Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CJ.dotomi??


  • This topic is locked This topic is locked
13 replies to this topic

#1 mikey3592

mikey3592

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2014 - 07:39 AM

Well, I have no clue what this is but everytime i click on a hyperlink my browser, be it google chrome or firefox, just redirects me to this and its just a blank page. 

Im posting here because i googled CJ.dotomi and all i see is virus this and virus that but im not too sure about those sites and i did find one link on google that led me here and i read the post but i didnt think it was safe to follow those steps because the situation could be different so i decided to make a new topic.

 

Thanks in advance

 

 

 http://cj.dotomi.com/pk97wktsA/krw/98CC8GHF/CCGDGD8/8/8/8?q=a7xs%3DOXKpB7R5Ttdea35xYwZHIPF_Do9FJ_F_F_F%26960%3Dw884%25IP%25HU%25HUBBB.2tBtvv.r31%25HUe63s9r8%25HUe63s9r8.p74C%25IUhXS%25ISOXKpB7R5Ttdea35xYwZHIPF_Do9FJ_F_F_F%25HLPXS%25ISGFJJFNOM%25HLeXS%25ISGHHKHLM%25HL21_1r%25ISPUR-RNY92r8x32%25HLr1_11r%25ISPUR-RNY92r8x32-_-rpq0t7-_-2p-_-2p%25HLX8t1%25ISMO-HFF-NKO%3C%3Cw884%3A%2F%2FBBB.ys353rD.r31%3ANF%2Fr0xrz-JJNKNKF-GFJJFNOM%3C%3CV%3Cw884%3A%2F%2F70xrzstp07.2t8%2Fu%2FLNJNNMN-2tBtvv-vp1x2v-q03B398-7p0t-0tv3-1p6At0-794t6-wt63t7-47J-HK-qp81p2-p6zwp1-36xvx27-HF-Cq3C-vxu8-rp6s-HK-7zD6x1-GF-794t6-09xvx-9-GK-1p2D-136t-u6tt-7wx44x2v%3C

 

 

