Jump to content


Photo

Help - Unremovable redirection virus in my browsers

redirection browser virus

  • This topic is locked This topic is locked
34 replies to this topic

#1 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 09 July 2013 - 05:49 PM

Help!

 

I'm plagued by a redirection virus in my browsers (Firefox, Chrome and probably others). I see it mainly in Firefox as that's my default browser.

 

Nothing, just nothing can eradicate it (see below).

 

Every so often when I'm doing a Google search or click on a hyperlink the virus redirects me to an unwanted website e.g. I'm researching malware programs. I click on a hyperlink to visit another page on the site I'm in. Next thing I know, rather than going to this page, I'm catapulted into a window on the Norton website that offeris me a special deal on anti-malware software.

 

The point of the virus is to generate revenue for the virus programmer by sending unsuspecting users to commercial websites that will pay whoever send visitors their way.

 

I've tried running standard anti-mailware programs (spybot, malwarebytes, zonealarm, MultiVirus Cleaner) and special virus killers (gmer, OTL, HijackThis, TDSSKiller, HitmanPro, MRT, RootKitRevealer, ComboFix and JRT) all to no avail. The virus stubbornly stays on my computer.

 

Currently I'm using AVG Business Edition as my PC Security Suite. I think the redirection virus slipped in when I was having my computer cleaned up and moving from the Zone Alarm Security Suite to the AVG Business Edition Security Suite.

 

Anyway, I'm at a loss. So fi there is anyone on this site who has any suggestions or who has dealt with this virus or one like it, I sure would like to hear from them.

 

My thanks in advance for whatever help anyone can give me.



#2 Tomk_

Tomk_

    WTT Teacher

  • Trusted Malware Techs
  • 1,094 posts
  • Gender:Male


Posted 09 July 2013 - 10:36 PM

Hi gakerby1983,

:wp:

My name is [color=#0000FF;]Tomk[/color]. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
 


    [*]I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    [*]The fixes are specific to your problem and should only be used for the issues on this machine.
    [*]Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    [*]It's often worth reading through these instructions and printing them for ease of reference.
    [*]If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    [*]Please reply to this thread. Do not start a new topic.
    [/list]

     

     

    Look here and follow the instructions in the first post and post the resultant logs here.



#3 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 10 July 2013 - 09:45 AM

Hi,

 

Thanks for offering your help on this problem. I very much appreciate it.

 

I assume you've read my original posting, so I won't re-describe my computer or operating system, restate the problem or explain the steps I've already taken to try and remove the virus (OTL, GMer, TDSSKiller, MRT, JRT etc).

 

So far as I can tell I've followed the steps needed to start the removal project. So, below, are:

 

a) the output of the DDS program

B) the output of my latest HijackThis run (today)

c) the out from an OTL run that details browser settings. I have highlighted the sections that I think might be relevant to the redirection virus problem using bold, italic and underline. I think the key statement involves the word "greentree" as in the directive for the Firefox browser settings:

 

FF - prefs.js..keyword.URL: "http://search.yahoo....&type=994519&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"

 

Anyway, it's just a suggestion.

 

I have not posted the second output file of the DDS program run as the instructions at the top of this file read:

 

             UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

             IF REQUESTED, ZIP IT UP & ATTACH IT

 

Please let me know if you would like me to post this output either a) as a simple post B) as a zipped file attached to a post. Thanks

 

 

Thanks again for your help. I very much appreciate it.

 

Graham

 

DDS Ouput July 10, 2013

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by GAK at 9:10:40 on 2013-07-10
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2167 [GMT -4:00]
.
AV: AVG Internet Security Business Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security Business Edition 2013 *Enabled*
.
============== Running Processes ================
.
C:Program FilesUSB Safely RemoveUSBSRService.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesSandboxieSbieSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAshampooAshampoo HDD Control 2AHDDC2_Service.exe
C:Program FilesJavajre7binjqs.exe
C:Program FilesCommon FilesMC CommonAMDSrv.exe
C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe
C:Program FilesNetBalancerSeriousBit.NetBalancer.Service.exe
C:Program FilesNuancePaperPortPDFProFiltSrvPP.exe
C:Program FilesPS-Disk Monitoring UtilityHardDiskMonitoringService.exe
c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
C:WINDOWSsystem32locator.exe
C:WINDOWSsystem32SearchIndexer.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe
C:Program FilesProcess Lassoprocesslasso.exe
C:Program FilesProcess LassoProcessGovernor.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesSticky Passwordstpass.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSsystem32CTHELPER.EXE
C:Program FilesSandboxieSbieCtrl.exe
C:Program FilesStart Menu XStartMenuX.exe
C:Program FilesAshampooAshampoo HDD Control 2AHDDC2_Guard.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program Files4t Tray Minimizer4t-min.exe
C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
C:Program FilesChaos Manager 2cm2.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:WINDOWSsystem32svchost.exe -k DcomLaunch
C:WINDOWSsystem32svchost.exe -k rpcss
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:WINDOWSsystem32svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.


mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: AutorunsDisabled - <orphaned>
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:program filesnuancepdfviewerplusbinPlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dll
BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - c:program fileswinzip courierwzwmcie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:program filesjavajre1.6.0_22libdeployjqsiejqs_plugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
mRun: [STARTRIGHT] "c:program filesstartrightStartRight.exe" -go
mRun: [SoundMAXPnP] c:program filesanalog devicescoresmax4pnp.exe
mRunOnce: [STARTRIGHT] "c:program filesstartrightStartRight.exe" -pre
StartupFolder: c:docume~1alluse~1startm~1programsstartupautoru~1adobeg~1.lnk - c:program filescommon filesadobecalibrationAdobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-WindowsSystem: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.




TCP: NameServer = 192.168.0.1
TCP: Interfaces{382AB702-38F6-4784-B97A-37E2BCF6B8EB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces{7F7178A5-E3FE-4146-89AE-F6E85D233AF4} : DHCPNameServer = 192.168.0.1
Handler: AutorunsDisabled - <Clsid value has no data>
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:program fileswindows desktop searchMSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication28.0.1500.71installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:documents and settingsgakapplication datamozillafirefoxprofilesostayg09.default

