Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UpdateFlashPlayer_xxxxx.exe


  • This topic is locked This topic is locked
7 replies to this topic

#1 bassclef7

bassclef7

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 08 July 2014 - 10:34 PM

Ran Malwarebytes and superantispyware.  Using Avira, which pops up constantly with viruses detected such as TR/Crypt.EPACK.Gen2    and   TR/Kryptik.opbg   and   TR/Crypt.XPACK.Gen.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Owner at 20:15:16 on 2014-07-08
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8068.5293 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Owner\AppData\Local\ljxgupbn.exe
C:\Users\Owner\AppData\Local\vixfrruf.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Vaushu] C:\Users\Owner\AppData\Roaming\Arceibv\awdeci.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Ixoxvoti] C:\Users\Owner\AppData\Roaming\Obempa\rihelud.exe
uRun: [Gauwryi] C:\Users\Owner\AppData\Roaming\Ecervo\udyqcam.exe
uRun: [Tiuxyr] C:\Users\Owner\AppData\Roaming\Uvawun\uqiha.exe
uRun: [Diurriiwolduop] C:\Users\Owner\AppData\Roaming\Vusypo\bowic.exe
uRun: [pumwnidl] "C:\Users\Owner\AppData\Local\hvseavvt.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 4.2.2.1 4.2.2.2 192.168.1.1
TCP: Interfaces\{756E198E-2864-4041-B654-471FDEF0C839} : DHCPNameServer = 4.2.2.1 4.2.2.2 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ghetolx.default-1404404373628\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-5-29 20464]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2014-5-29 22240]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-6-6 28600]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-6-6 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-6-6 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-6-6 117712]
R2 HDHomeRun Service;HDHomeRun Service;C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [2014-6-4 19456]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-5-29 169432]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-5-29 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-5-29 786416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-29 769168]
S1 UsbCharger;UsbCharger;C:\Windows\System32\drivers\UsbCharger.sys [2014-5-29 22240]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-16 111616]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-5-29 449528]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-29 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-29 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-29 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-6-6 1039952]
.
=============== Created Last 30 ================
.
2014-07-09 02:09:01    98390    ----a-w-    C:\Users\Owner\AppData\Local\vixfrruf.exe
2014-07-09 01:51:57    98390    ----a-w-    C:\Users\Owner\AppData\Local\ljxgupbn.exe
2014-07-09 01:11:37    79064    ----a-w-    C:\Windows\System32\drivers\iclqu.sys
2014-07-09 00:39:36    94208    ----a-w-    C:\Users\Owner\AppData\Local\hvseavvt.exe
2014-07-04 06:17:49    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Ubavota
2014-07-04 05:43:38    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Azzyqo
2014-07-04 04:18:39    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Kizogewi
2014-07-04 03:08:57    --------    d-----w-    C:\FRST
2014-07-04 02:51:11    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Zeciozez
2014-07-03 23:33:31    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-03 23:33:21    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-03 23:33:21    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-07-03 23:33:21    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-07-03 23:33:21    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-07-03 23:33:21    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 22:25:30    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Ahxucui
2014-07-03 21:49:31    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Eqhavoyk
2014-07-03 20:13:08    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Doifuqa
2014-07-03 18:13:26    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Toafitb
2014-07-03 17:56:32    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Ziodow
2014-07-03 16:20:58    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Vihimaf
2014-07-03 14:53:49    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Erzezi
2014-07-02 00:16:14    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Ecervo
2014-07-01 22:18:58    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Axgoazme
2014-07-01 21:53:50    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Uvawun
2014-07-01 20:26:50    --------    d-----w-    C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-07-01 20:26:15    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-07-01 20:26:15    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-07-01 20:11:53    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Ihsabid
2014-07-01 18:23:24    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Obempa
2014-07-01 17:43:45    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Vusypo
2014-07-01 17:13:41    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Arceibv
2014-06-25 18:05:50    --------    d-----w-    C:\Users\Owner\AppData\Local\Citrix
2014-06-16 21:06:28    --------    d-----w-    C:\Program Files\PlayReady
2014-06-16 21:04:46    --------    d-----w-    C:\ProgramData\Silicondust
2014-06-16 20:51:58    --------    d-----w-    C:\Program Files\Silicondust
2014-06-16 16:38:48    506368    ----a-w-    C:\Windows\System32\aepdu.dll
2014-06-16 16:38:48    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-06-11 06:52:08    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2014-06-09 07:11:10    253440    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\hpfpp02t.dll
2014-06-09 03:49:19    --------    d-----w-    C:\Program Files (x86)\Microsoft
2014-06-09 03:49:05    --------    d-----w-    C:\Program Files (x86)\Common Files\HP
2014-06-09 03:49:05    --------    d-----w-    C:\Program Files (x86)\Common Files\Hewlett-Packard
2014-06-09 03:48:46    138752    ----a-w-    C:\Windows\System32\hpf3l02t.dll
2014-06-09 03:47:43    906240    ----a-w-    C:\Windows\System32\hpwwiax5.dll
2014-06-09 03:47:43    644456    ----a-w-    C:\Windows\System32\hpzids40.dll
2014-06-09 03:47:43    553472    ----a-w-    C:\Windows\System32\hppldcoi.dll
2014-06-09 03:47:43    488960    ----a-w-    C:\Windows\System32\hpovst11.dll
2014-06-09 03:47:43    1422848    ----a-w-    C:\Windows\System32\hpwtiop4.dll
2014-06-09 03:47:10    --------    d-----w-    C:\Program Files (x86)\HP
.
==================== Find3M  ====================
.
2014-07-09 01:58:07    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 01:58:07    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-03 14:38:33    117712    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2014-06-07 04:29:29    84720    ----a-w-    C:\Windows\System32\drivers\avnetflt.sys
2014-06-06 20:25:15    144    ----a-w-    C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-06 20:10:00    451    ----a-w-    C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-05-30 10:02:37    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22    5782528    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-30 07:56:50    4244992    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10    1790976    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-29 19:52:48    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-21 07:33:56    734208    ----a-w-    C:\Windows\System32\MetroIntelGenericUIFramework.dll
2014-05-09 18:16:43    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2014-05-08 09:32:11    3178496    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 20:15:21.95 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 09 July 2014 - 07:12 AM

Hi there,

can you please post up the log files from Malwarebytes and Avira that show what exactely has been found?
Also run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 bassclef7