Heres the dds log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Michael at 8:37:37 on 2014-04-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8150.5388 [GMT -4:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\viakaraokesrv.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HAUPPA~1.LNK - C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{82F5AD9A-80D0-4D80-AA94-D61DA314D447} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\86xlqdjx.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-1-8 84536]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-8 16152]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2014-1-8 21616]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-1-8 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-11-11 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-11-11 178448]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-1-8 169432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-8 1615192]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-8 20541216]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-11 411936]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-9 4915040]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2014-1-8 27792]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2014-2-6 65408]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2014-2-6 94208]
R3 HcwDevCentralService;HcwDevCentralService;C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [2014-1-8 395536]
R3 hcwE5bda;Hauppauge Siena Video Capture;C:\Windows\System32\drivers\hcwE5bda.sys [2014-1-8 968792]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-8 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-8 787736]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C60x64.sys [2014-1-8 121032]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-4-7 40392]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2014-1-8 2206352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;C:\Windows\System32\drivers\CMUSBDAC.sys [2013-10-15 386560]
S3 ElgatoGC658Y;Elgato Game Capture;C:\Windows\System32\drivers\ElgatoGC658.sys [2012-11-12 50288]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2014-3-7 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-8 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-4-7 31800]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-8 30208]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-12-18 113936]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-04-09 12:13:03 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-04-09 12:13:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-04-09 03:54:27 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-04-08 14:48:41 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-08 14:42:25 -------- d-----w- C:\Windows\ERUNT
2014-04-08 14:30:53 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-08 14:30:53 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-08 14:30:53 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-08 14:30:53 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-08 14:30:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-08 12:17:26 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-04-08 12:17:26 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-04-08 12:16:51 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A2370A0-E371-44A7-BF7B-D0D0503B5A68}\mpengine.dll
2014-04-08 02:18:30 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-04-08 02:18:30 33568 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-04-07 16:25:45 -------- d-----w- C:\Users\Michael\AppData\Local\VS Revo Group
2014-04-07 16:25:39 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2014-04-07 16:25:39 -------- d-----w- C:\ProgramData\VS Revo Group
2014-04-07 16:25:38 -------- d-----w- C:\Program Files\VS Revo Group
2014-04-07 16:20:46 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-04-07 16:20:46 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-04-07 00:04:23 -------- d-----w- C:\ProgramData\GRETECH
2014-04-02 13:34:36 -------- d-----w- C:\Users\Michael\AppData\Roaming\library_dir
2014-03-31 21:39:10 -------- d-----w- C:\Users\Michael\AppData\Roaming\3909
2014-03-31 02:18:22 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2014-03-31 02:18:22 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2014-03-27 20:41:48 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2014-03-26 12:28:07 -------- d-----w- C:\Users\Michael\AppData\Roaming\Elgato
2014-03-21 20:09:57 -------- d-----w- C:\Users\Michael\AppData\Roaming\Wireshark
2014-03-21 19:12:30 252704 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2014-03-21 19:12:03 126752 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-03-21 19:12:01 -------- d-----w- C:\Program Files\Oracle
2014-03-21 18:50:27 -------- d-----w- C:\Program Files (x86)\WinPcap
2014-03-21 18:50:00 -------- d-----w- C:\Program Files\Wireshark
2014-03-13 00:13:32 5297368 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-03-13 00:13:32 4994752 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-03-13 00:09:54 202432 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
2014-03-13 00:09:42 964824 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll
2014-03-13 00:09:42 1179864 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll
2014-03-13 00:09:36 7129304 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-03-13 00:09:36 6703296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-03-13 00:09:36 2226344 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\RICHED20.DLL
2014-03-12 20:52:31 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-12 20:52:31 -------- d-----w- C:\Program Files\iTunes
2014-03-12 20:52:31 -------- d-----w- C:\Program Files\iPod
2014-03-12 20:52:31 -------- d-----w- C:\Program Files (x86)\iTunes
2014-03-12 20:49:57 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-12 20:49:57 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-12 20:49:57 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-12 20:49:57 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-12 20:49:57 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-12 20:49:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-03-12 20:49:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-03-12 20:49:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-03-12 20:49:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-03-12 20:49:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-03-12 12:09:53 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 12:09:53 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 12:09:52 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 12:09:52 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-11 20:22:15 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M  ====================
.
2014-04-02 13:27:17 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-04-02 13:27:05 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-04-02 12:23:40 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2014-04-02 12:23:39 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-03-21 19:43:50 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-12 04:10:05 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 04:10:05 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-25 22:27:38 154912 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2014-02-25 22:27:38 140576 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2014-02-25 22:24:28 204064 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2014-02-24 17:43:46 118840 ----a-w- C:\Windows\SysWow64\hcwi2c32.dll
2014-02-08 18:34:51 1885472 ----a-w- C:\Windows\System32\nvdispco6433489.dll
2014-02-08 18:34:51 1515296 ----a-w- C:\Windows\System32\nvdispgenco6433489.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-24 02:37:55 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-01-23 20:05:00 1683112 ----a-w- C:\Windows\System32\FM20.DLL
2014-01-19 18:55:42 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-17 20:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 20:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH:  8:38:05.91 ===============
 

 

 



BC AdBot (Login to Remove)

 


m

#2 mikey3592

mikey3592
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2014 - 07:40 AM

Please Delete


Edited by mikey3592, 10 April 2014 - 07:44 AM.


#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 10 April 2014 - 08:12 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please add the attach.txt. Also, do the following:

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 mikey3592

mikey3592
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2014 - 08:52 AM

Hello TB-Psychotic and thanks for helping me out

 

 

I tried to run Gmer but when i open it up it says C:/windows/system32/config/system: The process cannot access the file because it is being used by another process. I then proceed to scan but the same message appears. I dont know if this is suppose to happen but here is the log

 

GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-04-10 09:46:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST1000DM005_HD103SJ rev.1AJ10001 931.51GB
Running: 3mgf5qnz.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwliifow.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4480:4736]  000007fefb552a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4480:4744]  000007feeaac4830
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4480:4964]  000007fef44c5124
Thread  C:\Windows\System32\svchost.exe [4868:5172]                     000007fef4e59688
 
---- EOF - GMER 2.1 ----
 
I have attached the TDSS log, Nothing was found during the scan.