FF - plugin: c:documents and settingsgakapplication datapixelplanpixelplan o4c viewer web1.2.7npPIXELPLANWebViewer.dll
FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll
FF - plugin: c:program filesdymodymo label softwareframeworknpDYMOLabelFramework.dll
FF - plugin: c:program filesgoogleupdate1.3.21.149npGoogleUpdate3.dll
FF - plugin: c:program filesmicrosoft silverlight5.1.20513.0npctrlui.dll
FF - plugin: c:program filessticky passwordnpSPAutofill.dll
FF - plugin: c:program fileswinzip couriernpwzwmc.dll
FF - plugin: c:windowssystem32macromedflashNPSWF32_11_7_700_224.dll
FF - plugin: c:windowssystem32npdeployJava1.dll
FF - plugin: c:windowssystem32npptools.dll
FF - ExtSQL: 2013-05-20 09:55; SoundFrost@helper.com; c:program filessoundfrostSoundFrost.xpi
FF - ExtSQL: 2013-06-09 13:50; troubleshooter@mozilla.org; c:documents and settingsgakapplication datamozillafirefoxprofilesostayg09.defaultextensionstroubleshooter@mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:windowssystem32driversavgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:windowssystem32driversavglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32driversavgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2013-2-8 39224]
R0 EUBAKUP;EUBAKUP;c:windowssystem32driverseubakup.sys [2013-3-5 50248]
R0 EUBKMON;EUBKMON;c:windowssystem32driversEUBKMON.sys [2013-3-5 40648]
R0 FileLock;FileLock;c:windowssystem32driversFileLock.sys [2012-1-22 35456]
R0 hotcore3;hc3ServiceName;c:windowssystem32drivershotcore3.sys [2011-9-6 57112]
R1 aflfile;AFLFile;c:windowssystem32driversaflfile.sys [2012-11-17 22984]
R1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversavgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:windowssystem32driversavgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2013-3-21 182072]
R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [2013-5-21 37664]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:windowssystem32driversCSN5PDTS82.sys [2012-4-10 28184]
R1 EUDSKACS;EUDSKACS;c:windowssystem32driverseudskacs.sys [2013-3-5 14920]
R1 EUFDDISK;EUFDDISK;c:windowssystem32driversEuFdDisk.sys [2013-3-5 185672]
R1 SafDskNT;SafeHouse;c:windowssystem32driversSafDskNT.sys [2009-12-7 78336]
R1 Uim_Vim;UIM Virtual Image Plugin;c:windowssystem32driversUim_Vim.sys [2012-10-31 283472]
R2 AHDDC2;Ashampoo HDD Control 2 Service;c:program filesashampooashampoo hdd control 2AHDDC2_Service.exe [2013-6-10 1518504]
R2 avgfws;AVG Firewall;c:program filesavgavg2013avgfws.exe [2013-4-10 1428472]
R2 AVGIDSAgent;AVGIDSAgent;c:program filesavgavg2013avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:program filesavgavg2013avgwdsvc.exe [2013-4-18 283136]
R2 MCDefragService;mobile concepts DefragService;c:program filescommon filesmc commonAMDSrv.exe [2011-11-23 5663856]
R2 NetBalancer Windows Service;NetBalancer Windows Service;c:program filesnetbalancerSeriousBit.NetBalancer.Service.exe [2012-2-18 10240]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:program filesnuancepaperportPDFProFiltSrvPP.exe [2010-2-11 144672]
R2 PS-Disk Monitoring Utility;PS-Disk Monitoring Utility;c:program filesps-disk monitoring utilityHardDiskMonitoringService.exe [2008-8-12 53248]
R2 SCRCAMNETDRIVER;ScreenCamera.Net Video Camera;c:windowssystem32driversSCRCAMNETDRIVER.sys [2012-6-28 233096]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:windowssystem32driversthdudf.sys [2012-10-8 66944]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:program filesusb safely removeUSBSRService.exe [2012-1-12 257880]
R3 Avgfwdx;Avgfwdx;c:windowssystem32driversavgfwdx.sys [2012-1-12 30944]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:windowssystem32driversdc3d.sys [2011-9-22 45288]
R3 Nbdrv;NetBalancer Service;c:windowssystem32driversnbdrv.sys [2012-2-18 31016]
R3 RRNetCapMP;RRNetCapMP;c:windowssystem32driversrrnetcap.sys [2012-7-19 31848]
R3 SbieDrv;SbieDrv;c:program filessandboxieSbieDrv.sys [2013-6-17 159208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S3 ampa;ampa;c:windowssystem32ampa.sys [2012-4-28 10936]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:windowssystem32driversApowersoft_AudioDevice.sys [2011-11-4 16640]
S3 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwdx.sys [2012-1-12 30944]
S3 BrYNSvc;BrYNSvc;c:program filesbrowny02BrYNSvc.exe [2013-1-31 245760]
S3 DfSdkS;Defragmentation-Service;c:program filesashampooashampoo hdd control 2DfSdkS.exe [2013-6-10 406016]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:windowssystem32driversDigiartyVirtualCDBus.sys [2011-10-28 163616]
S3 DragonSvc;Dragon Service;c:program filescommon filesnuancedgnsvc.exe [2011-6-4 296808]
S3 epmntdrv;epmntdrv;c:windowssystem32epmntdrv.sys [2012-1-11 13192]
S3 EuGdiDrv;EuGdiDrv;c:windowssystem32EuGdiDrv.sys [2012-1-11 8456]
S3 GladFileMonSvc;GladFileMonSvc;c:program filesnuancenuance cloud connectorGladFileMonSvc.exe [2011-5-9 29552]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:windowssystem32drivershitmanpro37.sys [2013-5-30 30464]
S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-4-22 22856]
S3 RRNetCap;RRNetCap Service;c:windowssystem32driversrrnetcap.sys [2012-7-19 31848]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:program filessisoftwaresisoftware sandra personal 2012.sp5cRpcAgentSrv.exe [2012-9-23 68760]
S3 SpeedBoosterSvc;AppBooster 2.0 Service;c:program filescommon filesmc commonBoostService.exe [2011-11-23 2236528]
S3 wimmount;wimmount;c:windowssystem32driverswimmount.sys [2012-9-30 19024]
S3 WinRM;Windows Remote Management (WS-Management);c:windowssystem32svchost.exe -k WINRM [2004-8-3 14336]
S3 WISOVD;WISOVD;c:program fileswiniso computingwinisobindriverWISOVD_xp.sys [2012-3-21 4992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504]
S4 ADExchange;ArcSoft Exchange Service;c:program filescommon filesarcsoftesinterbineservutil.exe [2011-10-25 37280]
S4 AdvancedSystemCareService;Advanced SystemCare Service;c:program filesiobitadvanced systemcare 4ASCService.exe [2011-10-27 328536]
S4 ctm;Convar task manager;c:program filesconvartaskmanagerctm.exe [2011-11-23 98304]
S4 DymoPnpService;DYMO PnP Service;c:program filesdymodymo label softwareDymoPnpService.exe [2012-10-9 32368]
S4 EaseUS Agent;EaseUS Agent Service;c:program fileseaseustodo backupbinAgent.exe [2013-5-23 68168]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:program filesepsonepsoncustomerparticipationEPCP.exe [2012-5-10 539744]
S4 EpsonScanSvc;Epson Scanner Service;c:windowssystem32escsvc.exe [2013-3-10 122000]
S4 FLService;FLService;c:program filesidoofile encryptionFLService.exe [2012-1-22 86016]
S4 GSService;GSService;c:windowssystem32GSService.exe [2012-7-17 252416]
S4 Guard Agent;Guard Agent Service;c:program fileseaseustodo backupbinGuardAgent.exe [2013-5-23 23624]
S4 MBAMScheduler;MBAMScheduler;c:program filesmalwarebytes' anti-malwarembamscheduler.exe [2012-9-11 418376]
S4 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2011-4-22 701512]
S4 ocster_1clk_backup;Ocster 1-Click Backup;c:program filesocster 1-click backupbinbackupService-ox1c.exe [2013-5-5 20656]
S4 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2012-7-13 160944]
S4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:program filescommon filesavg secure searchvtoolbarupdater15.2.0toolbarupdater.exe --> c:program filescommon filesavg secure searchvtoolbarupdater15.2.0ToolbarUpdater.exe [?]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
ShellExec: LightningViewer.exe: View="c:program filescorelwordperfect lightningprogramsLightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-07-09 20:45:00    --------    d-----w-    c:program filesBatchInpaint
2013-07-06 13:47:22    94632    ----a-w-    c:windowssystem32WindowsAccessBridge.dll
2013-06-17 17:12:05    --------    d-----w-    c:program filesAnvisoft
2013-06-14 10:33:22    --------    d-----w-    C:_OTL
2013-06-13 22:38:50    --------    d--h--w-    c:windowsPIF
2013-06-13 21:23:22    --------    d-----w-    c:windowsAllMedia Grabber
2013-06-13 21:23:22    --------    d-----w-    c:program filesAllMedia Grabber
2013-06-12 22:46:56    --------    d-----w-    c:documents and settingsgakapplication dataAVG2013
2013-06-12 22:44:48    --------    d--h--w-    C:$AVG
2013-06-12 22:44:47    --------    d-----w-    c:documents and settingsall usersapplication dataAVG2013
2013-06-12 22:39:40    --------    d-----w-    c:documents and settingsgaklocal settingsapplication dataAvg2013
2013-06-12 19:44:11    --------    d-----w-    c:documents and settingsgakapplication dataVuze Remote
.
==================== Find3M  ====================
.
2013-07-08 21:16:18    0    ----a-w-    c:windowsFileLock.bin
2013-07-06 13:47:03    867240    ----a-w-    c:windowssystem32npdeployJava1.dll
2013-07-06 13:47:03    789416    ----a-w-    c:windowssystem32deployJava1.dll
2013-07-06 13:47:03    144896    ----a-w-    c:windowssystem32javacpl.cpl
2013-06-12 17:11:15    71048    ----a-w-    c:windowssystem32FlashPlayerCPLApp.cpl
2013-06-12 17:11:15    692104    ----a-w-    c:windowssystem32FlashPlayerApp.exe
2013-05-30 10:20:41    30464    ----a-w-    c:windowssystem32drivershitmanpro37.sys
2013-05-24 21:14:21    19504    ------w-    c:windowssystem32driversvmdebug.sys
2013-05-24 21:14:19    54960    ------w-    c:windowssystem32driversvmci.sys
2013-05-24 21:14:16    35328    ----a-w-    c:windowssystem32driverspcntpci5.sys
2013-05-24 21:14:14    10624    ----a-w-    c:windowssystem32driversgameenum.sys
2013-05-24 21:14:12    40704    ----a-w-    c:windowssystem32driverses1371mp.sys
2013-05-24 21:14:09    10240    ----a-w-    c:windowssystem32driverscompbatt.sys
2013-05-24 21:14:07    13952    ----a-w-    c:windowssystem32driverscmbatt.sys
2013-05-24 21:14:05    14208    ----a-w-    c:windowssystem32driversbattc.sys
2013-05-22 17:21:49    37664    ------w-    c:windowssystem32driversavgtpx86.sys
2013-05-16 03:32:44    51976    ----a-w-    c:windowsAUDBootDefrag.exe
2013-05-07 22:30:06    920064    ----a-w-    c:windowssystem32wininet.dll
2013-05-07 22:30:05    43520    ------w-    c:windowssystem32licmgr10.dll
2013-05-07 22:30:05    1469440    ------w-    c:windowssystem32inetcpl.cpl
2013-05-07 21:53:29    385024    ------w-    c:windowssystem32html.iec
2013-05-03 01:30:20    2149888    ----a-w-    c:windowssystem32ntoskrnl.exe
2013-05-03 00:38:17    2028544    ----a-w-    c:windowssystem32ntkrnlpa.exe
2013-03-27 18:49:08    848    ------w-    c:program filesSystem Restore Daily Backup.vbs
2012-10-07 09:43:55    6733824    ------w-    c:program filesAllMySongsDatabase.exe
2012-05-11 19:16:16    171520    ------w-    c:program filescommon filesdsfOggDemux2.dll
2011-04-19 03:51:20    653136    ------w-    c:program filescommon filesMSVCR90.dll
2011-04-19 03:51:20    569680    ------w-    c:program filescommon filesMSVCP90.dll
2011-01-12 07:00:44    30208    ------w-    c:program filescommon fileswmpinfo.dll
2011-01-12 07:00:42    240128    ------w-    c:program filescommon filesdsfVorbisDecoder.dll
2011-01-12 07:00:42    146944    ------w-    c:program filescommon filesdsfFLACDecoder.dll
2011-01-12 07:00:40    221184    ------w-    c:program filescommon filesdsfFLACEncoder.dll
2011-01-12 07:00:40    204800    ------w-    c:program filescommon filesdsfNativeFLACSource.dll
2010-12-17 02:39:36    302592    ------w-    c:program filescommon fileswebmmux.dll
2010-12-17 02:39:16    701440    ------w-    c:program filescommon filesvp8encoder.dll
2010-12-17 02:39:16    412672    ------w-    c:program filescommon filesvp8decoder.dll
2010-12-17 02:39:14    292352    ------w-    c:program filescommon fileswebmsplit.dll
2007-11-19 19:10:28    1937408    ------w-    c:program filesFreeImage.dll
2004-02-28 19:05:12    266240    ------w-    c:program filesvbalTreeView6.ocx
2004-01-21 22:35:36    40960    ------w-    c:program filesSSubTmr6.dll
2003-04-01 13:35:16    122880    ------w-    c:program filescPopMenu6.ocx
.
============= FINISH:  9:11:47.51 ===============
 

Hijack this Ouput July 10, 2013

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:23:43 AM, on 7/10/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:PROGRA~1AVGAVG2013avgrsx.exe
C:Program FilesAVGAVG2013avgcsrvx.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:Program FilesUSB Safely RemoveUSBSRService.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSandboxieSbieSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAshampooAshampoo HDD Control 2AHDDC2_Service.exe
C:Program FilesAVGAVG2013avgfws.exe
C:Program FilesAVGAVG2013avgidsagent.exe
C:Program FilesAVGAVG2013avgwdsvc.exe
C:Program FilesJavajre7binjqs.exe
C:Program FilesCommon FilesMC CommonAMDSrv.exe
C:Program FilesAVGAVG2013avgnsx.exe
C:Program FilesAVGAVG2013avgemcx.exe
C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe
C:Program FilesNetBalancerSeriousBit.NetBalancer.Service.exe
C:Program FilesNuancePaperPortPDFProFiltSrvPP.exe
C:Program FilesPS-Disk Monitoring UtilityHardDiskMonitoringService.exe
c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
C:WINDOWSsystem32locator.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32SearchIndexer.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesAVGAVG2013avgcsrvx.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe
C:Program FilesProcess Lassoprocesslasso.exe
C:Program FilesProcess LassoProcessGovernor.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesSticky Passwordstpass.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSsystem32CTHELPER.EXE
C:Program FilesSandboxieSbieCtrl.exe
C:Program FilesStart Menu XStartMenuX.exe
C:Program FilesAVGAVG2013avgui.exe
C:Program FilesAshampooAshampoo HDD Control 2AHDDC2_Guard.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program Files4t Tray Minimizer4t-min.exe
C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
C:Program FilesChaos Manager 2cm2.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft OfficeOFFICE12EXCEL.EXE
C:WINDOWSsystem32NOTEPAD.EXE
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesHijack ThisTrend MicroHiJackThisHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:Program FilesNuancePDFViewerPlusBinPlusIEContextMenu.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll
O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:PROGRA~1WINZIP~1wzwmcie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre1.6.0_22libdeployjqsiejqs_plugin.dll
O4 - HKLM..Run: [STARTRIGHT] "C:Program FilesStartRightStartRight.exe" -go
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..RunOnce: [STARTRIGHT] "C:Program FilesStartRightStartRight.exe" -pre
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - S-1-5-18 Startup: CodeStuff Starter (User 'SYSTEM')
O4 - .DEFAULT Startup: CodeStuff Starter (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:Program FilesAdobeAdobe Version Cue CS2binVersionCueCS2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) - Unknown owner - C:Program FilesAshampooAshampoo HDD Control 2AHDDC2_Service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG2013avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG2013avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG2013avgwdsvc.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:Program FilesBrowny02BrYNSvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:Program FilesAshampooAshampoo HDD Control 2DfSdkS.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:Program FilesCommon FilesNuancedgnsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: GladFileMonSvc - Gladinet, INC - C:Program FilesNuanceNuance Cloud ConnectorGladFileMonSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:Program FilesJavajre7binjqs.exe
O23 - Service: mobile concepts DefragService (MCDefragService) - mobile concepts - C:Program FilesCommon FilesMC CommonAMDSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
O23 - Service: NetBalancer Windows Service - SeriousBit - C:Program FilesNetBalancerSeriousBit.NetBalancer.Service.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:Program FilesNuancePaperPortPDFProFiltSrvPP.exe
O23 - Service: PS-Disk Monitoring Utility - Unknown owner - C:Program FilesPS-Disk Monitoring UtilityHardDiskMonitoringService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cRpcAgentSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:Program FilesSandboxieSbieSvc.exe
O23 - Service: AppBooster 2.0 Service (SpeedBoosterSvc) - mobile concepts - C:Program FilesCommon FilesMC CommonBoostService.exe
O23 - Service: stllssvr - Unknown owner - C:Program FilesCommon FilesSureThing Sharedstllssvr.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:Program FilesUSB Safely RemoveUSBSRService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 9656 bytes
 