bassclef7
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 09 July 2014 - 03:50 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by Owner (administrator) on SLB on 09-07-2014 13:45:54
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
( ) C:\Users\Owner\AppData\Local\mfhmfnlw.exe
( ) C:\Users\Owner\AppData\Local\dnstvviw.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-23] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2555470091-1252776479-657206153-1000\...\Run: [Vaushu] => C:\Users\Owner\AppData\Roaming\Arceibv\awdeci.exe
HKU\S-1-5-21-2555470091-1252776479-657206153-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
HKU\S-1-5-21-2555470091-1252776479-657206153-1000\...\Run: [Ixoxvoti] => C:\Users\Owner\AppData\Roaming\Obempa\rihelud.exe
HKU\S-1-5-21-2555470091-1252776479-657206153-1000\...\Run: [Gauwryi] => C:\Users\Owner\AppData\Roaming\Ecervo\udyqcam.exe
HKU\S-1-5-21-2555470091-1252776479-657206153-1000\...\Run: [Tiuxyr] => C:\Users\Owner\AppData\Roaming\Uvawun\uqiha.exe
HKU\S-1-5-21-2555470091-1252776479-657206153-1000\...\Run: [Diurriiwolduop] => C:\Users\Owner\AppData\Roaming\Vusypo\bowic.exe
HKU\S-1-5-21-2555470091-1252776479-657206153-1000\...\Run: [pumwnidl] => C:\Users\Owner\AppData\Local\hvseavvt.exe [94208 2014-07-08] ()
HKU\S-1-5-21-2555470091-1252776479-657206153-1000\...\MountPoints2: {f24c05cf-e760-11e3-bb7e-806e6f6e6963} - D:\Run.exe
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD529B15FDD96CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 4.2.2.1 4.2.2.2 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ghetolx.default-1404404373628
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-09] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [19456 2014-06-04] (Silicondust USA Inc) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-09 13:45 - 2014-07-09 13:45 - 00110678 _____ ( ) C:\Users\Owner\AppData\Local\dnstvviw.exe
2014-07-09 13:45 - 2014-07-09 13:45 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-07-09 13:42 - 2014-07-09 13:42 - 00110678 _____ ( ) C:\Users\Owner\AppData\Local\mfhmfnlw.exe
2014-07-08 21:08 - 2014-07-08 21:08 - 00094216 _____ () C:\Users\Owner\AppData\Local\flrlxhjg.exe
2014-07-08 20:44 - 2014-07-08 20:47 - 00000000 ____D () C:\AdwCleaner
2014-07-08 20:43 - 2014-07-08 20:44 - 01348263 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-07-08 20:15 - 2014-07-08 20:21 - 00004436 _____ () C:\Users\Owner\Desktop\attach.txt
2014-07-08 20:15 - 2014-07-08 20:20 - 00018225 _____ () C:\Users\Owner\Desktop\dds.txt
2014-07-08 20:14 - 2014-07-08 20:15 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-07-08 19:09 - 2014-07-08 19:09 - 00098390 _____ () C:\Users\Owner\AppData\Local\vixfrruf.exe
2014-07-08 17:44 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 17:44 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 17:44 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 17:44 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 17:44 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 17:44 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 17:44 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 17:44 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 17:44 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 17:44 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 17:44 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 17:44 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 17:44 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 17:44 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 17:44 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 17:44 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 17:44 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 17:44 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 17:44 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 17:44 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 17:44 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 17:44 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 17:44 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 17:44 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 17:44 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 17:44 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 17:44 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 17:44 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 17:44 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 17:44 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 17:44 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 17:44 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 17:44 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 17:44 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 17:44 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 17:44 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 17:44 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 17:44 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 17:44 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 17:44 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 17:44 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 17:44 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 17:44 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 17:44 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 17:44 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 17:44 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 17:44 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 17:44 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 17:44 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 17:44 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 17:44 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 17:44 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 17:44 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 17:44 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 17:44 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 17:44 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 17:44 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 17:44 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 17:44 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 17:44 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 17:44 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 17:44 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 17:44 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 17:44 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 17:44 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 17:44 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 17:44 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 17:44 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 17:44 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 17:44 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 17:44 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 17:44 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 17:44 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 17:44 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 17:44 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 17:44 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 17:44 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 17:44 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 17:40 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 17:40 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 17:40 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 17:39 - 2014-07-08 17:39 - 00094208 _____ () C:\Users\Owner\AppData\Local\hvseavvt.exe
2014-07-03 23:17 - 2014-07-08 18:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ubavota
2014-07-03 22:43 - 2014-07-08 18:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Azzyqo
2014-07-03 21:18 - 2014-07-08 18:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Kizogewi
2014-07-03 20:09 - 2014-07-09 13:46 - 00011619 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-07-03 20:09 - 2014-07-03 20:09 - 00020170 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-07-03 20:08 - 2014-07-09 13:45 - 00000000 ____D () C:\FRST
2014-07-03 20:07 - 2014-07-09 13:45 - 02084352 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-07-03 19:51 - 2014-07-08 20:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Zeciozez
2014-07-03 16:33 - 2014-07-08 18:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 16:33 - 2014-07-03 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 16:33 - 2014-07-03 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 16:33 - 2014-07-03 16:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 16:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-03 16:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-03 16:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-03 16:31 - 2014-07-03 16:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-03 15:25 - 2014-07-03 16:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ahxucui
2014-07-03 14:49 - 2014-07-03 16:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Eqhavoyk
2014-07-03 13:13 - 2014-07-03 19:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Doifuqa
2014-07-03 11:13 - 2014-07-08 18:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Toafitb
2014-07-03 10:56 - 2014-07-08 18:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ziodow
2014-07-03 09:20 - 2014-07-08 18:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Vihimaf
2014-07-03 07:53 - 2014-07-08 20:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Erzezi
2014-07-01 17:16 - 2014-07-03 09:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ecervo
2014-07-01 15:18 - 2014-07-03 16:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Axgoazme
2014-07-01 14:53 - 2014-07-03 14:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Uvawun
2014-07-01 13:56 - 2014-07-03 09:19 - 00000000 ____D () C:\Users\Owner\Desktop\Old Firefox Data
2014-07-01 13:26 - 2014-07-01 13:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-07-01 13:26 - 2014-07-01 13:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-01 13:26 - 2014-07-01 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-01 13:26 - 2014-07-01 13:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-01 13:22 - 2014-07-01 13:24 - 19919328 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-07-01 13:11 - 2014-07-03 19:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ihsabid
2014-07-01 12:10 - 2014-07-01 12:10 - 00000223 _____ () C:\Users\Owner\Desktop\NWRS.URL
2014-07-01 11:23 - 2014-07-03 08:04 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Obempa
2014-07-01 10:43 - 2014-07-03 15:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Vusypo
2014-07-01 10:13 - 2014-07-03 07:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Arceibv
2014-07-01 10:11 - 2014-07-01 10:11 - 00068609 _____ () C:\Users\Owner\AppData\Local\ntvudacf
2014-06-30 16:20 - 2014-06-30 16:21 - 10596056 _____ (Silicondust) C:\Users\Owner\Downloads\hdhomerun_windows_20140604(1).exe
2014-06-25 14:08 - 2014-06-25 14:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-25 11:06 - 2014-07-08 22:05 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2555470091-1252776479-657206153-1000.job
2014-06-25 11:06 - 2014-06-25 11:06 - 00003578 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2555470091-1252776479-657206153-1000
2014-06-25 11:05 - 2014-06-25 11:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\Citrix
2014-06-20 09:42 - 2014-06-20 09:42 - 00043304 _____ () C:\Users\Owner\Documents\Antennas avsforum.com
2014-06-17 23:03 - 2014-06-19 00:22 - 00283830 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-06-16 22:08 - 2014-06-16 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-16 22:08 - 2014-06-16 22:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-16 22:08 - 2014-06-16 22:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-16 22:07 - 2014-06-16 22:07 - 13084896 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight_x64.exe
2014-06-16 14:06 - 2014-06-16 14:06 - 00000000 ____D () C:\Program Files\PlayReady
2014-06-16 14:04 - 2014-06-16 14:04 - 00000000 ____D () C:\ProgramData\Silicondust
2014-06-16 13:51 - 2014-06-30 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDHomeRun
2014-06-16 13:51 - 2014-06-16 13:51 - 10596056 _____ (Silicondust) C:\Users\Owner\Downloads\hdhomerun_windows_20140604.exe
2014-06-16 13:51 - 2014-06-16 13:51 - 00000000 ____D () C:\Program Files\Silicondust
2014-06-16 09:40 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-16 09:40 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-16 09:40 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-16 09:40 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-16 09:40 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-16 09:40 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-16 09:40 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-16 09:40 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-16 09:40 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-16 09:40 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-16 09:40 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-16 09:40 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-16 09:40 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-16 09:40 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 23:52 - 2014-06-10 23:52 - 00285500 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-06-10 23:52 - 2014-06-10 23:52 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-10 15:27 - 2014-06-16 09:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-10 10:23 - 2014-06-10 10:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 00:12 - 2014-06-09 00:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HP