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 11 April 2014 - 08:04 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 mikey3592

mikey3592
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 11 April 2014 - 08:38 AM

ComboFix 14-04-09.02 - Michael 04/11/2014   9:31.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8150.5325 [GMT -4:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-11 to 2014-04-11  )))))))))))))))))))))))))))))))
.
.
2014-04-11 13:35 . 2014-04-11 13:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-11 12:20 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5A9E428-15C8-4A85-AC28-0EF283D6AD2D}\mpengine.dll
2014-04-10 13:17 . 2014-04-10 13:17 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2014-04-09 12:13 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll
2014-04-09 12:13 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-09 12:13 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-09 03:54 . 2014-03-15 08:41 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-04-08 14:48 . 2014-04-08 14:49 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-08 14:42 . 2014-04-08 14:54 -------- d-----w- c:\windows\ERUNT
2014-04-08 14:30 . 2014-04-08 14:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-08 14:30 . 2014-04-08 14:30 -------- d-----w- c:\programdata\Malwarebytes
2014-04-08 14:30 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-08 14:30 . 2014-04-03 13:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-08 14:30 . 2014-04-03 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-08 12:17 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-04-08 12:17 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-04-08 02:18 . 2014-03-21 19:43 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-04-08 02:18 . 2014-03-21 19:43 33568 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-04-07 16:25 . 2014-04-07 16:25 -------- d-----w- c:\users\Michael\AppData\Local\VS Revo Group
2014-04-07 16:25 . 2014-04-07 16:25 -------- d-----w- c:\programdata\VS Revo Group
2014-04-07 16:25 . 2009-12-30 14:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-04-07 16:25 . 2014-04-07 16:25 -------- d-----w- c:\program files\VS Revo Group
2014-04-07 16:20 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-07 16:20 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-04-07 00:04 . 2014-04-07 00:04 -------- d-----w- c:\programdata\GRETECH
2014-04-02 20:28 . 2014-04-02 20:28 -------- d-----w- c:\program files\Microsoft.NET
2014-04-02 13:34 . 2014-04-02 13:34 -------- d-----w- c:\users\Michael\AppData\Roaming\library_dir
2014-03-31 21:39 . 2014-03-31 21:39 -------- d-----w- c:\users\Michael\AppData\Roaming\3909
2014-03-31 02:18 . 2014-03-31 02:18 -------- d-----w- c:\programdata\SystemRequirementsLab
2014-03-31 02:18 . 2014-03-31 02:18 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2014-03-27 20:41 . 2014-03-27 20:41 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-03-26 12:28 . 2014-03-26 12:30 -------- d-----w- c:\users\Michael\AppData\Roaming\Elgato
2014-03-21 20:09 . 2014-03-21 20:09 -------- d-----w- c:\users\Michael\AppData\Roaming\Wireshark
2014-03-21 19:12 . 2014-02-25 22:31 252704 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-03-21 19:12 . 2014-02-25 22:27 126752 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-03-21 19:12 . 2014-03-21 19:12 -------- d-----w- c:\program files\Oracle
2014-03-21 18:50 . 2014-03-21 18:50 -------- d-----w- c:\program files (x86)\WinPcap
2014-03-21 18:50 . 2014-03-21 18:50 -------- d-----w- c:\program files\Wireshark
2014-03-13 00:13 . 2014-03-13 00:13 5297368 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-03-13 00:13 . 2014-03-13 00:13 4994752 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-03-13 00:09 . 2014-03-13 00:09 202432 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
2014-03-13 00:09 . 2014-03-13 00:09 964824 ----a-w- c:\program files\Common Files\Microsoft Shared\Filters\odffilt.dll
2014-03-13 00:09 . 2014-03-13 00:09 1179864 ----a-w- c:\program files\Common Files\Microsoft Shared\Filters\offfiltx.dll
2014-03-13 00:09 . 2014-03-13 00:09 7129304 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-03-13 00:09 . 2014-03-13 00:09 6703296 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-03-13 00:09 . 2014-03-13 00:09 2226344 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\RICHED20.DLL
2014-03-12 20:52 . 2014-03-12 20:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-12 20:52 . 2014-03-12 20:52 -------- d-----w- c:\program files\iTunes
2014-03-12 20:52 . 2014-03-12 20:52 -------- d-----w- c:\program files (x86)\iTunes
2014-03-12 20:52 . 2014-03-12 20:52 -------- d-----w- c:\program files\iPod
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-03-12 20:49 . 2014-03-12 20:49 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 19:13 . 2014-01-08 07:04 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-02 13:27 . 2014-01-08 06:17 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-02 13:27 . 2014-01-08 06:17 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
2014-04-02 12:23 . 2012-08-02 20:09 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-04-02 12:23 . 2013-11-12 03:18 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-03-21 19:43 . 2014-01-08 06:16 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-03-12 04:10 . 2014-01-08 07:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 04:10 . 2014-01-08 07:52 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2014-03-11 20:19 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-03-11 20:19 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-11 20:19 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-11 20:19 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-11 20:19 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-11 20:19 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-11 20:19 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-11 20:19 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-03-11 20:19 484296 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-03-04 14:35 . 2014-03-11 20:19 409544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-04 14:35 . 2014-03-11 20:19 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-11 20:19 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-03-11 20:19 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-11 20:19 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-03-11 20:19 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-11 20:19 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-03-11 20:19 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-11 20:19 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-11 20:19 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-11 20:19 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-11 20:19 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-11 20:19 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-11 20:19 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-11 20:19 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-03-11 20:19 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-03-11 20:19 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-11 20:19 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-03-11 20:19 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-11 20:19 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-03-11 20:19 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 14:35 . 