Part of the Output of an OTL Run detailing Browser Settings

 

========== Internet Explorer ==========

 

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com

IE - HKLM..URLSearchHook:  - No CLSID value found

IE - HKLM..SearchScopes,DefaultScope =

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

 

IE - HKU.DEFAULT..SearchScopes,DefaultScope =

IE - HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

IE - HKUS-1-5-18..SearchScopes,DefaultScope =

IE - HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

IE - HKUS-1-5-19..SearchScopes,DefaultScope =

 

IE - HKUS-1-5-20..SearchScopes,DefaultScope =

 

IE - HKUS-1-5-21-1606980848-2052111302-839522115-1003SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com

IE - HKUS-1-5-21-1606980848-2052111302-839522115-1003..SearchScopes,DefaultScope =

IE - HKUS-1-5-21-1606980848-2052111302-839522115-1003..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKUS-1-5-21-1606980848-2052111302-839522115-1003..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKUS-1-5-21-1606980848-2052111302-839522115-1003..SearchScopes{81675A2E-6191-4130-A937-F55A88BDA63F}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

IE - HKUS-1-5-21-1606980848-2052111302-839522115-1003SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://search.yahoo....r=spigot-yhp-ff"

FF - prefs.js..extensions.enabledAddons: SoundFrost@helper.com:3.7.0

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..keyword.URL: "http://search.yahoo....&type=994519&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"

FF - prefs.js..browser.startup.homepage: "http://search.yahoo....r=spigot-yhp-ff"

FF - user.js - File not found

 

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32_11_7_700_224.dll ()

FF - HKLMSoftwareMozillaPlugins@dymo.com/DymoLabelFramework: C:Program FilesDYMODYMO Label SoftwareFrameworknpDYMOLabelFramework.dll ( Sanford L.P.)

FF - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.21.2: C:WINDOWSsystem32npDeployJava1.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.21.2: C:Program FilesJavajre7binMsiExec.exenpjp2.dll File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight5.1.20125.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2061: C:Program FilesRealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=1.0.2.2122: C:Program FilesRealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1059: C:Program FilesRealRealPlayerNetscape6nprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.145npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.145npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.6: C:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)

FF - HKLMSoftwareMozillaPlugins@winzip.com/Winzip Courier: C:Program FilesWinZip Couriernpwzwmc.dll (WinZip Computing, S.L.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@stickypassword.com/Sticky Password: C:Program FilesSticky PasswordnpspAutofill.dll (Lamantine Software a.s.)

FF - HKCUSoftwareMozillaPluginsen.pixelplan.pl/PIXELPLANWebViewer: C:Documents and SettingsGAKApplication DataPixelplanPixelplan O4C Viewer Web1.2.7npPIXELPLANWebViewer.dll (Pixelplan S.C.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program FilesAVGAVG2012Firefox4

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{9193F654-D886-4fef-8894-A97EF6623104}: C:Program FilesWondershareAllMyTubeSVRFirefoxExt

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 21.0extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2013/06/07 10:06:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 21.0extensionsPlugins: C:Program FilesMozilla Firefoxplugins

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{54affe52-8223-453b-be1e-2fe2e250045c}: C:Documents and SettingsGAKApplication DataLamantineSticky PasswordspAutofill [2013/05/24 17:37:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsCaptureSaver@goldgingko.com: C:Program FilesCaptureSaverFirefox [2013/03/19 15:31:15 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsSoundFrost@helper.com: C:Program FilesSoundFrostSoundFrost.xpi [2013/05/20 09:55:10 | 000,038,116 | ---- | M] ()

 

[2011/12/21 12:30:51 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsGAKApplication DataMozillaExtensions

[2013/06/14 17:50:38 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofileshz32imv0.defaultextensions

[2013/06/14 17:50:38 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesnmk1y36l.defaultextensions

[2013/06/16 16:27:57 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions

[2013/05/08 08:14:58 | 000,000,000 | ---D | M] (FireShot) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2013/04/27 05:34:30 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}

[2013/01/03 14:27:50 | 000,000,000 | ---D | M] (FEBE) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

[2013/04/08 09:05:49 | 000,000,000 | ---D | M] (Memory Fox) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

[2013/06/08 06:04:52 | 000,000,000 | ---D | M] (TooManyTabs) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensionsTooManyTabs@visibotech.com

[2013/06/09 13:50:16 | 000,011,571 | ---- | M] () (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensionstroubleshooter@mozilla.org.xpi

[2012/03/24 09:39:00 | 000,049,303 | ---- | M] () (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi

[2011/12/21 14:18:44 | 000,020,995 | ---- | M] () (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{8a8c1ada-2504-45c6-a2d2-265591abbd00}.xpi

[2013/06/07 20:35:02 | 000,870,680 | ---- | M] () (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2008/11/17 18:14:06 | 000,001,362 | ---- | M] () (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{4BBDD651-70CF-4821-84F8-2B918CF89CA3}chromeskinxpinstallItemGeneric.png

[2013/06/07 09:46:34 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions

[2012/07/01 12:03:44 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/09/08 16:03:48 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/06/07 10:06:20 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxbrowserextensions

[2013/06/07 10:06:20 | 000,000,000 | ---D | M] (Default) -- C:Program FilesMozilla Firefoxbrowserextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/05/20 09:55:10 | 000,038,116 | ---- | M] () (No name found) -- C:PROGRAM FILESSOUNDFROSTSOUNDFROST.XPI

 

========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - homepage: http://search.yahoo....r=spigot-yhp-ch

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - homepage: http://search.yahoo....r=spigot-yhp-ch

CHR - Extension: No name found = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.20_0

CHR - Extension: No name found = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfhdcahhbjlmpbdcjnbhcobdaeieomgop6.0.10.445

CHR - Extension: No name found = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionshbcennhacfaagdopikcegfcobcadeocj1.0_0

CHR - Extension: No name found = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsicdlfehblmklkikfigmjhbmmpmkmpooj1.1_0

CHR - Extension: No name found = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsilckobikkmajlmhhdenkhonjkoaneclk3.0.2_0

CHR - Extension: No name found = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionskikglikieapkdofgcaifhkgmkclbamcm3.7.0_0

CHR - Extension: No name found = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.6.0.8153_0

CHR - Extension: No name found = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsmhkaekfpcppmmioggniknbnbdbcigpkk2.4_0

CHR - Extension: No name found = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspfndaklgolladniicklehhancnlgocpp1.0_0

CHR - Extension: No name found = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_1



#4 Tomk_

Tomk_

    WTT Teacher

  • Trusted Malware Techs
  • 1,094 posts
  • Gender:Male


Posted 10 July 2013 - 12:28 PM

gakerby1983,

 

I did, in fact, read your initial post.  I understand that you have ran every program you could think of and that I will probably be asking you to re-run some of them.

 

First off... you have multiple Anti-virus programs running.  This is a problem.  They will interfere with each other and keep either one from doing an effective job.  Please uninstall either Microsoft Security Essentials or AVG Internet Security.

 

After you have done that and rebooted your system, I'd like you to run combofix again.  I realize that you have already ran it... but I need you to delete the copy that you have and start again following these instructions.

 

Download ComboFix from here:  http://download.blee...Bs/ComboFix.exe

[color=#800080;]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/color]

 


    [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 
     
    [*]Double click on ComboFix.exe & follow the prompts.
     
    [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
    [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    [/list]

    [color=#0000FF;]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color]


    Posted Image

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you.  Please include the C:ComboFix.txt in your next reply.


    Notes:

    1. [color=#FF0000;]Do not mouse-click Combofix's window while it is running. That may cause it to stall.[/color]
    2. [color=#0000FF;]Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.[/color]
    3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

     



#5 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 10 July 2013 - 01:58 PM

I have no problem running combofix, gmer, jrt, mrt etc again.

 

Below is the combofix log

 

So far as I could tell I managed to temporarily disable my AVG Business Edition security program.

 

However, I'm mystified to learn I have Microsoft Security Essential (MSE) running on my system. I did once have MSE on my system, but so far as I can remember I deleted it with Revo Uninstaller. So all traces of it should have disappeared. I've searched for MSE in both Revo and the Windows Control Panel Add/Remove facility. I assume it would be listed as "Microsoft Security Essentials". No such program is listed by either Revo or the Add/Remove facility. I couldn't find it in Task Manager either.

 

So I've no idea what the various scanning programs I've run are referring to when they report that I have MSE running (Combofix also reported I had MSE running).

 

Do you have any ideas about this or where I should try looking for MSE?

 

Hopefully, we're ready for the next step.

 