==================== One Month Modified Files and Folders =======

2014-07-09 13:46 - 2014-07-03 20:09 - 00011619 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-07-09 13:45 - 2014-07-09 13:45 - 00110678 _____ ( ) C:\Users\Owner\AppData\Local\dnstvviw.exe
2014-07-09 13:45 - 2014-07-09 13:45 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-07-09 13:45 - 2014-07-03 20:08 - 00000000 ____D () C:\FRST
2014-07-09 13:45 - 2014-07-03 20:07 - 02084352 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-07-09 13:42 - 2014-07-09 13:42 - 00110678 _____ ( ) C:\Users\Owner\AppData\Local\mfhmfnlw.exe
2014-07-09 13:41 - 2009-07-13 21:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 13:41 - 2009-07-13 21:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 13:40 - 2009-07-13 22:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 13:39 - 2014-05-29 11:44 - 01818311 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 13:36 - 2014-06-07 16:23 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-07-09 13:36 - 2014-06-07 16:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DropboxMaster
2014-07-09 13:36 - 2014-06-07 16:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-07-09 13:36 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-09 13:36 - 2009-07-13 21:51 - 00034163 _____ () C:\Windows\setupact.log
2014-07-09 13:36 - 2009-07-13 21:45 - 00323464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 13:35 - 2014-05-29 13:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 13:35 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 13:35 - 2010-11-20 20:47 - 00273738 _____ () C:\Windows\PFRO.log
2014-07-09 13:35 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 13:35 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-08 22:05 - 2014-06-25 11:06 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2555470091-1252776479-657206153-1000.job
2014-07-08 22:05 - 2014-05-29 12:28 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 22:05 - 2014-05-29 12:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 21:57 - 2014-05-29 14:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-08 21:08 - 2014-07-08 21:08 - 00094216 _____ () C:\Users\Owner\AppData\Local\flrlxhjg.exe
2014-07-08 20:47 - 2014-07-08 20:44 - 00000000 ____D () C:\AdwCleaner
2014-07-08 20:46 - 2014-07-03 07:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Erzezi
2014-07-08 20:44 - 2014-07-08 20:43 - 01348263 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-07-08 20:43 - 2014-07-03 19:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Zeciozez
2014-07-08 20:21 - 2014-07-08 20:15 - 00004436 _____ () C:\Users\Owner\Desktop\attach.txt
2014-07-08 20:20 - 2014-07-08 20:15 - 00018225 _____ () C:\Users\Owner\Desktop\dds.txt
2014-07-08 20:15 - 2014-07-08 20:14 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-07-08 19:09 - 2014-07-08 19:09 - 00098390 _____ () C:\Users\Owner\AppData\Local\vixfrruf.exe
2014-07-08 18:58 - 2014-05-29 14:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 18:58 - 2014-05-29 14:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 18:58 - 2014-05-29 14:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 18:07 - 2014-07-03 11:13 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Toafitb
2014-07-08 18:07 - 2014-07-03 10:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ziodow
2014-07-08 18:07 - 2014-07-03 09:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Vihimaf
2014-07-08 18:06 - 2014-07-03 16:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 18:01 - 2014-07-03 23:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ubavota
2014-07-08 18:01 - 2014-07-03 22:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Azzyqo
2014-07-08 18:01 - 2014-07-03 21:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Kizogewi
2014-07-08 17:39 - 2014-07-08 17:39 - 00094208 _____ () C:\Users\Owner\AppData\Local\hvseavvt.exe
2014-07-03 20:09 - 2014-07-03 20:09 - 00020170 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-07-03 19:42 - 2014-07-01 13:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ihsabid
2014-07-03 19:41 - 2014-07-03 13:13 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Doifuqa
2014-07-03 16:43 - 2014-07-03 15:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ahxucui
2014-07-03 16:43 - 2014-07-03 14:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Eqhavoyk
2014-07-03 16:43 - 2014-07-01 15:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Axgoazme
2014-07-03 16:33 - 2014-07-03 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 16:33 - 2014-07-03 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 16:33 - 2014-07-03 16:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 16:32 - 2014-07-03 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-03 15:59 - 2014-07-01 10:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Vusypo
2014-07-03 14:40 - 2014-07-01 14:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Uvawun
2014-07-03 09:22 - 2014-07-01 17:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ecervo
2014-07-03 09:19 - 2014-07-01 13:56 - 00000000 ____D () C:\Users\Owner\Desktop\Old Firefox Data
2014-07-03 08:04 - 2014-07-01 11:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Obempa
2014-07-03 07:45 - 2014-07-01 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Arceibv
2014-07-03 07:38 - 2014-06-06 13:12 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-01 13:26 - 2014-07-01 13:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-07-01 13:26 - 2014-07-01 13:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-01 13:26 - 2014-07-01 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-01 13:26 - 2014-07-01 13:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-01 13:24 - 2014-07-01 13:22 - 19919328 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-07-01 12:10 - 2014-07-01 12:10 - 00000223 _____ () C:\Users\Owner\Desktop\NWRS.URL
2014-07-01 10:11 - 2014-07-01 10:11 - 00068609 _____ () C:\Users\Owner\AppData\Local\ntvudacf
2014-06-30 16:22 - 2014-06-16 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDHomeRun
2014-06-30 16:21 - 2014-06-30 16:20 - 10596056 _____ (Silicondust) C:\Users\Owner\Downloads\hdhomerun_windows_20140604(1).exe
2014-06-29 19:09 - 2014-07-08 17:44 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 19:04 - 2014-07-08 17:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-25 14:08 - 2014-06-25 14:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-25 11:06 - 2014-06-25 11:06 - 00003578 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2555470091-1252776479-657206153-1000
2014-06-25 11:06 - 2014-06-25 11:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\Citrix
2014-06-20 13:14 - 2014-07-08 17:44 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 12:39 - 2014-07-08 17:44 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 09:42 - 2014-06-20 09:42 - 00043304 _____ () C:\Users\Owner\Documents\Antennas avsforum.com
2014-06-19 00:22 - 2014-06-17 23:03 - 00283830 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-06-18 20:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-06-18 18:39 - 2014-07-08 17:44 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 18:06 - 2014-07-08 17:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 18:06 - 2014-07-08 17:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 17:48 - 2014-07-08 17:44 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 17:42 - 2014-07-08 17:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 17:42 - 2014-07-08 17:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 17:41 - 2014-07-08 17:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 17:41 - 2014-07-08 17:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 17:32 - 2014-07-08 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 17:31 - 2014-07-08 17:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 17:26 - 2014-07-08 17:44 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 17:24 - 2014-07-08 17:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 17:24 - 2014-07-08 17:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 17:23 - 2014-07-08 17:44 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 17:16 - 2014-07-08 17:44 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 17:14 - 2014-07-08 17:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 17:09 - 2014-07-08 17:44 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 16:59 - 2014-07-08 17:44 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 16:56 - 2014-07-08 17:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 16:53 - 2014-07-08 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 16:51 - 2014-07-08 17:44 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 16:50 - 2014-07-08 17:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 16:48 - 2014-07-08 17:44 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 16:39 - 2014-07-08 17:44 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 16:38 - 2014-07-08 17:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 16:37 - 2014-07-08 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 16:36 - 2014-07-08 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 16:35 - 2014-07-08 17:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 16:33 - 2014-07-08 17:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 16:32 - 2014-07-08 17:44 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 16:28 - 2014-07-08 17:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 16:28 - 2014-07-08 17:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 16:27 - 2014-07-08 17:44 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 16:27 - 2014-07-08 17:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 16:25 - 2014-07-08 17:44 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 16:23 - 2014-07-08 17:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 16:22 - 2014-07-08 17:44 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 16:12 - 2014-07-08 17:44 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 16:06 - 2014-07-08 17:44 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 16:01 - 2014-07-08 17:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 15:59 - 2014-07-08 17:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 15:58 - 2014-07-08 17:44 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 15:58 - 2014-07-08 17:44 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 15:52 - 2014-07-08 17:44 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 15:51 - 2014-07-08 17:44 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 15:49 - 2014-07-08 17:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 15:46 - 2014-07-08 17:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 15:45 - 2014-07-08 17:44 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 15:35 - 2014-07-08 17:44 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 15:34 - 2014-07-08 17:44 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 15:15 - 2014-07-08 17:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 15:13 - 2014-07-08 17:44 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 15:09 - 2014-07-08 17:44 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 15:07 - 2014-07-08 17:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 19:18 - 2014-07-08 17:44 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 18:51 - 2014-07-08 17:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 18:10 - 2014-07-08 17:44 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 13:01 - 2014-05-29 14:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-16 22:08 - 2014-06-16 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-16 22:08 - 2014-06-16 22:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-16 22:08 - 2014-06-16 22:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-16 22:07 - 2014-06-16 22:07 - 13084896 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight_x64.exe
2014-06-16 14:06 - 2014-06-16 14:06 - 00000000 ____D () C:\Program Files\PlayReady
2014-06-16 14:04 - 2014-06-16 14:04 - 00000000 ____D () C:\ProgramData\Silicondust
2014-06-16 13:51 - 2014-06-16 13:51 - 10596056 _____ (Silicondust) C:\Users\Owner\Downloads\hdhomerun_windows_20140604.exe
2014-06-16 13:51 - 2014-06-16 13:51 - 00000000 ____D () C:\Program Files\Silicondust
2014-06-16 09:34 - 2014-06-10 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-10 23:52 - 2014-06-10 23:52 - 00285500 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-06-10 23:52 - 2014-06-10 23:52 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-10 14:27 - 2014-06-07 07:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Thunderbird
2014-06-10 10:23 - 2014-06-10 10:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 00:13 - 2014-06-08 20:47 - 00000416 _____ () C:\ProgramData\hpzinstall.log
2014-06-09 00:12 - 2014-06-09 00:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HP
2014-06-09 00:12 - 2014-06-08 20:47 - 00192507 _____ () C:\Windows\hpwins22.dat