2014-02-18 18:39 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2014-01-08 05:43 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2014-01-08 05:43 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-04 14:35 . 2014-01-08 05:42 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-01-08 05:42 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2014-01-08 05:42 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2014-01-08 05:42 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 13:06 . 2014-01-08 05:43 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2014-01-08 05:43 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-01-08 05:43 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2014-01-08 05:43 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2014-01-08 05:43 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2014-01-08 05:43 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-03-11 20:22 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:17 . 2014-04-09 12:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-01 05:16 . 2014-03-12 12:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-12 12:10 2765824 ----a-w- c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-12 12:10 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-12 12:10 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-12 12:10 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-12 12:10 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-12 12:10 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-12 12:10 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-12 12:10 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-12 12:10 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-12 12:10 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-12 12:10 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-01 04:02 . 2014-03-12 12:10 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-12 12:10 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-12 12:10 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-12 12:10 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-12 12:10 627200 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-12 12:10 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-12 12:10 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-12 12:10 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-12 12:10 13051904 ----a-w- c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-12 12:10 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-12 12:10 2334208 ----a-w- c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-12 12:10 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-12 12:10 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-12 12:10 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-12 12:10 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2014-02-25 22:27 . 2014-02-25 22:27 154912 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2014-02-25 22:27 . 2014-02-25 22:27 140576 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-02-25 22:24 . 2014-02-25 22:24 204064 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2014-02-24 17:43 . 2014-01-08 13:33 118840 ----a-w- c:\windows\SysWow64\hcwi2c32.dll
2014-02-08 18:34 . 2014-02-18 18:39 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-18 18:39 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll
2014-02-07 01:23 . 2014-03-12 12:10 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 12:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 12:09 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 12:09 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 12:09 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 12:10 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 12:10 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 12:10 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-27 01:29 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-01-27 01:29 . 2009-08-18 16:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-01-23 20:05 . 2014-01-23 20:05 1683112 ----a-w- c:\windows\system32\FM20.DLL
2014-01-19 18:55 . 2014-01-19 18:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-17 20:24 . 2014-01-17 20:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-01-17 20:24 . 2014-01-17 20:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-13 00:13 1728216 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-13 00:13 1728216 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-13 00:13 1728216 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-04-02 12:22 458944 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-12 356128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hauppauge Device Properties.lnk - c:\program files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe [2014-4-6 491280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 ElgatoGC658Y;Elgato Game Capture;c:\windows\system32\Drivers\ElgatoGC658.sys;c:\windows\SYSNATIVE\Drivers\ElgatoGC658.sys [x]
R3 HcwDevCentralService;HcwDevCentralService;c:\progra~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE;c:\progra~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;c:\windows\system32\DRIVERS\CMUSBDAC.sys;c:\windows\SYSNATIVE\DRIVERS\CMUSBDAC.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 hcwE5bda;Hauppauge Siena Video Capture;c:\windows\system32\drivers\hcwE5bda.sys;c:\windows\SYSNATIVE\drivers\hcwE5bda.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 17:33 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-08 04:10]
.
2014-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08 06:09]
.
2014-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08 06:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-13 00:10 2333400 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-13 00:10 2333400 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-13 00:10 2333400 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-04-02 12:23 491200 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\86xlqdjx.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-11  09:36:46
ComboFix-quarantined-files.txt  2014-04-11 13:36
.
Pre-Run: 714,459,611,136 bytes free
Post-Run: 714,061,770,752 bytes free
.