ComboFix 13-07-09.01 - GAK 07/10/2013  14:28:20.5.2 - x86 Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2448 [GMT -4:00] Running from: c:documents and settingsGAKDesktopComboFix.exe AV: AVG Internet Security Business Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: AVG Internet Security Business Edition 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAll UsersApplication DataTEMP c:documents and settingsGAKLocal SettingsApplication Dataassemblytmp . . (((((((((((((((((((((((((   Files Created from 2013-06-10 to 2013-07-10  ))))))))))))))))))))))))))))))) . . 2013-07-10 18:10 . 2013-07-10 18:10    --------    d-----w-    c:program filesComboFix 2013-07-09 20:45 . 2013-07-09 20:45    --------    d-----w-    c:program filesBatchInpaint 2013-07-06 13:47 . 2013-07-06 13:47    94632    ----a-w-    c:windowssystem32WindowsAccessBridge.dll 2013-06-17 17:12 . 2013-06-17 17:12    --------    d-----w-    c:program filesAnvisoft 2013-06-14 10:33 . 2013-06-14 10:33    --------    d-----w-    C:_OTL 2013-06-13 22:38 . 2013-06-13 22:38    --------    d--h--w-    c:windowsPIF 2013-06-13 21:23 . 2013-06-13 21:25    --------    d-----w-    c:program filesAllMedia Grabber 2013-06-13 21:23 . 2013-06-13 21:24    --------    d-----w-    c:windowsAllMedia Grabber 2013-06-12 22:51 . 2013-06-12 22:51    --------    d-----w-    c:documents and settingsNetworkServiceLocal SettingsApplication DataAvg2013 2013-06-12 22:46 . 2013-06-12 22:46    --------    d-----w-    c:documents and settingsGAKApplication DataAVG2013 2013-06-12 22:46 . 2013-06-12 22:46    --------    d-----w-    c:windowssystem32configsystemprofileApplication DataAVG2013 2013-06-12 22:46 . 2013-06-12 22:46    --------    d-----w-    c:documents and settingsLocalServiceLocal SettingsApplication DataAvg2013 2013-06-12 22:44 . 2013-06-12 22:44    --------    d-----w-    C:$AVG 2013-06-12 22:44 . 2013-06-12 22:46    --------    d-----w-    c:documents and settingsAll UsersApplication DataAVG2013 2013-06-12 22:39 . 2013-06-13 10:02    --------    d-----w-    c:documents and settingsGAKLocal SettingsApplication DataAvg2013 2013-06-12 19:44 . 2013-06-12 19:44    --------    d-----w-    c:documents and settingsGAKApplication DataVuze Remote . . . ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-06 13:47 . 2012-04-29 20:53    867240    ----a-w-    c:windowssystem32npdeployJava1.dll 2013-07-06 13:47 . 2011-08-10 01:51    789416    ----a-w-    c:windowssystem32deployJava1.dll 2013-07-06 13:47 . 2011-08-10 01:51    144896    ----a-w-    c:windowssystem32javacpl.cpl 2013-06-12 17:11 . 2012-04-14 13:18    692104    ----a-w-    c:windowssystem32FlashPlayerApp.exe 2013-06-12 17:11 . 2011-12-16 02:33    71048    ----a-w-    c:windowssystem32FlashPlayerCPLApp.cpl 2013-05-30 10:20 . 2013-05-30 10:20    30464    ----a-w-    c:windowssystem32drivershitmanpro37.sys 2013-05-29 18:41 . 2013-05-29 18:41    388096    ----a-r-    c:documents and settingsGAKApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2013-05-24 21:14 . 2013-05-24 21:14    19504    ------w-    c:windowssystem32driversvmdebug.sys 2013-05-24 21:14 . 2013-05-24 21:14    54960    ------w-    c:windowssystem32driversvmci.sys 2013-05-24 21:14 . 2013-05-24 21:14    35328    ----a-w-    c:windowssystem32driverspcntpci5.sys 2013-05-24 21:14 . 2013-05-24 21:14    10624    ----a-w-    c:windowssystem32driversgameenum.sys 2013-05-24 21:14 . 2013-05-24 21:14    40704    ----a-w-    c:windowssystem32driverses1371mp.sys 2013-05-24 21:14 . 2013-05-24 21:14    10240    ----a-w-    c:windowssystem32driverscompbatt.sys 2013-05-24 21:14 . 2013-05-24 21:14    13952    ----a-w-    c:windowssystem32driverscmbatt.sys 2013-05-24 21:14 . 2013-05-24 21:14    14208    ----a-w-    c:windowssystem32driversbattc.sys 2013-05-24 20:49 . 2013-05-24 20:59    16205390    ------w-    c:documents and settingsDLLSuite_Setup_2013.exe 2013-05-24 20:48 . 2013-05-24 21:09    105472    ------w-    c:documents and settingsHAL.DLL 2013-05-22 17:21 . 2013-05-21 21:55    37664    ------w-    c:windowssystem32driversavgtpx86.sys 2013-05-16 03:32 . 2013-05-16 03:32    51976    ----a-w-    c:windowsAUDBootDefrag.exe 2013-05-07 22:30 . 2004-08-04 00:56    920064    ----a-w-    c:windowssystem32wininet.dll 2013-05-07 22:30 . 2004-08-04 00:56    1469440    ------w-    c:windowssystem32inetcpl.cpl 2013-05-07 22:30 . 2004-08-04 00:56    43520    ------w-    c:windowssystem32licmgr10.dll 2013-05-07 21:53 . 2004-08-03 22:59    385024    ------w-    c:windowssystem32html.iec 2013-05-03 01:30 . 2004-08-03 23:20    2149888    ----a-w-    c:windowssystem32ntoskrnl.exe 2013-05-03 00:38 . 2004-08-03 22:59    2028544    ----a-w-    c:windowssystem32ntkrnlpa.exe 2013-03-27 18:49 . 2013-03-27 18:49    848    ------w-    c:program filesSystem Restore Daily Backup.vbs 2012-10-07 09:43 . 2012-10-07 09:16    6733824    ------w-    c:program filesAllMySongsDatabase.exe 2012-05-11 19:16 . 2012-05-11 19:16    171520    ------w-    c:program filesCommon FilesdsfOggDemux2.dll 2011-04-19 03:51 . 2011-04-19 03:51    653136    ------w-    c:program filesCommon FilesMSVCR90.dll 2011-04-19 03:51 . 2011-04-19 03:51    569680    ------w-    c:program filesCommon FilesMSVCP90.dll 2011-01-12 07:00 . 2011-01-12 07:00    30208    ------w-    c:program filesCommon Fileswmpinfo.dll 2011-01-12 07:00 . 2011-01-12 07:00    240128    ------w-    c:program filesCommon FilesdsfVorbisDecoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    146944    ------w-    c:program filesCommon FilesdsfFLACDecoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    221184    ------w-    c:program filesCommon FilesdsfFLACEncoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    204800    ------w-    c:program filesCommon FilesdsfNativeFLACSource.dll 2010-12-17 02:39 . 2010-12-17 02:39    302592    ------w-    c:program filesCommon Fileswebmmux.dll 2010-12-17 02:39 . 2010-12-17 02:39    701440    ------w-    c:program filesCommon Filesvp8encoder.dll 2010-12-17 02:39 . 2010-12-17 02:39    412672    ------w-    c:program filesCommon Filesvp8decoder.dll 2010-12-17 02:39 . 2010-12-17 02:39    292352    ------w-    c:program filesCommon Fileswebmsplit.dll 2007-11-19 19:10 . 2012-10-07 09:16    1937408    ------w-    c:program filesFreeImage.dll 2004-02-28 19:05 . 2011-05-18 22:56    266240    ------w-    c:program filesvbalTreeView6.ocx 2004-01-21 22:35 . 2011-05-18 22:56    40960    ------w-    c:program filesSSubTmr6.dll 2003-04-01 13:35 . 2011-05-18 22:56    122880    ------w-    c:program filescPopMenu6.ocx . . (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersGladinetIconOverlay] @="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}" [HKEY_CLASSES_ROOTCLSID{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}] 2011-05-09 12:10    194416    ------w-    c:program filesNuanceNuance Cloud ConnectorGlOverlayIcon.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersGladinetUploading] @="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}" [HKEY_CLASSES_ROOTCLSID{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}] 2011-05-09 12:13    194416    ------w-    c:program filesNuanceNuance Cloud ConnectorGlOverlayIconU.dll . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "STARTRIGHT"="c:program filesStartRightStartRight.exe" [2007-01-30 781824] "SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2004-10-14 1404928] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce] "STARTRIGHT"="c:program filesStartRightStartRight.exe" [2007-01-30 781824] . c:documents and settingsGAKStart MenuProgramsStartupCodeStuff Starter CodeStuff - Website.url [2011-8-24 54] Starter.lnk - c:program filesCodeStuffStarterStarter.exe [2009-5-17 485888] Uninstall Starter.lnk - c:program filesCodeStuffStarterunStarter.exe [2011-8-24 59740] . c:documents and settingsAdministrator.YOUR-70FEC468DEStart MenuProgramsStartup Chaos Manager loader.lnk - c:program filesChaos Manager 2cm2.exe [2011-7-30 1881600] . c:documents and settingsAll UsersStart MenuProgramsStartupAutorunsDisabled Adobe Gamma.lnk - c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) . [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute    REG_MULTI_SZ       autocheck autochk *0c:progra~1AVGAVG2013avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys] @="Driver" . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] backup=c:windowspssAdobe Acrobat Synchronizer.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:windowspssAdobe Gamma.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^iFinger 2.0.lnk] backup=c:windowspssiFinger 2.0.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk] backup=c:windowspssInterVideo Scheduler server.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] backup=c:windowspssInterVideo WinCinema Manager.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk] backup=c:windowspssNuance Cloud Connector.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^GAK^Desktop^Startup^Launch WhiteSmoke.lnk] backup=c:windowspssLaunch WhiteSmoke.lnkStartup . [HKLM~startupfolderC:^Shortcuts^Startup^Chaos Manager loader.lnk] backup=c:windowspssChaos Manager loader.lnkStartup . [HKLM~startupfolderC:^Shortcuts^Startup^Spartan.lnk] backup=c:windowspssSpartan.lnkStartup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAVG_UI] 2013-04-29 04:58    4408368    ----a-w-    c:program filesAVGAVG2013avgui.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2008-04-14 00:12    15360    ----a-w-    c:windowssystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTARTRIGHT] 2007-01-30 01:51    781824    ------w-    c:program filesStartRightStartRight.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTakeYourBreak 1.0] 2006-05-09 06:37    5467648    ------w-    c:program filesTakeYourBreakTakeYourBreak.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices] "WMService"=2 (0x2) "avast! Antivirus"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) "RapportMgmtService"=2 (0x2) "MBAMService"=2 (0x2) "MBAMScheduler"=2 (0x2) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "EnableFirewall"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "c:Program FilesAdobeAdobe Version Cue CS2binVersionCueCS2.exe"= "%windir%Network Diagnosticxpnetdiag.exe"= "c:Program FilesNuanceOmniPage18OmniPage18.exe"= "c:Program FilesNuanceOmniPage18PPMV.exe"= "c:Program FilesNuanceOmniPage18EregEreg.exe"= "c:Program FilesNuanceNuance Cloud ConnectorGladinetClient.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvr.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvr2003.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvrXP32.exe"= "c:Program FilesICQ7.5ICQ.exe"= "c:Program Filesbackburner 2monitor.exe"= "c:Program Filesbackburner 2manager.exe"= "c:Program Filesbackburner 2server.exe"= "c:WINDOWSsystem32SUPDSvc.exe"= "c:Program FilesIBMSPSSStatistics19stats.com"= "c:Program FilesIBMSPSSStatistics19WinWrapIDE.exe"= "c:Program FilesIBMSPSSStatistics19stats.exe"= "c:Program FilesOperaopera.exe"= "c:Program FilesAVGAVG2012avgmfapx.exe"= "c:Program FilesMicrosoft OfficeOFFICE12OUTLOOK.EXE"= "c:WINDOWSsystem32dpvsetup.exe"= "c:Program FilesSkypePhoneSkype.exe"= "c:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cRpcAgentSrv.exe"= "c:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cWNt500x86RpcSandraSrv.exe"= "c:Program FilesRoboTaskRoboTask.exe"= "c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"= "c:Program FilesEPSON SoftwareEvent ManagerEEventManager.exe"= "c:Documents and SettingsGAKApplication DataSpotifyspotify.exe"= "c:Program FilesLeawoLeawo Blu-ray PlayerLeawo Blu-ray Player.exe"= "c:Program FilesEASEUSTodo BackupbinAgent.exe"= "c:Program FilesEASEUSTodo BackupbinTbService.exe"= "c:Program FilesEASEUSTodo BackupbinTBConsoleUI.exe"= "c:WINDOWSsystem32mmc.exe"= "c:Program FilesVuzeAzureus.exe"= "c:Program FilesAVGAVG2013avgnsx.exe"= "c:Program FilesAVGAVG2013avgdiagex.exe"= "c:Program FilesAVGAVG2013avgmfapx.exe"= "c:Program FilesAVGAVG2013avgwdsvc.exe"= "c:Program FilesAVGAVG2013avgemcx.