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\avgnt.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxm4nwa.dll
C:\Users\Owner\AppData\Local\Temp\SHSetup.exe
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_2f8f49c9.exe
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_405ee2b5.exe
C:\Users\Owner\AppData\Local\Temp\_is363C.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 18:44

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by Owner at 2014-07-09 13:46:11
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
HDHomeRun (HKLM\...\{0349A1AD-C750-4720-A2CC-0E4DC16735A9}) (Version: 1.0.15558.0 - Silicondust)
HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Restore Points  =========================

18-06-2014 06:02:31 Windows Update
19-06-2014 07:22:35 Windows Update
29-06-2014 05:13:27 Scheduled Checkpoint
09-07-2014 01:51:50 Scheduled Checkpoint
09-07-2014 05:04:41 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {055E42AE-EA12-4ED7-86F8-9AC19CD8F121} - System32\Tasks\G2MUpdateTask-S-1-5-21-2555470091-1252776479-657206153-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-06-25] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {99706620-8C05-4150-9B53-30E0EDE125D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2555470091-1252776479-657206153-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-09 13:36 - 2014-07-09 13:36 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxm4nwa.dll
2014-06-07 16:22 - 2013-10-18 16:55 - 25100288 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-10 15:27 - 2014-06-10 15:27 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-10 15:27 - 2014-06-10 15:27 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-10 15:27 - 2014-06-10 15:27 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-05-29 11:48 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-06-10 10:23 - 2014-06-10 10:23 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Owner\Documents\ESB Winter 2012 Sched.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2014 01:37:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2014 08:48:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2014 05:40:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gopoufo.exe, version: 0.0.0.0, time stamp: 0x539d8886
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0xb08
Faulting application start time: 0xgopoufo.exe0
Faulting application path: gopoufo.exe1
Faulting module path: gopoufo.exe2
Report Id: gopoufo.exe3

Error: (07/08/2014 05:34:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 08:08:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gopoufo.exe, version: 8.7.0.0, time stamp: 0x539d8886
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x005c5009
Faulting process id: 0x1ffc
Faulting application start time: 0xgopoufo.exe0
Faulting application path: gopoufo.exe1
Faulting module path: gopoufo.exe2
Report Id: gopoufo.exe3

Error: (07/03/2014 07:43:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 04:01:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 04:00:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ubboysk.exe, version: 8.7.0.0, time stamp: 0x539d8886
Faulting module name: jscript9.dll, version: 11.0.9600.17126, time stamp: 0x53883991
Exception code: 0xc0000005
Fault offset: 0x0010f89d
Faulting process id: 0xa2c
Faulting application start time: 0xubboysk.exe0
Faulting application path: ubboysk.exe1
Faulting module path: ubboysk.exe2
Report Id: ubboysk.exe3

Error: (07/03/2014 03:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ubboysk.exe, version: 8.7.0.0, time stamp: 0x539d8886
Faulting module name: mshtml.dll, version: 11.0.9600.17126, time stamp: 0x53884c7d
Exception code: 0xc0000005
Fault offset: 0x0077500e
Faulting process id: 0x2d70
Faulting application start time: 0xubboysk.exe0
Faulting application path: ubboysk.exe1
Faulting module path: ubboysk.exe2
Report Id: ubboysk.exe3

Error: (07/03/2014 03:36:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ubboysk.exe, version: 8.7.0.0, time stamp: 0x539d8886
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x1f8c
Faulting application start time: 0xubboysk.exe0
Faulting application path: ubboysk.exe1
Faulting module path: ubboysk.exe2
Report Id: ubboysk.exe3


System errors:
=============
Error: (07/09/2014 01:36:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (07/08/2014 08:46:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (07/08/2014 05:32:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (07/03/2014 10:04:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/03/2014 10:04:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/03/2014 10:03:48 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/03/2014 09:58:21 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/03/2014 09:58:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/03/2014 09:58:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/03/2014 09:57:41 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (07/09/2014 01:37:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2014 08:48:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2014 05:40:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gopoufo.exe0.0.0.0539d8886Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1db0801cf9b0d6af7ccf8C:\Users\Owner\AppData\Roaming\Zeciozez\gopoufo.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxab3f9857-0701-11e4-a00e-74d4350ffdd8

Error: (07/08/2014 05:34:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 08:08:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gopoufo.exe8.7.0.0539d8886Flash32_13_0_0_214.ocx13.0.0.2145359c422c0000005005c50091ffc01cf97348fad1ad1C:\Users\Owner\AppData\Roaming\Zeciozez\gopoufo.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocx7a3b8878-0328-11e4-9970-74d4350ffdd8

Error: (07/03/2014 07:43:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 04:01:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 04:00:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ubboysk.exe8.7.0.0539d8886jscript9.dll11.0.9600.1712653883991c00000050010f89da2c01cf971291af3e87C:\Users\Owner\AppData\Roaming\Doifuqa\ubboysk.exeC:\Windows\SysWOW64\jscript9.dlle13d7a5a-0305-11e4-8ad5-74d4350ffdd8

Error: (07/03/2014 03:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ubboysk.exe8.7.0.0539d8886mshtml.dll11.0.9600.1712653884c7dc00000050077500e2d7001cf9710d9b29218C:\Users\Owner\AppData\Roaming\Doifuqa\ubboysk.exeC:\Windows\SysWOW64\mshtml.dll417c98ae-0304-11e4-917d-74d4350ffdd8

Error: (07/03/2014 03:36:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ubboysk.exe8.7.0.0539d8886Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d1f8c01cf970f178c3d42C:\Users\Owner\AppData\Roaming\Doifuqa\ubboysk.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocx74d14395-0302-11e4-917d-74d4350ffdd8


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 8067.83 MB
Available physical RAM: 6033.59 MB
Total Pagefile: 8266.01 MB
Available Pagefile: 5983.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.78 GB) (Free:185.96 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1862.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: C52C8DF2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 59A8154C)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 09 July 2014 - 04:08 PM

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#5 bassclef7

bassclef7
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 09 July 2014 - 04:27 PM