- - End Of File - - FFCA30E9BBCC1DEB60969D8C74DF0D2E
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-04-09.02 - Michael 04/11/2014   9:31.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8150.5325 [GMT -4:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-11 to 2014-04-11  )))))))))))))))))))))))))))))))
.
.
2014-04-11 13:35 . 2014-04-11 13:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-11 12:20 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5A9E428-15C8-4A85-AC28-0EF283D6AD2D}\mpengine.dll
2014-04-10 13:17 . 2014-04-10 13:17 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2014-04-09 12:13 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll
2014-04-09 12:13 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-09 12:13 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-09 03:54 . 2014-03-15 08:41 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-04-08 14:48 . 2014-04-08 14:49 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-08 14:42 . 2014-04-08 14:54 -------- d-----w- c:\windows\ERUNT
2014-04-08 14:30 . 2014-04-08 14:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-08 14:30 . 2014-04-08 14:30 -------- d-----w- c:\programdata\Malwarebytes
2014-04-08 14:30 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-08 14:30 . 2014-04-03 13:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-08 14:30 . 2014-04-03 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-08 12:17 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-04-08 12:17 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-04-08 02:18 . 2014-03-21 19:43 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-04-08 02:18 . 2014-03-21 19:43 33568 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-04-07 16:25 . 2014-04-07 16:25 -------- d-----w- c:\users\Michael\AppData\Local\VS Revo Group
2014-04-07 16:25 . 2014-04-07 16:25 -------- d-----w- c:\programdata\VS Revo Group
2014-04-07 16:25 . 2009-12-30 14:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-04-07 16:25 . 2014-04-07 16:25 -------- d-----w- c:\program files\VS Revo Group
2014-04-07 16:20 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-07 16:20 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-04-07 00:04 . 2014-04-07 00:04 -------- d-----w- c:\programdata\GRETECH
2014-04-02 20:28 . 2014-04-02 20:28 -------- d-----w- c:\program files\Microsoft.NET
2014-04-02 13:34 . 2014-04-02 13:34 -------- d-----w- c:\users\Michael\AppData\Roaming\library_dir
2014-03-31 21:39 . 2014-03-31 21:39 -------- d-----w- c:\users\Michael\AppData\Roaming\3909
2014-03-31 02:18 . 2014-03-31 02:18 -------- d-----w- c:\programdata\SystemRequirementsLab
2014-03-31 02:18 . 2014-03-31 02:18 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2014-03-27 20:41 . 2014-03-27 20:41 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-03-26 12:28 . 2014-03-26 12:30 -------- d-----w- c:\users\Michael\AppData\Roaming\Elgato
2014-03-21 20:09 . 2014-03-21 20:09 -------- d-----w- c:\users\Michael\AppData\Roaming\Wireshark
2014-03-21 19:12 . 2014-02-25 22:31 252704 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-03-21 19:12 . 2014-02-25 22:27 126752 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-03-21 19:12 . 2014-03-21 19:12 -------- d-----w- c:\program files\Oracle
2014-03-21 18:50 . 2014-03-21 18:50 -------- d-----w- c:\program files (x86)\WinPcap
2014-03-21 18:50 . 2014-03-21 18:50 -------- d-----w- c:\program files\Wireshark
2014-03-13 00:13 . 2014-03-13 00:13 5297368 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-03-13 00:13 . 2014-03-13 00:13 4994752 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-03-13 00:09 . 2014-03-13 00:09 202432 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
2014-03-13 00:09 . 2014-03-13 00:09 964824 ----a-w- c:\program files\Common Files\Microsoft Shared\Filters\odffilt.dll
2014-03-13 00:09 . 2014-03-13 00:09 1179864 ----a-w- c:\program files\Common Files\Microsoft Shared\Filters\offfiltx.dll
2014-03-13 00:09 . 2014-03-13 00:09 7129304 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-03-13 00:09 . 2014-03-13 00:09 6703296 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-03-13 00:09 . 2014-03-13 00:09 2226344 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\RICHED20.DLL
2014-03-12 20:52 . 2014-03-12 20:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-12 20:52 . 2014-03-12 20:52 -------- d-----w- c:\program files\iTunes
2014-03-12 20:52 . 2014-03-12 20:52 -------- d-----w- c:\program files (x86)\iTunes
2014-03-12 20:52 . 2014-03-12 20:52 -------- d-----w- c:\program files\iPod
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-03-12 20:49 . 2014-03-12 20:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-03-12 20:49 . 2014-03-12 20:49 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 19:13 . 2014-01-08 07:04 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-02 13:27 . 2014-01-08 06:17 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-02 13:27 . 2014-01-08 06:17 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
2014-04-02 12:23 . 2012-08-02 20:09 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-04-02 12:23 . 2013-11-12 03:18 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-03-21 19:43 . 2014-01-08 06:16 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-03-12 04:10 . 2014-01-08 07:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 04:10 . 2014-01-08 07:52 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2014-03-11 20:19 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-03-11 20:19 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-11 20:19 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-11 20:19 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-11 20:19 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-11 20:19 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-11 20:19 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-11 20:19 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-03-11 20:19 484296 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-03-04 14:35 . 2014-03-11 20:19 409544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-04 14:35 . 2014-03-11 20:19 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-11 20:19 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-03-11 20:19 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-11 20:19 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-03-11 20:19 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-11 20:19 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-03-11 20:19 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-11 20:19 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-11 20:19 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-11 20:19 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-11 20:19 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-11 20:19 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-11 20:19 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-11 20:19 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-03-11 20:19 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-03-11 20:19 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-11 20:19 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-03-11 20:19 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-11 20:19 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-03-11 20:19 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 14:35 . 