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "51001:TCP"= 51001:TCP:Dragon Smart Phone Server "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 AVGIDSHX;AVGIDSHX;c:windowssystem32driversavgidshx.sys [2/8/2013 4:37 AM 60216] R0 Avglogx;AVG Logging Driver;c:windowssystem32driversavglogx.sys [2/8/2013 4:37 AM 245048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2/8/2013 4:37 AM 39224] R0 EUBAKUP;EUBAKUP;c:windowssystem32driverseubakup.sys [3/5/2013 8:57 PM 50248] R0 EUBKMON;EUBKMON;c:windowssystem32driversEUBKMON.sys [3/5/2013 8:57 PM 40648] R0 FileLock;FileLock;c:windowssystem32driversFileLock.sys [1/22/2012 12:51 PM 35456] R0 hotcore3;hc3ServiceName;c:windowssystem32drivershotcore3.sys [9/6/2011 4:27 PM 57112] R1 aflfile;AFLFile;c:windowssystem32driversaflfile.sys [11/17/2012 9:15 PM 22984] R1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversavgidsdriverx.sys [3/29/2013 2:53 AM 208184] R1 AVGIDSShim;AVGIDSShim;c:windowssystem32driversavgidsshimx.sys [3/1/2013 10:32 AM 22328] R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2/8/2013 4:37 AM 170808] R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [3/21/2013 3:08 AM 182072] R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [5/21/2013 5:55 PM 37664] R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:windowssystem32driversCSN5PDTS82.sys [4/10/2012 4:58 PM 28184] R1 EUDSKACS;EUDSKACS;c:windowssystem32driverseudskacs.sys [3/5/2013 8:57 PM 14920] R1 EUFDDISK;EUFDDISK;c:windowssystem32driversEuFdDisk.sys [3/5/2013 8:57 PM 185672] R1 SafDskNT;SafeHouse;c:windowssystem32driversSafDskNT.sys [12/7/2009 8:12 PM 78336] R1 Uim_Vim;UIM Virtual Image Plugin;c:windowssystem32driversUim_Vim.sys [10/31/2012 2:17 PM 283472] R2 AHDDC2;Ashampoo HDD Control 2 Service;c:program filesAshampooAshampoo HDD Control 2AHDDC2_Service.exe [6/10/2013 8:02 AM 1518504] R2 avgwd;AVG WatchDog;c:program filesAVGAVG2013avgwdsvc.exe [4/18/2013 4:34 AM 283136] R2 MCDefragService;mobile concepts DefragService;c:program filesCommon FilesMC CommonAMDSrv.exe [11/23/2011 5:18 PM 5663856] R2 NetBalancer Windows Service;NetBalancer Windows Service;c:program filesNetBalancerSeriousBit.NetBalancer.Service.exe [2/18/2012 7:34 AM 10240] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:program filesNuancePaperPortPDFProFiltSrvPP.exe [2/11/2010 2:30 AM 144672] R2 PS-Disk Monitoring Utility;PS-Disk Monitoring Utility;c:program filesPS-Disk Monitoring UtilityHardDiskMonitoringService.exe [8/12/2008 5:04 PM 53248] R2 SCRCAMNETDRIVER;ScreenCamera.Net Video Camera;c:windowssystem32driversSCRCAMNETDRIVER.sys [6/28/2012 8:41 AM 233096] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:windowssystem32driversthdudf.sys [10/8/2012 12:26 PM 66944] R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:program filesUSB Safely RemoveUSBSRService.exe [1/12/2012 6:59 PM 257880] R3 Avgfwdx;Avgfwdx;c:windowssystem32driversavgfwdx.sys [1/12/2012 7:52 PM 30944] R3 dc3d;MS Hardware Device Detection Driver (USB);c:windowssystem32driversdc3d.sys [9/22/2011 10:02 PM 45288] R3 Nbdrv;NetBalancer Service;c:windowssystem32driversnbdrv.sys [2/18/2012 7:34 AM 31016] R3 pcouffin;VSO Software pcouffin;c:windowssystem32driverspcouffin.sys [10/28/2011 2:33 PM 47360] R3 RRNetCapMP;RRNetCapMP;c:windowssystem32driversrrnetcap.sys [7/19/2012 11:21 PM 31848] S2 avgfws;AVG Firewall;c:program filesAVGAVG2013avgfws.exe [4/10/2013 11:07 AM 1428472] S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2013avgidsagent.exe [5/14/2013 12:54 AM 4937264] S3 ampa;ampa;c:windowssystem32ampa.sys [4/28/2012 6:23 PM 10936] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:windowssystem32driversApowersoft_AudioDevice.sys [11/4/2011 11:16 AM 16640] S3 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwdx.sys [1/12/2012 7:52 PM 30944] S3 BrYNSvc;BrYNSvc;c:program filesBrowny02BrYNSvc.exe [1/31/2013 3:37 PM 245760] S3 DfSdkS;Defragmentation-Service;c:program filesAshampooAshampoo HDD Control 2DfSdkS.exe [6/10/2013 8:03 AM 406016] S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:windowssystem32driversDigiartyVirtualCDBus.sys [10/28/2011 10:39 PM 163616] S3 DragonSvc;Dragon Service;c:program filesCommon FilesNuancedgnsvc.exe [6/4/2011 1:12 PM 296808] S3 epmntdrv;epmntdrv;c:windowssystem32epmntdrv.sys [1/11/2012 10:58 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:windowssystem32EuGdiDrv.sys [1/11/2012 10:58 PM 8456] S3 GladFileMonSvc;GladFileMonSvc;c:program filesNuanceNuance Cloud ConnectorGladFileMonSvc.exe [5/9/2011 8:18 AM 29552] S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:windowssystem32drivershitmanpro37.sys [5/30/2013 6:20 AM 30464] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [4/22/2011 10:09 AM 22856] S3 RRNetCap;RRNetCap Service;c:windowssystem32driversrrnetcap.sys [7/19/2012 11:21 PM 31848] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:program filesSiSoftwareSiSoftware Sandra Personal 2012.SP5cRpcAgentSrv.exe [9/23/2012 2:48 PM 68760] S3 SpeedBoosterSvc;AppBooster 2.0 Service;c:program filesCommon FilesMC CommonBoostService.exe [11/23/2011 5:18 PM 2236528] S3 wimmount;wimmount;c:windowssystem32driverswimmount.sys [9/30/2012 7:10 PM 19024] S3 WISOVD;WISOVD;c:program filesWinISO ComputingWinISObindriverWISOVD_xp.sys [3/21/2012 7:22 AM 4992] S4 ADExchange;ArcSoft Exchange Service;c:program filesCommon FilesArcSoftesinterBineservutil.exe [10/25/2011 10:32 PM 37280] S4 AdvancedSystemCareService;Advanced SystemCare Service;c:program filesIObitAdvanced SystemCare 4ASCService.exe [10/27/2011 5:44 PM 328536] S4 ctm;Convar task manager;c:program filesConvarTaskManagerctm.exe [11/23/2011 8:38 PM 98304] S4 DymoPnpService;DYMO PnP Service;c:program filesDYMODYMO Label SoftwareDymoPnpService.exe [10/9/2012 12:30 PM 32368] S4 EaseUS Agent;EaseUS Agent Service;c:program filesEASEUSTodo BackupbinAgent.exe [5/23/2013 10:04 AM 68168] S4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:program filesEPSONEpsonCustomerParticipationEPCP.exe [5/10/2012 2:00 PM 539744] S4 EpsonScanSvc;Epson Scanner Service;c:windowssystem32escsvc.exe [3/10/2013 1:00 PM 122000] S4 FLService;FLService;c:program filesidooFile EncryptionFLService.exe [1/22/2012 12:51 PM 86016] S4 GSService;GSService;c:windowssystem32GSService.exe [7/17/2012 5:13 PM 252416] S4 Guard Agent;Guard Agent Service;c:program filesEASEUSTodo BackupbinGuardAgent.exe [5/23/2013 10:04 AM 23624] S4 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [9/11/2012 5:00 PM 418376] S4 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [4/22/2011 10:09 AM 701512] S4 ocster_1clk_backup;Ocster 1-Click Backup;c:program filesOcster 1-Click BackupbinbackupService-ox1c.exe [5/5/2013 2:47 AM 20656] S4 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [7/13/2012 1:28 PM 160944] S4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:program filesCommon FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe --> c:program filesCommon FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe [?] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-09 23:14    1173456    ----a-w-    c:program filesGoogleChromeApplication28.0.1500.71Installerchrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-10 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-14 17:11] . 2013-01-14 c:windowsTasksAppleSoftwareUpdate.job - c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 22:57] . 2013-07-10 c:windowsTasksGlaryInitialize.job - c:program filesGlary Utilitiesinitialize.exe [2012-01-25 14:50] . 2013-07-10 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2011-04-24 01:55] . 2013-07-10 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2011-04-24 01:55] . 2011-09-23 c:windowsTasksMicrosoft_Hardware_Launch_IType_exe.job - c:program filesMicrosoft IntelliType Proitype.exe [2011-08-10 23:39] . 2013-07-10 c:windowsTasksSystem Restore Daily Backup.job - c:program filesSystem Restore Daily Backup.vbs [2013-03-27 18:49] . 2013-07-10 c:windowsTasksUnattended System Restore Point.vbs.job - d:miscellaneousUnattended System Restore Point.vbs.docx [2013-03-23 18:47] . 2013-07-10 c:windowsTasksUser_Feed_Synchronization-{FC8AAE0C-A3CC-4CF3-AA8B-3A2599249992}.job - c:windowssystem32msfeedssync.exe [2009-03-08 12:31] . . ------- Supplementary Scan ------- . IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:program filesICQ7.5ICQ.exe TCP: DhcpNameServer = 192.168.0.1 DPF: Microsoft XML Parser for Java FF - ProfilePath - c:documents and settingsGAKApplication DataMozillaFirefoxprofilesostayg09.default FF - ExtSQL: 2013-05-20 09:55; SoundFrost@helper.com; c:program filesSoundFrostSoundFrost.xpi FF - ExtSQL: 2013-06-09 13:50; troubleshooter@mozilla.org; c:documents and settingsGAKApplication DataMozillaFirefoxProfilesostayg09.defaultextensionstroubleshooter@mozilla.org.xpi . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file) AddRemove-{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE} - c:docume~1ALLUSE~1APPLIC~1INSTAL~2{4BB7A~1Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-10 14:39 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ...   . scanning hidden autostart entries ... . scanning hidden files ...   . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESystemControlSet003ServicesSentinelImagePath] . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERSS-1-5-21-1606980848-2052111302-839522115-1003SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{DFDCEC20-9BA4-83EC-9DA1-86CAFB8528B8}*] "iaoiokhhioobifadno"=hex:6b,61,68,62,6d,62,61,68,68,69,61,62,6c,61,6b,6c,6f,6d,    63,65,63,66,00,00 "haipinelhkffdgcb"=hex:6b,61,68,62,6d,62,61,68,68,69,61,62,6c,61,6b,6c,6f,6d,    63,65,63,66,00,00 "hacagjjkmbjhjdfh"=hex:61,62,62,6a,64,6e,61,6a,70,63,62,6d,6a,6d,64,67,6f,65,    65,63,6a,6f,6f,6e,68,6e,69,69,6d,62,6a,6c,6c,68,00,00 "jafadjblemdbelppfjgc"=hex:64,62,6d,61,6c,66,62,65,6b,6f,66,65,6d,62,65,6a,6e,    61,64,6d,6d,63,63,6b,6a,6f,64,6e,68,6f,62,68,61,68,6a,65,6c,65,67,6d,00,fc . [HKEY_USERSS-1-5-21-1606980848-2052111302-839522115-1003SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{FFF361FA-600A-CBE1-1CBB-7A4B04F1F2D1}*] "hanmegcjdedijflj"=hex:61,62,6b,64,69,65,63,69,6d,6d,64,63,6d,64,65,64,65,6e,    6e,6e,6c,6a,65,62,65,65,62,66,61,6a,6b,68,64,65,00,7c "jaompjekahmegpepcjac"=hex:64,62,65,6e,66,64,61,66,6f,6a,61,67,65,63,68,64,65,    6f,6f,66,69,6b,62,65,66,66,6c,6f,6d,61,68,65,6e,65,66,70,6a,6f,6e,64,00,00 . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(6128) c:windowssystem32WININET.dll c:program files4t Tray MinimizerShellEh552.dll c:program filesStart Menu XStartMenuXHook32.dll c:program filesSticky PasswordspCapBtnLdr.dll c:program filesSticky PasswordspCapBtn.dll c:program filesNuanceNuance Cloud ConnectorGlOverlayIcon.dll c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll c:program filesNuanceNuance Cloud ConnectorGlOverlayIconU.dll c:windowssystem32ieframe.dll c:windowssystem32webcheck.dll c:program filesCommon FilesAdobeAcrobatActiveXPDFShell.dll c:program filesNuanceNuance Cloud ConnectorGladinetShellProxy.dll c:program filesMalwarebytes' Anti-Malwarembamext.dll c:program filesNuancePDF Create 7binDirectShellExt.dll c:program filesWinZipwzshlstb.dll c:program filesWinZipwzshlex1.dll c:program filesWinZipWZCAB3.DLL c:program filesAdobeAcrobat 8.0Acrobat ElementsContextMenu.dll . Completion time: 2013-07-10  14:43:17 ComboFix-quarantined-files.txt  2013-07-10 18:43 ComboFix2.txt  2013-06-08 23:30 ComboFix3.txt  2011-12-08 04:36 ComboFix4.txt  2011-11-28 04:09 . Pre-Run: 432,145,264,640 bytes free Post-Run: 432,462,643,200 bytes free . - - End Of File - - 34CBB7821913C6D92FDDEAB13A5F5E35 8F558EB6672622401DA993E1E865C861  