Avira Free Antivirus
Report file date: Wednesday, July 09, 2014  14:07


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Antivirus Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows 7 Professional
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : SLB

Version information:
BUILD.DAT       : 14.0.5.450     91868 Bytes   6/24/2014 20:39:00
AVSCAN.EXE      : 14.0.5.396   1042512 Bytes    7/3/2014 14:38:34
AVSCANRC.DLL    : 14.0.5.364     52816 Bytes    7/3/2014 14:38:34
LUKE.DLL        : 14.0.5.336     57936 Bytes    7/3/2014 14:38:40
AVSCPLR.DLL     : 14.0.5.376     89680 Bytes    7/3/2014 14:38:34
AVREG.DLL       : 14.0.5.356    261200 Bytes    7/3/2014 14:38:34
avlode.dll      : 14.0.5.396    588368 Bytes    7/3/2014 14:38:33
avlode.rdf      : 14.0.4.36      65096 Bytes    7/9/2014 00:37:22
XBV00008.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00009.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00010.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00011.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00012.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00013.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00014.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00015.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00016.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00017.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00018.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:39
XBV00019.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00020.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00021.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00022.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00023.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00024.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00025.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00026.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00027.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00028.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00029.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00030.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00031.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:40
XBV00032.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:41
XBV00033.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:41
XBV00034.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:41
XBV00035.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:41
XBV00036.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:41
XBV00037.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:41
XBV00038.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:41
XBV00039.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:41
XBV00040.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:41
XBV00041.VDF    : 8.11.153.142     2048 Bytes    6/6/2014 20:01:41
XBV00056.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00057.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00058.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00059.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00060.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00061.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00062.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00063.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00064.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00065.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00066.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00067.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00068.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00069.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:25
XBV00070.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00071.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00072.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00073.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00074.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00075.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00076.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00077.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00078.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00079.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00080.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00081.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00082.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00083.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00084.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00085.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00086.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00087.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00088.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00089.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:26
XBV00090.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:27
XBV00091.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:27
XBV00092.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:27
XBV00093.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:27
XBV00094.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:27
XBV00095.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:28
XBV00096.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:28
XBV00097.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:28
XBV00098.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:28
XBV00099.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:28
XBV00100.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:28
XBV00101.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:28
XBV00102.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:28
XBV00103.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:29
XBV00104.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:29
XBV00105.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:29
XBV00106.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:29
XBV00107.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:29
XBV00108.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:30
XBV00109.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:30
XBV00110.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:30
XBV00111.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:30
XBV00112.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:30
XBV00113.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:30
XBV00114.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:30
XBV00115.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:30
XBV00116.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:30
XBV00117.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:31
XBV00118.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:31
XBV00119.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:31
XBV00120.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:31
XBV00121.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:31
XBV00122.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:31
XBV00123.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:31
XBV00124.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:31
XBV00125.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:31
XBV00126.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:31
XBV00127.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:32
XBV00128.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:32
XBV00129.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:32
XBV00130.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:33
XBV00131.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:33
XBV00132.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:33
XBV00133.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:33
XBV00134.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:33
XBV00135.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:33
XBV00136.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:33
XBV00137.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:33
XBV00138.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:34
XBV00139.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:34
XBV00140.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:34
XBV00141.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:35
XBV00142.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:35
XBV00143.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:35
XBV00144.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:35
XBV00145.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:35
XBV00146.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:35
XBV00147.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:35
XBV00148.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:35
XBV00149.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:35
XBV00150.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:35
XBV00151.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:36
XBV00152.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:36
XBV00153.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:36
XBV00154.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:36
XBV00155.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:36
XBV00156.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:36
XBV00157.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:36
XBV00158.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00159.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00160.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00161.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00162.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00163.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00164.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00165.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00166.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00167.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00168.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:37
XBV00169.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:38
XBV00170.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:38
XBV00171.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:38
XBV00172.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:38
XBV00173.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:38
XBV00174.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:38
XBV00175.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:38
XBV00176.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:39
XBV00177.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:39
XBV00178.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:39
XBV00179.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:39
XBV00180.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:39
XBV00181.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00182.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00183.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00184.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00185.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00186.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00187.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00188.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00189.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00190.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00191.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00192.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00193.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00194.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:40
XBV00195.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:41
XBV00196.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:42
XBV00197.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:42
XBV00198.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:42
XBV00199.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:42
XBV00200.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:44
XBV00201.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:44
XBV00202.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:44
XBV00203.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00204.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00205.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00206.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00207.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00208.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00209.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00210.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00211.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00212.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00213.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00214.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:46
XBV00215.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:47
XBV00216.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:47
XBV00217.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:48
XBV00218.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:48
XBV00219.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:48
XBV00220.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00221.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00222.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00223.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00224.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00225.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00226.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00227.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00228.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00229.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00230.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00231.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00232.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00233.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00234.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00235.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00236.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:49
XBV00237.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:50
XBV00238.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:50
XBV00239.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:50
XBV00240.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:50
XBV00241.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:50
XBV00242.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:50
XBV00243.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:50
XBV00244.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:50
XBV00245.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:50
XBV00246.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:51
XBV00247.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:51
XBV00248.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:51
XBV00249.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:51
XBV00250.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:51
XBV00251.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:51
XBV00252.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:52
XBV00253.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:53
XBV00254.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:53
XBV00255.VDF    : 8.11.159.102     2048 Bytes    7/8/2014 00:37:53
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 18:16:59
XBV00001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 18:16:59
XBV00002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 18:16:59
XBV00003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 18:16:59
XBV00004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 18:16:59
XBV00005.VDF    : 7.11.98.186  6822912 Bytes   8/29/2013 18:16:59
XBV00006.VDF    : 7.11.139.38 15708672 Bytes   3/27/2014 18:16:59
XBV00007.VDF    : 7.11.152.100  4193792 Bytes    6/2/2014 04:29:31
XBV00042.VDF    : 8.11.153.142   710656 Bytes    6/6/2014 20:01:42
XBV00043.VDF    : 8.11.155.44  1013760 Bytes   6/16/2014 20:01:42
XBV00044.VDF    : 8.11.159.102  1662976 Bytes    7/8/2014 00:37:23
XBV00045.VDF    : 8.11.159.104    13824 Bytes    7/8/2014 00:37:23
XBV00046.VDF    : 8.11.159.108    13312 Bytes    7/8/2014 00:37:24
XBV00047.VDF    : 8.11.159.112    30720 Bytes    7/9/2014 20:41:11
XBV00048.VDF    : 8.11.159.114     6144 Bytes    7/9/2014 20:41:11
XBV00049.VDF    : 8.11.159.116    10240 Bytes    7/9/2014 20:41:11
XBV00050.VDF    : 8.11.159.118     5632 Bytes    7/9/2014 20:41:11
XBV00051.VDF    : 8.11.159.122     7168 Bytes    7/9/2014 20:41:11
XBV00052.VDF    : 8.11.159.126   180736 Bytes    7/9/2014 20:41:11
XBV00053.VDF    : 8.11.159.148   174080 Bytes    7/9/2014 20:41:11
XBV00054.VDF    : 8.11.159.168     2560 Bytes    7/9/2014 20:41:11
XBV00055.VDF    : 8.11.159.188    15360 Bytes    7/9/2014 20:41:11
LOCAL001.VDF    : 8.11.159.188 107699200 Bytes    7/9/2014 20:41:20
Engine version  : 8.3.20.30
AEVDF.DLL       : 8.3.0.4       118976 Bytes    5/9/2014 18:16:42
AESCRIPT.DLL    : 8.1.4.218     532680 Bytes    7/9/2014 00:37:22
AESCN.DLL       : 8.3.1.2       135360 Bytes    6/7/2014 04:29:28
AESBX.DLL       : 8.2.20.24    1409224 Bytes    5/9/2014 18:16:42
AERDL.DLL       : 8.2.0.138     704888 Bytes    5/9/2014 18:16:42
AEPACK.DLL      : 8.4.0.42      786632 Bytes    7/3/2014 14:38:32
AEOFFICE.DLL    : 8.3.0.8       205000 Bytes    7/3/2014 14:38:32
AEHEUR.DLL      : 8.1.4.1132   6820040 Bytes   6/29/2014 03:57:45
AEHELP.DLL      : 8.3.1.0       278728 Bytes    6/7/2014 04:29:25
AEGEN.DLL       : 8.1.7.28      450752 Bytes    6/7/2014 04:29:25
AEEXP.DLL       : 8.4.2.6       237760 Bytes   6/29/2014 03:57:45
AEEMU.DLL       : 8.1.3.2       393587 Bytes    5/9/2014 18:16:42
AEDROID.DLL     : 8.4.2.24      442568 Bytes    6/7/2014 04:29:29
AECORE.DLL      : 8.3.1.4       241864 Bytes    6/7/2014 04:29:25
AEBB.DLL        : 8.1.1.4        53619 Bytes    5/9/2014 18:16:42
AVWINLL.DLL     : 14.0.5.320     24144 Bytes    7/3/2014 14:38:31
AVPREF.DLL      : 14.0.5.320     50256 Bytes    7/3/2014 14:38:34
AVREP.DLL       : 14.0.5.320    219216 Bytes    7/3/2014 14:38:34
AVARKT.DLL      : 14.0.5.368    226384 Bytes    7/3/2014 14:38:32
AVEVTLOG.DLL    : 14.0.5.320    182352 Bytes    7/3/2014 14:38:33
SQLITE3.DLL     : 14.0.5.320    452176 Bytes    7/3/2014 14:38:42
AVSMTP.DLL      : 14.0.5.320     76368 Bytes    7/3/2014 14:38:35
NETNT.DLL       : 14.0.5.320     13392 Bytes    7/3/2014 14:38:41
RCIMAGE.DLL     : 14.0.5.320   4998736 Bytes    7/3/2014 14:38:31
RCTEXT.DLL      : 14.0.5.322     73296 Bytes    7/3/2014 14:38:31