2014-02-18 18:39 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2014-01-08 05:43 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2014-01-08 05:43 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-04 14:35 . 2014-01-08 05:42 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-01-08 05:42 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2014-01-08 05:42 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2014-01-08 05:42 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 13:06 . 2014-01-08 05:43 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2014-01-08 05:43 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-01-08 05:43 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2014-01-08 05:43 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2014-01-08 05:43 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2014-01-08 05:43 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-03-11 20:22 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:17 . 2014-04-09 12:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-01 05:16 . 2014-03-12 12:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-12 12:10 2765824 ----a-w- c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-12 12:10 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-12 12:10 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-12 12:10 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-12 12:10 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-12 12:10 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-12 12:10 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-12 12:10 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-12 12:10 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-12 12:10 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-12 12:10 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-01 04:02 . 2014-03-12 12:10 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-12 12:10 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-12 12:10 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-12 12:10 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-12 12:10 627200 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-12 12:10 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-12 12:10 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-12 12:10 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-12 12:10 13051904 ----a-w- c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-12 12:10 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-12 12:10 2334208 ----a-w- c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-12 12:10 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-12 12:10 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-12 12:10 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-12 12:10 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2014-02-25 22:27 . 2014-02-25 22:27 154912 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2014-02-25 22:27 . 2014-02-25 22:27 140576 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-02-25 22:24 . 2014-02-25 22:24 204064 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2014-02-24 17:43 . 2014-01-08 13:33 118840 ----a-w- c:\windows\SysWow64\hcwi2c32.dll
2014-02-08 18:34 . 2014-02-18 18:39 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-18 18:39 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll
2014-02-07 01:23 . 2014-03-12 12:10 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 12:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 12:09 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 12:09 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 12:09 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 12:10 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 12:10 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 12:10 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-27 01:29 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-01-27 01:29 . 2009-08-18 16:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-01-23 20:05 . 2014-01-23 20:05 1683112 ----a-w- c:\windows\system32\FM20.DLL
2014-01-19 18:55 . 2014-01-19 18:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-17 20:24 . 2014-01-17 20:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-01-17 20:24 . 2014-01-17 20:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-13 00:13 1728216 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-13 00:13 1728216 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-13 00:13 1728216 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-04-02 12:22 458944 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-12 356128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hauppauge Device Properties.lnk - c:\program files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe [2014-4-6 491280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 ElgatoGC658Y;Elgato Game Capture;c:\windows\system32\Drivers\ElgatoGC658.sys;c:\windows\SYSNATIVE\Drivers\ElgatoGC658.sys [x]
R3 HcwDevCentralService;HcwDevCentralService;c:\progra~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE;c:\progra~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;c:\windows\system32\DRIVERS\CMUSBDAC.sys;c:\windows\SYSNATIVE\DRIVERS\CMUSBDAC.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 hcwE5bda;Hauppauge Siena Video Capture;c:\windows\system32\drivers\hcwE5bda.sys;c:\windows\SYSNATIVE\drivers\hcwE5bda.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 17:33 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-08 04:10]
.
2014-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08 06:09]
.
2014-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08 06:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-13 00:10 2333400 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-13 00:10 2333400 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-13 00:10 2333400 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-04-02 12:23 491200 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\86xlqdjx.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-11  09:36:46
ComboFix-quarantined-files.txt  2014-04-11 13:36
.
Pre-Run: 714,459,611,136 bytes free
Post-Run: 714,061,770,752 bytes free
.
- - End Of File - - FFCA30E9BBCC1DEB60969D8C74DF0D2E
A36C5E4F47E84449FF07ED3517B43A31
 