#6 Tomk_

Tomk_

    WTT Teacher

  • Trusted Malware Techs
  • 1,094 posts
  • Gender:Male


Posted 11 July 2013 - 12:19 AM

gakerby1983,

 

I'm not seeing any remnants of MSSE... but there must be some somewhere.  Please click here to download the removal tool.  Then run it.

 

[color=#0000FF;]Azureus (Vuze)[/color]
You have Azureus (Vuze), a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetw...cles/art053.htm


I would recommend that you uninstall Azureus (Vuze), however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

[color=#FF0000;]If you wish to keep it, please do not use it until your computer is cleaned.[/color]

 

While you're at it... it appears you have Advanced System Care installed.  In my opinion, at best, this is snake oil.  I seriously doubt it can do you any good and I've seen way to many systems scrambled by people using it.  I would uninstall it.

 

[color=#0000FF;]COMBOFIX-Script[/color]
 


    [*]Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Firefox::FF - ProfilePath - c:documents and settingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultFF - ExtSQL: 2013-05-20 09:55; SoundFrost@helper.com; c:program filesSoundFrostSoundFrost.xpiregnull::[HKEY_USERSS-1-5-21-1606980848-2052111302-839522115-1003SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{DFDCEC20-9BA4-83EC-9DA1-86CAFB8528B8}*][HKEY_USERSS-1-5-21-1606980848-2052111302-839522115-1003SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{FFF361FA-600A-CBE1-1CBB-7A4B04F1F2D1}*]
    [*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
    [*][color=#FF0000;]Very Important![/color] Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    [*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    [*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    [*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    [/list]

    [color=#FF0000;]CAUTION:[/color] Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
     

     

    Then

     

    [color=#0000FF;]AdwCleaner[/color]
     


      [*]Please download AdwCleaner by Xplode onto your desktop.
      [*]Close all open programs and internet browsers.
      [*]Double click on AdwCleaner.exe to run the tool.
      [*]Click on Delete.
      [*]Confirm each time with Ok.
      [*]Your computer will be rebooted automatically. A text file will open after the restart.
      [*]Please post the content of that logfile with your next answer.
      [*]You can find the logfile at C:AdwCleaner[S1].txt as well.
      [/list]

       



#7 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 11 July 2013 - 02:29 PM

Hi,

 

I've think I've faithfully followed your instructions.

 

1. I've removed Advanced System Care. I used Revo Uninstaller rather than Add/Remove. My understanding is that Add/Remove can leave program remnants behind like files and  registry entries. I wonder if you have any thoughts on this.

2. I downloaded the Microsoft Security Essentials removal tool, but it doesn't seem to have worked in that OTL is still complaining that MSE is active and scanning. Accordingly, I posted a request for help on the problem on Virus and Malware forum at microsoft.com (the link for the post is: http://answers.micro...a7-d396ca22c8cb). I hope this is OK. Let me know if you want me to remove this post.

3. Regarding Vuze, I havent' removed it, but I won't use it again until my system is clean. I take your point that such programs can be a way for malware to enter a system. My thoughts on this are:

 

a) Install it on a stand alone computer solely devoted to such programs

B) keep it on my main computer, but every time before it is used for a download or upload, create a system restore point. Then once the download or upload is completed and copied off the computer, restore the computer to the state it was in before the download or upload took place. Do you think this would prevent any malware ever getting onto a computer using this method?

c) using the method outline in B) above but doing it inside a program like Sandiebox

 

If you have any thoughts on the above I'd be very interested in hearing them, but I quite understand if you want to skip them as they're outside the scope of what we're doing here.

 

I created the text as directed, copied it into Combofix and ran it. After that I downladed AdwCleaner and ran it. The logs are posted below

 