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Wednesday, July 09, 2014  14:07

Start scanning boot sectors:
Boot sector 'HDD0(C:)'
    [INFO]      No virus was found!
Boot sector 'HDD1(D:)'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '109' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '156' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'igfxCUIService.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '77' Module(s) have been scanned
Scan process 'spoolsv.exe' - '94' Module(s) have been scanned
Scan process 'sched.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'SASCORE64.EXE' - '19' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'avguard.exe' - '121' Module(s) have been scanned
Scan process 'HeciServer.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '60' Module(s) have been scanned
Scan process 'hdhomerun_service.exe' - '44' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'taskhost.exe' - '69' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '34' Module(s) have been scanned
Scan process 'Dwm.exe' - '35' Module(s) have been scanned
Scan process 'Explorer.EXE' - '171' Module(s) have been scanned
Scan process 'igfxEM.exe' - '48' Module(s) have been scanned
Scan process 'igfxHK.exe' - '34' Module(s) have been scanned
Scan process 'igfxTray.exe' - '45' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '42' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '72' Module(s) have been scanned
Scan process 'Dropbox.exe' - '101' Module(s) have been scanned
Scan process 'iusb3mon.exe' - '36' Module(s) have been scanned
Scan process 'avgnt.exe' - '119' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '84' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '115' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'DllHost.exe' - '46' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '63' Module(s) have been scanned
Scan process 'thunderbird.exe' - '120' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '105' Module(s) have been scanned
Scan process 'jhi_service.exe' - '37' Module(s) have been scanned
Scan process 'LMS.exe' - '95' Module(s) have been scanned
Scan process 'PrivacyIconClient.exe' - '63' Module(s) have been scanned
Scan process 'firefox.exe' - '143' Module(s) have been scanned
Scan process 'mfhmfnlw.exe' - '67' Module(s) have been scanned
Scan process 'dnstvviw.exe' - '67' Module(s) have been scanned
Scan process 'SeaPort.exe' - '55' Module(s) have been scanned
Scan process 'rundll32.exe' - '24' Module(s) have been scanned
Scan process 'mbam.exe' - '80' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '25' Module(s) have been scanned
Scan process 'taskeng.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '121' Module(s) have been scanned
Scan process 'avscan.exe' - '119' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '78' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '3050' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\Owner\AppData\Local\vixfrruf.exe
  [DETECTION] Is the TR/CeeInject.A.72 Trojan
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_05014538.exe
  [DETECTION] Is the TR/Crypt.ZPACK.59429 Trojan
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_2f8f49c9.exe
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_a06b43f4.exe
  [DETECTION] Is the TR/Crypt.ZPACK.59429 Trojan
C:\Users\Owner\AppData\Roaming\Zeciozez\gopoufo.exe
  [DETECTION] Is the TR/Crypt.EPACK.Gen2 Trojan
Begin scan in 'D:\'

Beginning disinfection:
C:\Users\Owner\AppData\Roaming\Zeciozez\gopoufo.exe
  [DETECTION] Is the TR/Crypt.EPACK.Gen2 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '51511063.qua'!
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_a06b43f4.exe
  [DETECTION] Is the TR/Crypt.ZPACK.59429 Trojan
  [NOTE]      The file could not be copied to quarantine!
  [NOTE]      The file does not exist!
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_2f8f49c9.exe
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1b95652f.qua'!
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_05014538.exe
  [DETECTION] Is the TR/Crypt.ZPACK.59429 Trojan
  [NOTE]      The file could not be copied to quarantine!
  [NOTE]      The file does not exist!
C:\Users\Owner\AppData\Local\vixfrruf.exe
  [DETECTION] Is the TR/CeeInject.A.72 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '383207ae.qua'!


End of the scan: Wednesday, July 09, 2014  14:21
Used time: 11:53 Minute(s)

The scan has been done completely.

  23460 Scanned directories
 418555 Files were scanned
      5 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      3 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 418550 Files not concerned
   4097 Archives were scanned
      0 Warnings
      5 Notes
 701296 Objects were scanned with rootkit scan
      0 Hidden objects were found
 

 

 

 