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 11 April 2014 - 08:40 AM

===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon

----------

  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Click Scan Now >>

----------
  • Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
  • Click Start (Start, Search, All files and folders for Windows XP) then type mbam
  • Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com


----------
  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 mikey3592

mikey3592
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 11 April 2014 - 09:44 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/11/2014
Scan Time: 9:49:52 AM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.11.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 261844
Time Elapsed: 4 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 
ESET found 1 threat, heres the log.
 
C:\Users\Michael\Downloads\ac3filter_2_5b.exe Win32/OpenCandy potentially unsafe application
 
 
 
 
 
 

Attached Files



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 14 April 2014 - 04:53 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 mikey3592

mikey3592
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 14 April 2014 - 02:23 PM

Heres the Adw log

 

# AdwCleaner v3.023 - Report created 14/04/2014 at 15:05:13
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Michael - MICHAEL-PC
# Running from : C:\Users\Michael\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\86xlqdjx.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1077 octets] - [14/04/2014 15:03:54]
AdwCleaner[S0].txt - [1006 octets] - [14/04/2014 15:05:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1066 octets] ##########
 
 
Heres the JRT log
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Michael on Mon 04/14/2014 at 15:09:31.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/14/2014 at 15:13:45.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
and last the Security check Log
 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Kaspersky PURE 3.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky PURE 3.0 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 15 April 2014 - 06:18 AM

Your system is clean now!

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 mikey3592

mikey3592
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 April 2014 - 01:50 PM

Thanks so much, i wonder what it was though but yea hyperlinks work correctly now and im no longer being redirected. Appreciate the help!



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 16 April 2014 - 03:53 PM

You´re welcome! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 16 April 2014 - 03:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users