ComboFix 13-07-11.03 - GAK 07/11/2013  12:26:26.6.2 - x86 Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2420 [GMT -4:00] Running from: c:documents and settingsGAKDesktopComboFix.exe Command switches used :: c:documents and settingsGAKDesktopCFScript.txt AV: AVG Internet Security Business Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: AVG Internet Security Business Edition 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((   Files Created from 2013-06-11 to 2013-07-11  ))))))))))))))))))))))))))))))) . . 2013-07-11 15:13 . 2013-07-11 15:25    3720    ----a-w-    C:FixitRegBackup.reg 2013-07-10 18:10 . 2013-07-10 18:10    --------    d-----w-    c:program filesComboFix 2013-07-09 20:45 . 2013-07-09 20:45    --------    d-----w-    c:program filesBatchInpaint 2013-07-06 13:47 . 2013-07-06 13:47    94632    ----a-w-    c:windowssystem32WindowsAccessBridge.dll 2013-06-17 17:12 . 2013-06-17 17:12    --------    d-----w-    c:program filesAnvisoft 2013-06-14 10:33 . 2013-06-14 10:33    --------    d-----w-    C:_OTL 2013-06-13 22:38 . 2013-06-13 22:38    --------    d--h--w-    c:windowsPIF 2013-06-13 21:23 . 2013-06-13 21:25    --------    d-----w-    c:program filesAllMedia Grabber 2013-06-13 21:23 . 2013-06-13 21:24    --------    d-----w-    c:windowsAllMedia Grabber 2013-06-12 22:51 . 2013-06-12 22:51    --------    d-----w-    c:documents and settingsNetworkServiceLocal SettingsApplication DataAvg2013 2013-06-12 22:46 . 2013-06-12 22:46    --------    d-----w-    c:documents and settingsGAKApplication DataAVG2013 2013-06-12 22:46 . 2013-06-12 22:46    --------    d-----w-    c:windowssystem32configsystemprofileApplication DataAVG2013 2013-06-12 22:46 . 2013-06-12 22:46    --------    d-----w-    c:documents and settingsLocalServiceLocal SettingsApplication DataAvg2013 2013-06-12 22:44 . 2013-06-12 22:44    --------    d-----w-    C:$AVG 2013-06-12 22:44 . 2013-06-12 22:46    --------    d-----w-    c:documents and settingsAll UsersApplication DataAVG2013 2013-06-12 22:39 . 2013-06-13 10:02    --------    d-----w-    c:documents and settingsGAKLocal SettingsApplication DataAvg2013 2013-06-12 19:44 . 2013-06-12 19:44    --------    d-----w-    c:documents and settingsGAKApplication DataVuze Remote . . . ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-06 13:47 . 2012-04-29 20:53    867240    ----a-w-    c:windowssystem32npdeployJava1.dll 2013-07-06 13:47 . 2011-08-10 01:51    789416    ----a-w-    c:windowssystem32deployJava1.dll 2013-07-06 13:47 . 2011-08-10 01:51    144896    ----a-w-    c:windowssystem32javacpl.cpl 2013-06-12 17:11 . 2012-04-14 13:18    692104    ----a-w-    c:windowssystem32FlashPlayerApp.exe 2013-06-12 17:11 . 2011-12-16 02:33    71048    ----a-w-    c:windowssystem32FlashPlayerCPLApp.cpl 2013-06-08 03:55 . 2004-08-03 22:59    385024    ------w-    c:windowssystem32html.iec 2013-06-07 21:56 . 2004-08-04 00:56    920064    ----a-w-    c:windowssystem32wininet.dll 2013-06-07 21:56 . 2004-08-04 00:56    43520    ------w-    c:windowssystem32licmgr10.dll 2013-06-07 21:56 . 2004-08-04 00:56    1469440    ------w-    c:windowssystem32inetcpl.cpl 2013-06-04 07:23 . 2004-08-04 00:56    562688    ----a-w-    c:windowssystem32qedit.dll 2013-06-04 01:40 . 2004-08-03 23:17    1876736    ----a-w-    c:windowssystem32win32k.sys 2013-05-30 10:20 . 2013-05-30 10:20    30464    ----a-w-    c:windowssystem32drivershitmanpro37.sys 2013-05-29 18:41 . 2013-05-29 18:41    388096    ----a-r-    c:documents and settingsGAKApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2013-05-24 21:14 . 2013-05-24 21:14    19504    ------w-    c:windowssystem32driversvmdebug.sys 2013-05-24 21:14 . 2013-05-24 21:14    54960    ------w-    c:windowssystem32driversvmci.sys 2013-05-24 21:14 . 2013-05-24 21:14    35328    ----a-w-    c:windowssystem32driverspcntpci5.sys 2013-05-24 21:14 . 2013-05-24 21:14    10624    ----a-w-    c:windowssystem32driversgameenum.sys 2013-05-24 21:14 . 2013-05-24 21:14    40704    ----a-w-    c:windowssystem32driverses1371mp.sys 2013-05-24 21:14 . 2013-05-24 21:14    10240    ----a-w-    c:windowssystem32driverscompbatt.sys 2013-05-24 21:14 . 2013-05-24 21:14    13952    ----a-w-    c:windowssystem32driverscmbatt.sys 2013-05-24 21:14 . 2013-05-24 21:14    14208    ----a-w-    c:windowssystem32driversbattc.sys 2013-05-24 20:49 . 2013-05-24 20:59    16205390    ------w-    c:documents and settingsDLLSuite_Setup_2013.exe 2013-05-24 20:48 . 2013-05-24 21:09    105472    ------w-    c:documents and settingsHAL.DLL 2013-05-22 17:21 . 2013-05-21 21:55    37664    ------w-    c:windowssystem32driversavgtpx86.sys 2013-05-16 03:32 . 2013-05-16 03:32    51976    ----a-w-    c:windowsAUDBootDefrag.exe 2013-05-10 16:43 . 2011-04-22 23:02    1696256    ------w-    c:windowssystem32wmv9vcm.dll 2013-05-03 01:30 . 2004-08-03 23:20    2149888    ----a-w-    c:windowssystem32ntoskrnl.exe 2013-05-03 00:38 . 2004-08-03 22:59    2028544    ----a-w-    c:windowssystem32ntkrnlpa.exe 2013-03-27 18:49 . 2013-03-27 18:49    848    ------w-    c:program filesSystem Restore Daily Backup.vbs 2012-10-07 09:43 . 2012-10-07 09:16    6733824    ------w-    c:program filesAllMySongsDatabase.exe 2012-05-11 19:16 . 2012-05-11 19:16    171520    ------w-    c:program filesCommon FilesdsfOggDemux2.dll 2011-04-19 03:51 . 2011-04-19 03:51    653136    ------w-    c:program filesCommon FilesMSVCR90.dll 2011-04-19 03:51 . 2011-04-19 03:51    569680    ------w-    c:program filesCommon FilesMSVCP90.dll 2011-01-12 07:00 . 2011-01-12 07:00    30208    ------w-    c:program filesCommon Fileswmpinfo.dll 2011-01-12 07:00 . 2011-01-12 07:00    240128    ------w-    c:program filesCommon FilesdsfVorbisDecoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    146944    ------w-    c:program filesCommon FilesdsfFLACDecoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    221184    ------w-    c:program filesCommon FilesdsfFLACEncoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    204800    ------w-    c:program filesCommon FilesdsfNativeFLACSource.dll 2010-12-17 02:39 . 2010-12-17 02:39    302592    ------w-    c:program filesCommon Fileswebmmux.dll 2010-12-17 02:39 . 2010-12-17 02:39    701440    ------w-    c:program filesCommon Filesvp8encoder.dll 2010-12-17 02:39 . 2010-12-17 02:39    412672    ------w-    c:program filesCommon Filesvp8decoder.dll 2010-12-17 02:39 . 2010-12-17 02:39    292352    ------w-    c:program filesCommon Fileswebmsplit.dll 2007-11-19 19:10 . 2012-10-07 09:16    1937408    ------w-    c:program filesFreeImage.dll 2004-02-28 19:05 . 2011-05-18 22:56    266240    ------w-    c:program filesvbalTreeView6.ocx 2004-01-21 22:35 . 2011-05-18 22:56    40960    ------w-    c:program filesSSubTmr6.dll 2003-04-01 13:35 . 2011-05-18 22:56    122880    ------w-    c:program filescPopMenu6.ocx . . (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersGladinetIconOverlay] @="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}" [HKEY_CLASSES_ROOTCLSID{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}] 2011-05-09 12:10    194416    ------w-    c:program filesNuanceNuance Cloud ConnectorGlOverlayIcon.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersGladinetUploading] @="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}" [HKEY_CLASSES_ROOTCLSID{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}] 2011-05-09 12:13    194416    ------w-    c:program filesNuanceNuance Cloud ConnectorGlOverlayIconU.dll . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "STARTRIGHT"="c:program filesStartRightStartRight.exe" [2007-01-30 781824] "SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2004-10-14 1404928] . c:documents and settingsGAKStart MenuProgramsStartupCodeStuff Starter CodeStuff - Website.url [2011-8-24 54] Starter.lnk - c:program filesCodeStuffStarterStarter.exe [2009-5-17 485888] Uninstall Starter.lnk - c:program filesCodeStuffStarterunStarter.exe [2011-8-24 59740] . c:documents and settingsAdministrator.YOUR-70FEC468DEStart MenuProgramsStartup Chaos Manager loader.lnk - c:program filesChaos Manager 2cm2.exe [2011-7-30 1881600] . c:documents and settingsAll UsersStart MenuProgramsStartupAutorunsDisabled Adobe Gamma.lnk - c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) . [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute    REG_MULTI_SZ       autocheck autochk *0c:progra~1AVGAVG2013avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys] @="Driver" . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] backup=c:windowspssAdobe Acrobat Synchronizer.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:windowspssAdobe Gamma.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^iFinger 2.0.lnk] backup=c:windowspssiFinger 2.0.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk] backup=c:windowspssInterVideo Scheduler server.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] backup=c:windowspssInterVideo WinCinema Manager.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk] backup=c:windowspssNuance Cloud Connector.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^GAK^Desktop^Startup^Launch WhiteSmoke.lnk] backup=c:windowspssLaunch WhiteSmoke.lnkStartup . [HKLM~startupfolderC:^Shortcuts^Startup^Chaos Manager loader.lnk] backup=c:windowspssChaos Manager loader.lnkStartup . [HKLM~startupfolderC:^Shortcuts^Startup^Spartan.lnk] backup=c:windowspssSpartan.lnkStartup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAVG_UI] 2013-04-29 04:58    4408368    ----a-w-    c:program filesAVGAVG2013avgui.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2008-04-14 00:12    15360    ----a-w-    c:windowssystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTARTRIGHT] 2007-01-30 01:51    781824    ------w-    c:program filesStartRightStartRight.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTakeYourBreak 1.0] 2006-05-09 06:37    5467648    ------w-    c:program filesTakeYourBreakTakeYourBreak.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices] "WMService"=2 (0x2) "avast! Antivirus"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) "RapportMgmtService"=2 (0x2) "MBAMService"=2 (0x2) "MBAMScheduler"=2 (0x2) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "EnableFirewall"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "c:Program FilesAdobeAdobe Version Cue CS2binVersionCueCS2.exe"= "%windir%Network Diagnosticxpnetdiag.exe"= "c:Program FilesNuanceOmniPage18OmniPage18.exe"= "c:Program FilesNuanceOmniPage18PPMV.exe"= "c:Program FilesNuanceOmniPage18EregEreg.exe"= "c:Program FilesNuanceNuance Cloud ConnectorGladinetClient.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvr.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvr2003.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvrXP32.exe"= "c:Program FilesICQ7.5ICQ.exe"= "c:Program Filesbackburner 2monitor.exe"= "c:Program Filesbackburner 2manager.exe"= "c:Program Filesbackburner 2server.exe"= "c:WINDOWSsystem32SUPDSvc.exe"= "c:Program FilesIBMSPSSStatistics19stats.com"= "c:Program FilesIBMSPSSStatistics19WinWrapIDE.exe"= "c:Program FilesIBMSPSSStatistics19stats.exe"= "c:Program FilesOperaopera.exe"= "c:Program FilesAVGAVG2012avgmfapx.exe"= "c:Program FilesMicrosoft OfficeOFFICE12OUTLOOK.EXE"= "c:WINDOWSsystem32dpvsetup.exe"= "c:Program FilesSkypePhoneSkype.exe"= "c:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cRpcAgentSrv.exe"= "c:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cWNt500x86RpcSandraSrv.exe"= "c:Program FilesRoboTaskRoboTask.exe"= "c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"= "c:Program FilesEPSON SoftwareEvent ManagerEEventManager.exe"= "c:Documents and SettingsGAKApplication DataSpotifyspotify.exe"= "c:Program FilesLeawoLeawo Blu-ray PlayerLeawo Blu-ray Player.exe"= "c:Program FilesEASEUSTodo BackupbinAgent.exe"= "c:Program FilesEASEUSTodo BackupbinTbService.exe"= "c:Program FilesEASEUSTodo BackupbinTBConsoleUI.exe"= "c:WINDOWSsystem32mmc.exe"= "c:Program FilesVuzeAzureus.exe"= "c:Program FilesAVGAVG2013avgnsx.exe"= "c:Program FilesAVGAVG2013avgdiagex.exe"= "c:Program FilesAVGAVG2013avgmfapx.exe"= "c:Program FilesAVGAVG2013avgwdsvc.exe"= "c:Program FilesAVGAVG2013avgemcx.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "51001:TCP"= 51001:TCP:Dragon Smart Phone Server "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 AVGIDSHX;AVGIDSHX;c:windowssystem32driversavgidshx.sys [2/8/2013 4:37 AM 60216] R0 Avglogx;AVG Logging Driver;c:windowssystem32driversavglogx.sys [2/8/2013 4:37 AM 245048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2/8/2013 4:37 AM 39224] R0 EUBAKUP;EUBAKUP;c:windowssystem32driverseubakup.sys [3/5/2013 8:57 PM 50248] R0 EUBKMON;EUBKMON;c:windowssystem32driversEUBKMON.sys [3/5/2013 8:57 PM 40648] R0 FileLock;FileLock;c:windowssystem32driversFileLock.sys [1/22/2012 12:51 PM 35456] R0 hotcore3;hc3ServiceName;c:windowssystem32drivershotcore3.sys [9/6/2011 4:27 PM 57112] R1 aflfile;AFLFile;c:windowssystem32driversaflfile.sys [11/17/2012 9:15 PM 22984] R1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversavgidsdriverx.sys [3/29/2013 2:53 AM 208184] R1 AVGIDSShim;AVGIDSShim;c:windowssystem32driversavgidsshimx.sys [3/1/2013 10:32 AM 22328] R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2/8/2013 4:37 AM 170808] R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [3/21/2013 3:08 AM 182072] R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [5/21/2013 5:55 PM 37664] R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:windowssystem32driversCSN5PDTS82.sys [4/10/2012 4:58 PM 28184] R1 EUDSKACS;EUDSKACS;c:windowssystem32driverseudskacs.sys [3/5/2013 8:57 PM 14920] R1 EUFDDISK;EUFDDISK;c:windowssystem32driversEuFdDisk.sys [3/5/2013 8:57 PM 185672] R1 SafDskNT;SafeHouse;c:windowssystem32driversSafDskNT.sys [12/7/2009 8:12 PM 78336] R1 Uim_Vim;UIM Virtual Image Plugin;c:windowssystem32driversUim_Vim.sys [10/31/2012 2:17 PM 283472] R2 AHDDC2;Ashampoo HDD Control 2 Service;c:program filesAshampooAshampoo HDD Control 2AHDDC2_Service.exe [6/10/2013 8:02 AM 1518504] R2 avgwd;AVG WatchDog;c:program filesAVGAVG2013avgwdsvc.exe [4/18/2013 4:34 AM 283136] R2 MCDefragService;mobile concepts DefragService;c:program filesCommon FilesMC CommonAMDSrv.exe [11/23/2011 5:18 PM 5663856] R2 NetBalancer Windows Service;NetBalancer Windows Service;c:program filesNetBalancerSeriousBit.NetBalancer.Service.exe [2/18/2012 7:34 AM 10240] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:program filesNuancePaperPortPDFProFiltSrvPP.exe [2/11/2010 2:30 AM 144672] R2 PS-Disk Monitoring Utility;PS-Disk Monitoring Utility;c:program filesPS-Disk Monitoring UtilityHardDiskMonitoringService.exe [8/12/2008 5:04 PM 53248] R2 SCRCAMNETDRIVER;ScreenCamera.Net Video Camera;c:windowssystem32driversSCRCAMNETDRIVER.sys [6/28/2012 8:41 AM 233096] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:windowssystem32driversthdudf.sys [10/8/2012 12:26 PM 66944] R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:program filesUSB Safely RemoveUSBSRService.exe [1/12/2012 6:59 PM 257880] R3 Avgfwdx;Avgfwdx;c:windowssystem32driversavgfwdx.sys [1/12/2012 7:52 PM 30944] R3 dc3d;MS Hardware Device Detection Driver (USB);c:windowssystem32driversdc3d.sys [9/22/2011 10:02 PM 45288] R3 Nbdrv;NetBalancer Service;c:windowssystem32driversnbdrv.sys [2/18/2012 7:34 AM 31016] R3 pcouffin;VSO Software pcouffin;c:windowssystem32driverspcouffin.sys [10/28/2011 2:33 PM 47360] R3 RRNetCapMP;RRNetCapMP;c:windowssystem32driversrrnetcap.sys [7/19/2012 11:21 PM 31848] S2 avgfws;AVG Firewall;c:program filesAVGAVG2013avgfws.exe [4/10/2013 11:07 AM 1428472] S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2013avgidsagent.exe [5/14/2013 12:54 AM 4937264] S3 ampa;ampa;c:windowssystem32ampa.sys [4/28/2012 6:23 PM 10936] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:windowssystem32driversApowersoft_AudioDevice.sys [11/4/2011 11:16 AM 16640] S3 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwdx.sys [1/12/2012 7:52 PM 30944] S3 BrYNSvc;BrYNSvc;c:program filesBrowny02BrYNSvc.exe [1/31/2013 3:37 PM 245760] S3 DfSdkS;Defragmentation-Service;c:program filesAshampooAshampoo HDD Control 2DfSdkS.exe [6/10/2013 8:03 AM 406016] S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:windowssystem32driversDigiartyVirtualCDBus.sys [10/28/2011 10:39 PM 163616] S3 DragonSvc;Dragon Service;c:program filesCommon FilesNuancedgnsvc.exe [6/4/2011 1:12 PM 296808] S3 epmntdrv;epmntdrv;c:windowssystem32epmntdrv.sys [1/11/2012 10:58 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:windowssystem32EuGdiDrv.sys [1/11/2012 10:58 PM 8456] S3 GladFileMonSvc;GladFileMonSvc;c:program filesNuanceNuance Cloud ConnectorGladFileMonSvc.exe [5/9/2011 8:18 AM 29552] S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:windowssystem32drivershitmanpro37.sys [5/30/2013 6:20 AM 30464] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [4/22/2011 10:09 AM 22856] S3 RRNetCap;RRNetCap Service;c:windowssystem32driversrrnetcap.sys [7/19/2012 11:21 PM 31848] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:program filesSiSoftwareSiSoftware Sandra Personal 2012.SP5cRpcAgentSrv.exe [9/23/2012 2:48 PM 68760] S3 SpeedBoosterSvc;AppBooster 2.0 Service;c:program filesCommon FilesMC CommonBoostService.exe [11/23/2011 5:18 PM 2236528] S3 wimmount;wimmount;c:windowssystem32driverswimmount.sys [9/30/2012 7:10 PM 19024] S3 WISOVD;WISOVD;c:program filesWinISO ComputingWinISObindriverWISOVD_xp.sys [3/21/2012 7:22 AM 4992] S4 ADExchange;ArcSoft Exchange Service;c:program filesCommon FilesArcSoftesinterBineservutil.exe [10/25/2011 10:32 PM 37280] S4 ctm;Convar task manager;c:program filesConvarTaskManagerctm.exe [11/23/2011 8:38 PM 98304] S4 DymoPnpService;DYMO PnP Service;c:program filesDYMODYMO Label SoftwareDymoPnpService.exe [10/9/2012 12:30 PM 32368] S4 EaseUS Agent;EaseUS Agent Service;c:program filesEASEUSTodo BackupbinAgent.exe [5/23/2013 10:04 AM 68168] S4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:program filesEPSONEpsonCustomerParticipationEPCP.exe [5/10/2012 2:00 PM 539744] S4 EpsonScanSvc;Epson Scanner Service;c:windowssystem32escsvc.exe [3/10/2013 1:00 PM 122000] S4 FLService;FLService;c:program filesidooFile EncryptionFLService.exe [1/22/2012 12:51 PM 86016] S4 GSService;GSService;c:windowssystem32GSService.exe [7/17/2012 5:13 PM 252416] S4 Guard Agent;Guard Agent Service;c:program filesEASEUSTodo BackupbinGuardAgent.exe [5/23/2013 10:04 AM 23624] S4 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [9/11/2012 5:00 PM 418376] S4 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [4/22/2011 10:09 AM 701512] S4 ocster_1clk_backup;Ocster 1-Click Backup;c:program filesOcster 1-Click BackupbinbackupService-ox1c.exe [5/5/2013 2:47 AM 20656] S4 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [7/13/2012 1:28 PM 160944] S4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:program filesCommon FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe --> c:program filesCommon FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe [?] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-09 23:14    1173456    ----a-w-    c:program filesGoogleChromeApplication28.0.1500.71Installerchrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-11 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-14 17:11] . 2013-01-14 c:windowsTasksAppleSoftwareUpdate.job - c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 22:57] . 2013-07-11 c:windowsTasksGlaryInitialize.job - c:program filesGlary Utilitiesinitialize.exe [2012-01-25 14:50] . 2013-07-11 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2011-04-24 01:55] . 2013-07-11 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2011-04-24 01:55] . 2011-09-23 c:windowsTasksMicrosoft_Hardware_Launch_IType_exe.job - c:program filesMicrosoft IntelliType Proitype.exe [2011-08-10 23:39] . 2013-07-11 c:windowsTasksSystem Restore Daily Backup.job - c:program filesSystem Restore Daily Backup.vbs [2013-03-27 18:49] . 2013-07-11 c:windowsTasksUnattended System Restore Point.vbs.job - d:miscellaneousUnattended System Restore Point.vbs.docx [2013-03-23 18:47] . 2013-07-11 c:windowsTasksUser_Feed_Synchronization-{FC8AAE0C-A3CC-4CF3-AA8B-3A2599249992}.job - c:windowssystem32msfeedssync.exe [2009-03-08 12:31] . . ------- Supplementary Scan ------- . IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:program filesICQ7.5ICQ.exe TCP: DhcpNameServer = 192.168.0.1 DPF: Microsoft XML Parser for Java FF - ProfilePath - c:documents and settingsGAKApplication DataMozillaFirefoxprofilesostayg09.default FF - ExtSQL: 2013-05-20 09:55; SoundFrost@helper.com; c:program filesSoundFrostSoundFrost.xpi FF - ExtSQL: 2013-06-09 13:50; troubleshooter@mozilla.org; c:documents and settingsGAKApplication DataMozillaFirefoxProfilesostayg09.defaultextensionstroubleshooter@mozilla.org.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-11 12:41 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ...   . scanning hidden autostart entries ... . scanning hidden files ...   . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESystemControlSet003ServicesSentinelImagePath] . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4192) c:windowssystem32WININET.dll c:program files4t Tray MinimizerShellEh552.dll c:program filesStart Menu XStartMenuXHook32.dll c:program filesSticky PasswordspCapBtnLdr.dll c:program filesSticky PasswordspCapBtn.dll c:program filesNuanceNuance Cloud ConnectorGlOverlayIcon.dll c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll c:program filesNuanceNuance Cloud ConnectorGlOverlayIconU.dll c:windowssystem32ieframe.dll c:windowssystem32webcheck.dll . Completion time: 2013-07-11  12:44:58 ComboFix-quarantined-files.txt  2013-07-11 16:44 ComboFix2.txt  2013-07-10 18:43 ComboFix3.txt  2013-06-08 23:30 ComboFix4.txt  2011-12-08 04:36 ComboFix5.txt  2013-07-11 16:24 . Pre-Run: 431,278,739,456 bytes free Post-Run: 431,343,595,520 bytes free . - - End Of File - - B72B567CA9B8FBEA1AFDC68A0A875D81 8F558EB6672622401DA993E1E865C861  