<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2014/07/08 18:06:19 -0700</date><logfile>mbam-log-2014-07-08 (18-06-18).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.00.2.1012</version><malware-database>v2014.07.08.12</malware-database><rootkit-database>v2014.07.07.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>Owner</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>270429</objects> <time>260</time><processes>0</processes><modules>0</modules><keys>0</keys><values>1</values><datas>0</datas><folders>0</folders><files>15</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><value><path>HKU\S-1-5-21-2555470091-1252776479-657206153-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Ixugundy</valuename><vendor>Trojan.Zbot</vendor><action>delete-on-reboot</action><valuedata>C:\Users\Owner\AppData\Roaming\Erzezi\rienh.exe</valuedata><hash>df3d2479aad135010f76adeaa25f7090</hash></value><file><path>C:\Users\Owner\AppData\Roaming\Erzezi\rienh.exe</path><vendor>Trojan.Zbot</vendor><action>success</action><hash>df3d2479aad135010f76adeaa25f7090</hash></file><file><path>C:\Users\Owner\AppData\Roaming\Toafitb\ubzik.exe</path><vendor>Trojan.Zbot</vendor><action>success</action><hash>84983f5ee6959d994441880faf52fd03</hash></file><file><path>C:\Users\Owner\AppData\Roaming\Vihimaf\ycmaov.exe</path><vendor>Trojan.Zbot</vendor><action>success</action><hash>7ca0108dd2a963d36b1a0295ca37bd43</hash></file><file><path>C:\Users\Owner\AppData\Roaming\Ziodow\vylihu.exe</path><vendor>Trojan.Zbot</vendor><action>success</action><hash>2bf10b9296e538fe2560cccb28d98779</hash></file><file><path>C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_11a88f0c.exe</path><vendor>Spyware.Zbot.VXGen</vendor><action>success</action><hash>9488504d0f6c6ec8b2a091dfb74a33cd</hash></file><file><path>C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_37a78cdf.exe</path><vendor>Trojan.Zbot.CXgen</vendor><action>success</action><hash>64b8bde01a61f6408e86ff12976a6e92</hash></file><file><path>C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_92dcdbd1.exe</path><vendor>Spyware.Zbot.VXGen</vendor><action>success</action><hash>928ac9d48af155e1054d5020a0616a96</hash></file><file><path>C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_cc59a6a8.exe</path><vendor>Spyware.Zbot.VXGen</vendor><action>success</action><hash>c854c4d91e5d7cba4e04d59bc63bc23e</hash></file><file><path>C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_f58711ed.exe</path><vendor>Spyware.Zbot.VXGen</vendor><action>success</action><hash>da425a43a1dad0664c06c2aecc35bd43</hash></file><file><path>C:\Users\Owner\AppData\Local\ckjrlvaa.exe</path><vendor>Spyware.Zbot.ED</vendor><action>success</action><hash>0e0e04995b202313ffe6b0e27d84dc24</hash></file><file><path>C:\Users\Owner\AppData\Local\foowrgos.exe</path><vendor>Spyware.Zbot.ED</vendor><action>success</action><hash>87954459a7d432046580aee44ab7d32d</hash></file><file><path>C:\Windows\Tasks\Security Center Update - 158176432.job</path><vendor>Trojan.Agent.RvGen</vendor><action>success</action><hash>9b8178258bf0f442c779be202ad91ae6</hash></file><file><path>C:\Windows\Tasks\Security Center Update - 2809953085.job</path><vendor>Trojan.Agent.RvGen</vendor><action>success</action><hash>021a4b523348e551bb850fcf649f9f61</hash></file><file><path>C:\Windows\Tasks\Security Center Update - 4027755891.job</path><vendor>Trojan.Agent.RvGen</vendor><action>success</action><hash>9d7f9ffe04777abccb75766828db21df</hash></file><file><path>C:\Windows\Tasks\Security Center Update - 576134208.job</path><vendor>Trojan.Agent.RvGen</vendor><action>success</action><hash>b16bc1dcbdbe74c25ee2f5e98f7424dc</hash></file></items>

</mbam-log>



#6 bassclef7

bassclef7
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 09 July 2014 - 04:50 PM

