 . 2014-01-27 04:19 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-01-27 04:19 . 2014-01-27 04:19 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-01-27 04:19 . 2014-01-27 04:19 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-01-27 04:19 . 2014-01-27 04:19 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-01-27 04:19 . 2014-01-27 04:19 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-01-27 04:19 . 2014-01-27 04:19 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-01-27 04:19 . 2014-01-27 04:19 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-27 04:19 . 2014-01-27 04:19 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-01-27 04:19 . 2014-01-27 04:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-01-27 04:19 . 2014-01-27 04:19 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-01-27 04:19 . 2014-01-27 04:19 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-01-27 04:19 . 2014-01-27 04:19 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-01-27 04:19 . 2014-01-27 04:19 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-01-27 04:19 . 2014-01-27 04:19 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-27 04:19 . 2014-01-27 04:19 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-27 04:19 . 2014-01-27 04:19 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-01-27 04:19 . 2014-01-27 04:19 247808 ----a-w- c:\windows\system32\msls31.dll
2014-01-27 04:19 . 2014-01-27 04:19 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-01-27 04:19 . 2014-01-27 04:19 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-27 04:19 . 2014-01-27 04:19 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-27 04:19 . 2014-01-27 04:19 81408 ----a-w- c:\windows\system32\icardie.dll
2014-01-27 04:19 . 2014-01-27 04:19 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-01-27 04:19 . 2014-01-27 04:19 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-01-27 04:19 . 2014-01-27 04:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-27 04:19 . 2014-01-27 04:19 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-01-27 04:19 . 2014-01-27 04:19 413696 ----a-w- c:\windows\system32\html.iec
2014-01-27 04:19 . 2014-01-27 04:19 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-27 04:19 . 2014-01-27 04:19 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-27 04:19 . 2014-01-27 04:19 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-01-27 04:19 . 2014-01-27 04:19 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-01-27 04:19 . 2014-01-27 04:19 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-01-27 04:19 . 2014-01-27 04:19 235520 ----a-w- c:\windows\system32\url.dll
2014-01-27 04:19 . 2014-01-27 04:19 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-01-27 04:19 . 2014-01-27 04:19 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-27 04:19 . 2014-01-27 04:19 101376 ----a-w- c:\windows\system32\inseng.dll
2014-01-27 04:19 . 2014-01-27 04:19 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-01-27 04:19 . 2014-01-27 04:19 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-27 04:19 . 2014-01-27 04:19 774144 ----a-w- c:\windows\system32\jscript.dll
2014-01-27 04:19 . 2014-01-27 04:19 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-01-27 04:19 . 2014-01-27 04:19 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-01-27 04:19 . 2014-01-27 04:19 147968 ----a-w- c:\windows\system32\occache.dll
2014-01-27 04:19 . 2014-01-27 04:19 143872 ----a-w- c:\windows\system32\wextract.exe
2014-01-27 04:19 . 2014-01-27 04:19 13824 ----a-w- c:\windows\system32\mshta.exe
2014-01-27 04:19 . 2014-01-27 04:19 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-01-27 04:19 . 2014-01-27 04:19 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-01-25 05:19 . 2014-01-25 05:19 268512 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:33 . 2013-01-04 04:22 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Aj\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Aj\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Aj\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 642304]
.
c:\users\Aj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Aj\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-3-12 32665048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:50 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 14:51]
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 18:17]
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 18:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Aj\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Aj\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Aj\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Aj\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-01-29 517176]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"lxctmon.exe"="c:\program files (x86)\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Aj\AppData\Roaming\Mozilla\Firefox\Profiles\r9vjuznj.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-Fallout Tactics - c:\gog games\Fallout Tactics\unins000.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-03  17:55:21
ComboFix-quarantined-files.txt  2014-04-03 21:55
.
Pre-Run: 169,192,505,344 bytes free
Post-Run: 170,464,481,280 bytes free
.
- - End Of File - - D5C86426B9466A87622E68C84C7C93B4
5B5E648D12FCADC244C1EC30318E1EB9


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 04 April 2014 - 07:23 AM


When executing the CHKDSK did you use the /f or /x switch to fix the drive?

http://technet.microsoft.com/en-us/magazine/ee872425.aspx

The complete syntax for Check Disk is as follows:
CHKDSK [volume[[path]filename]] [/F] [/V] [/R] [/X] [/i] [/C] [/L[:size]]

chkdsk C: /f

or

chkdsk C: /x


In case you need to use the Elevated command.
How to start an Elevated Command Prompt in Windows 7 and Vista
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/

Keep me posted.

#7 fonz26

fonz26
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 04 April 2014 - 08:51 AM

Does running it through the command line make a difference? I ran the chkdsk just by going to C:/ Properties, then checking the boxes that read, "Automatically fix file system errors," and, "Scan for and attempt recovery of bad sectors." Would the F/X switch do something different?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 04 April 2014 - 12:57 PM

If it did not work first as suggested please try the\x switch.

chkdsk C: /x




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users