ComboFix 14-07-08.01 - Owner 07/09/2014  14:45:55.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8068.5855 [GMT -7:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\cjbxbgof.exe
c:\users\Owner\AppData\Local\flrlxhjg.exe
c:\users\Owner\AppData\Local\hvseavvt.exe
c:\users\Owner\AppData\Local\qqactagt.exe
c:\users\Owner\AppData\Roaming\Subaax
c:\users\Owner\AppData\Roaming\Subaax\urraf.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-09 to 2014-07-09  )))))))))))))))))))))))))))))))
.
.
2014-07-09 21:48 . 2014-07-09 21:48    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-09 21:44 . 2014-07-09 21:44    --------    d-----w-    c:\users\Owner\AppData\Roaming\Symyatqa
2014-07-09 03:44 . 2014-07-09 03:47    --------    d-----w-    C:\AdwCleaner
2014-07-09 00:40 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-09 00:40 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-09 00:40 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-07-04 06:17 . 2014-07-09 01:01    --------    d-----w-    c:\users\Owner\AppData\Roaming\Ubavota
2014-07-04 05:43 . 2014-07-09 01:01    --------    d-----w-    c:\users\Owner\AppData\Roaming\Azzyqo
2014-07-04 04:18 . 2014-07-09 01:01    --------    d-----w-    c:\users\Owner\AppData\Roaming\Kizogewi
2014-07-04 03:08 . 2014-07-09 20:47    --------    d-----w-    C:\FRST
2014-07-04 02:51 . 2014-07-09 21:21    --------    d-----w-    c:\users\Owner\AppData\Roaming\Zeciozez
2014-07-03 23:33 . 2014-07-09 20:55    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-03 23:33 . 2014-07-03 23:33    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-03 23:33 . 2014-07-03 23:33    --------    d-----w-    c:\programdata\Malwarebytes
2014-07-03 23:33 . 2014-05-12 14:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-07-03 23:33 . 2014-05-12 14:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-07-03 23:33 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-07-03 22:25 . 2014-07-03 23:43    --------    d-----w-    c:\users\Owner\AppData\Roaming\Ahxucui
2014-07-03 21:49 . 2014-07-03 23:43    --------    d-----w-    c:\users\Owner\AppData\Roaming\Eqhavoyk
2014-07-03 20:13 . 2014-07-04 02:41    --------    d-----w-    c:\users\Owner\AppData\Roaming\Doifuqa
2014-07-03 18:13 . 2014-07-09 01:07    --------    d-----w-    c:\users\Owner\AppData\Roaming\Toafitb
2014-07-03 17:56 . 2014-07-09 01:07    --------    d-----w-    c:\users\Owner\AppData\Roaming\Ziodow
2014-07-03 16:20 . 2014-07-09 01:07    --------    d-----w-    c:\users\Owner\AppData\Roaming\Vihimaf
2014-07-03 14:53 . 2014-07-09 03:46    --------    d-----w-    c:\users\Owner\AppData\Roaming\Erzezi
2014-07-02 00:16 . 2014-07-03 16:22    --------    d-----w-    c:\users\Owner\AppData\Roaming\Ecervo
2014-07-01 22:18 . 2014-07-03 23:43    --------    d-----w-    c:\users\Owner\AppData\Roaming\Axgoazme
2014-07-01 21:53 . 2014-07-03 21:40    --------    d-----w-    c:\users\Owner\AppData\Roaming\Uvawun
2014-07-01 20:26 . 2014-07-01 20:26    --------    d-----w-    c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-07-01 20:26 . 2014-07-01 20:26    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-07-01 20:26 . 2014-07-01 20:26    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2014-07-01 20:11 . 2014-07-04 02:42    --------    d-----w-    c:\users\Owner\AppData\Roaming\Ihsabid
2014-07-01 18:23 . 2014-07-03 15:04    --------    d-----w-    c:\users\Owner\AppData\Roaming\Obempa
2014-07-01 17:43 . 2014-07-03 22:59    --------    d-----w-    c:\users\Owner\AppData\Roaming\Vusypo
2014-07-01 17:13 . 2014-07-03 14:45    --------    d-----w-    c:\users\Owner\AppData\Roaming\Arceibv
2014-06-25 18:05 . 2014-06-25 18:06    --------    d-----w-    c:\users\Owner\AppData\Local\Citrix
2014-06-17 05:08 . 2014-06-17 05:08    --------    d-----w-    c:\program files\Microsoft Silverlight
2014-06-17 05:08 . 2014-06-17 05:08    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2014-06-16 21:06 . 2014-06-16 21:06    --------    d-----w-    c:\program files\PlayReady
2014-06-16 21:04 . 2014-06-16 21:04    --------    d-----w-    c:\programdata\Silicondust
2014-06-16 20:51 . 2014-06-16 20:51    --------    d-----w-    c:\program files\Silicondust
2014-06-11 06:52 . 2014-06-11 06:52    --------    d-----w-    c:\program files (x86)\MSXML 4.0
2014-06-10 22:27 . 2014-06-16 16:34    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 05:05 . 2014-05-29 19:28    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-07-09 01:58 . 2014-05-29 21:27    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 01:58 . 2014-05-29 21:27    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-03 14:38 . 2014-06-06 20:12    117712    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2014-06-08 07:25 . 2014-06-08 07:25    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-06-08 07:25 . 2014-06-08 07:25    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-06-08 07:25 . 2014-06-08 07:25    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-06-08 07:25 . 2014-06-08 07:25    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-06-07 04:29 . 2014-06-07 04:30    84720    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2014-06-06 20:25 . 2014-06-06 20:25    144    ----a-w-    c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-06 20:10 . 2014-06-06 20:10    451    ----a-w-    c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-05-29 19:56 . 2014-05-29 19:56    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-05-29 19:56 . 2014-05-29 19:56    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-05-29 19:56 . 2014-05-29 19:56    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-05-29 19:56 . 2014-05-29 19:56    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-05-29 19:56 . 2014-05-29 19:56    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-05-29 19:56 . 2014-05-29 19:56    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-05-29 19:56 . 2014-05-29 19:56    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-05-29 19:56 . 2014-05-29 19:56    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-05-29 19:56 . 2014-05-29 19:56    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-05-29 19:56 . 2014-05-29 19:56    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-05-29 19:56 . 2014-05-29 19:56    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-05-29 19:56 . 2014-05-29 19:56    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-05-29 19:56 . 2014-05-29 19:56    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-05-29 19:56 . 2014-05-29 19:56    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-05-29 19:56 . 2014-05-29 19:56    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-05-29 19:56 . 2014-05-29 19:56    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-05-29 19:56 . 2014-05-29 19:56    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-05-29 19:56 . 2014-05-29 19:56    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-05-29 19:56 . 2014-05-29 19:56    413696    ----a-w-    c:\windows\system32\html.iec
2014-05-29 19:56 . 2014-05-29 19:56    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-05-29 19:56 . 2014-05-29 19:56    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-05-29 19:56 . 2014-05-29 19:56    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-05-29 19:56 . 2014-05-29 19:56    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-05-29 19:56 . 2014-05-29 19:56    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-05-29 19:56 . 2014-05-29 19:56    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-05-29 19:56 . 2014-05-29 19:56    235520    ----a-w-    c:\windows\system32\url.dll
2014-05-29 19:56 . 2014-05-29 19:56    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-05-29 19:56 . 2014-05-29 19:56    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-05-29 19:56 . 2014-05-29 19:56    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-05-29 19:56 . 2014-05-29 19:56    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-05-29 19:56 . 2014-05-29 19:56    147968    ----a-w-    c:\windows\system32\occache.dll
2014-05-29 19:56 . 2014-05-29 19:56    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-05-29 19:56 . 2014-05-29 19:56    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-05-29 19:56 . 2014-05-29 19:56    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-05-29 19:56 . 2014-05-29 19:56    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-05-29 19:56 . 2014-05-29 19:56    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-05-29 19:56 . 2014-05-29 19:56    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-05-29 19:56 . 2014-05-29 19:56    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-05-29 19:56 . 2014-05-29 19:56    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-05-29 19:56 . 2014-05-29 19:56    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-05-29 19:56 . 2014-05-29 19:56    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-05-29 19:52 . 2014-05-29 19:52    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-05-29 19:52 . 2014-05-29 19:52    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2014-05-29 19:52 . 2014-05-29 19:52    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-05-29 19:52 . 2014-05-29 19:52    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2014-05-29 19:52 . 2014-05-29 19:52    363008    ----a-w-    c:\windows\system32\dxgi.dll
2014-05-29 19:52 . 2014-05-29 19:52    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-05-29 19:52 . 2014-05-29 19:52    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2014-05-29 19:52 . 2014-05-29 19:52    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2014-05-29 19:52 . 2014-05-29 19:52    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-05-29 19:52 . 2014-05-29 19:52    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2014-05-29 19:52 . 2014-05-29 19:52    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-05-29 19:52 . 2014-05-29 19:52    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-05-29 19:52 . 2014-05-29 19:52    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-05-29 19:52 . 2014-05-29 19:52    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2014-05-29 19:52 . 2014-05-29 19:52    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2014-05-29 19:52 . 2014-05-29 19:52    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-05-29 19:52 . 2014-05-29 19:52    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2014-05-29 19:52 . 2014-05-29 19:52    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-05-29 19:52 . 2014-05-29 19:52    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2014-05-29 19:52 . 2014-05-29 19:52    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2014-05-29 19:52 . 2014-05-29 19:52    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2014-05-29 19:52 . 2014-05-29 19:52    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2014-05-29 19:52 . 2014-05-29 19:52    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2014-05-29 19:52 . 2014-05-29 19:52    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2014-05-29 19:52 . 2014-05-29 19:52    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2014-05-29 19:52 . 2014-05-29 19:52    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-05-29 19:52 . 2014-05-29 19:52    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-05-21 07:33 . 2014-05-21 07:33    734208    ----a-w-    c:\windows\system32\MetroIntelGenericUIFramework.dll
2014-05-21 07:33 . 2014-05-21 07:33    358912    ----a-w-    c:\windows\system32\IntelOpenCL64.dll
2014-05-21 07:33 . 2014-05-21 07:33    294912    ----a-w-    c:\windows\SysWow64\IntelOpenCL32.dll
2014-05-21 07:33 . 2014-05-21 07:33    278344    ----a-w-    c:\windows\SysWow64\IntelCpHeciSvc.exe
2014-05-21 07:33 . 2014-05-21 07:33    182784    ----a-w-    c:\windows\system32\igfxCoIn_v3621.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44    131248    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44    131248    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44    131248    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-04 6564120]
"Ozbodynevuu"="c:\users\Owner\AppData\Roaming\Subaax\urraf.exe" [2014-07-09 350208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2013-09-16 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-6-7 33322976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 HDHomeRun Service;HDHomeRun Service;c:\program files\Silicondust\HDHomeRun\hdhomerun_service.exe;c:\program files\Silicondust\HDHomeRun\hdhomerun_service.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-29 01:58]
.
2014-07-09 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2555470091-1252776479-657206153-1000.job
- c:\users\Owner\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-09 21:07]
.
2014-07-09 c:\windows\Tasks\Security Center Update - 2748984577.job
- c:\users\Owner\AppData\Roaming\Symyatqa\peudw.exe [2014-06-15 14:50]
.
2014-07-09 c:\windows\Tasks\Security Center Update - 3726803809.job
- c:\users\Owner\AppData\Roaming\Subaax\urraf.exe [2014-07-09 21:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44    164016    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44    164016    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44    164016    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44    164016    ----a-w-    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 4.2.2.1 4.2.2.2 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ghetolx.default-1404404373628\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Vaushu - c:\users\Owner\AppData\Roaming\Arceibv\awdeci.exe
Wow6432Node-HKCU-Run-Ixoxvoti - c:\users\Owner\AppData\Roaming\Obempa\rihelud.exe
Wow6432Node-HKCU-Run-Gauwryi - c:\users\Owner\AppData\Roaming\Ecervo\udyqcam.exe
Wow6432Node-HKCU-Run-Tiuxyr - c:\users\Owner\AppData\Roaming\Uvawun\uqiha.exe
Wow6432Node-HKCU-Run-Diurriiwolduop - c:\users\Owner\AppData\Roaming\Vusypo\bowic.exe
Wow6432Node-HKCU-Run-pumwnidl - c:\users\Owner\AppData\Local\hvseavvt.exe
Wow6432Node-HKCU-Run-okjgfrve - c:\users\Owner\AppData\Local\qqactagt.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-09  14:49:19
ComboFix-quarantined-files.txt  2014-07-09 21:49
.
Pre-Run: 199,068,942,336 bytes free
Post-Run: 198,956,867,584 bytes free
.
- - End Of File - - 391236D002286568BF848DDD3222D6CD
A36C5E4F47E84449FF07ED3517B43A31
 



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 10 July 2014 - 09:47 AM

This is a tedious malware that constantly refreshes itself. So let's not play a cat-and-mouse-game here but kill it offline.
Important: After you've run the scan as follows, don't start your computer into Windows (or the malware will start changing again). Leave it turned off until I give you the fixscript and tell you to start it again.



Move FRST to a flashdrive.To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 03 September 2014 - 06:56 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users