# AdwCleaner v2.304 - Logfile created 07/11/2013 at 14:09:50 # Updated 03/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : GAK - YOUR-BAE951A73C # Boot Mode : Normal # Running from : C:Documents and SettingsGAKdesktopadwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:Documents and SettingsGAKApplication DataMozillaFirefoxProfilesnmk1y36l.defaultextensionsfreerip@mybrowserbar.com Deleted on reboot : C:Documents and SettingsGAKApplication DataMozillaFirefoxProfilesnmk1y36l.defaultextensionswtxpcom@mybrowserbar.com ***** [Registry] ***** ***** [Internet Browsers] ***** - Internet Explorer v8.0.6001.18702 [OK] Registry is clean. - Mozilla Firefox v22.0 (en-US) File : C:Documents and SettingsGAKApplication DataMozillaFirefoxProfileshz32imv0.defaultprefs.js [OK] File is clean. File : C:Documents and SettingsGAKApplication DataMozillaFirefoxProfilesnmk1y36l.defaultprefs.js [OK] File is clean. File : C:Documents and SettingsGAKApplication DataMozillaFirefoxProfilesostayg09.defaultprefs.js Deleted : user_pref("extensions.TooManyTabs@visibotech.com.recentlyClosedTabs", "[{"label":"AVG Virus Encyc[...] File : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfilesj0vdvyc2.defaultprefs.js [OK] File is clean. - Google Chrome v28.0.1500.71 File : C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences [OK] File is clean. - Opera v11.64.1403.0 File : C:Documents and SettingsGAKApplication DataOperaOperaoperaprefs.ini [OK] File is clean. File : C:Documents and SettingsAdministratorApplication DataOperaOperaoperaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [26538 octets] - [02/06/2013 09:49:18] AdwCleaner[R2].txt - [25228 octets] - [03/06/2013 18:52:52] AdwCleaner[R3].txt - [9305 octets] - [12/06/2013 04:20:56] AdwCleaner[R4].txt - [2267 octets] - [15/06/2013 13:11:46] AdwCleaner[S1].txt - [8995 octets] - [15/06/2013 05:36:00] AdwCleaner[S2].txt - [2339 octets] - [15/06/2013 13:35:39] AdwCleaner[S3].txt - [2303 octets] - [15/06/2013 17:06:09] AdwCleaner[S4].txt - [2339 octets] - [11/07/2013 14:09:50] ########## EOF - C:AdwCleaner[S4].txt - [2399 octets] ##########  



#8 Tomk_

Tomk_

    WTT Teacher

  • Trusted Malware Techs
  • 1,094 posts
  • Gender:Male


Posted 11 July 2013 - 11:30 PM

3. Regarding Vuze, I havent' removed it, but I won't use it again until my system is clean. I take your point that such programs can be a way for malware to enter a system. My thoughts on this are:
 
a) Install it on a stand alone computer solely devoted to such programs
B) keep it on my main computer, but every time before it is used for a download or upload, create a system restore point. Then once the download or upload is completed and copied off the computer, restore the computer to the state it was in before the download or upload took place. Do you think this would prevent any malware ever getting onto a computer using this method?
c) using the method outline in B) above but doing it inside a program like Sandiebox
 
If you have any thoughts on the above I'd be very interested in hearing them, but I quite understand if you want to skip them as they're outside the scope of what we're doing here.

Here are my thoughts.

a) I suppose that could work as long as you did not transfer the file to another system or have that computer connected to a network
B) This would only work if you also deleted the downloaded file when you did a restore.
c) Sandboxie would definitely be a help... but the point of it is to then "check out" the file. If you transfer it out of the sandbox... you become infected.

Perhaps you are unaware of the problem with these downloads. A high percentage of them have been "patched" with a trojan. When you use the P2P programs to download them... you bypass your onboard security. Your computer will do what you tell it to do and using the P2P program you in-essence are saying "Download this file onto my computer no matter what!" Once you execute the file, the trojan is installed on the system. If you transfer the file to another system... bingo... it is also infected. The only sure way to not get infected is don't use P2P programs. It has been my experience that there really isn't a question of "will" you get infected... but rather "when", "how often", and "how bad".

Our script didn't work completely. Let's try again.

[color=#0000FF;]COMBOFIX-Script[/color]

    [*]Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Firefox::FF - ProfilePath - c:documents and settingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultFF - ExtSQL: 2013-05-20 09:55; SoundFrost@helper.com; c:program filesSoundFrostSoundFrost.xpi
    [*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
    [*][color=#FF0000;]Very Important![/color] Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    [*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    [*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    [*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    [*][color=#FF0000;]CAUTION:[/color] Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    [/list]

#9 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 12 July 2013 - 11:35 AM

OK, I've run ComboFix again with the new CFScript. The log file is attached below.

 

I've had a few responses to my request for help in removing MSE from the Microsoft Forum. Mostly though they're of the add/remove program type. I've tried them and also followed some suggestions to look in various parts of the registry. I can't find any traces of MSE in the registry.

 

I beginning to wonder if ComboFix is confused on this issue. Do you have any thoughts as to why ComboFix might think MSE might be active on my system when there would appear to be no trace of it according to Revo Uninstaller, Control Panel Add/Remove and a search of the obvious places where it might be residing in the registry?

 

I take your points on the P2P programs that at some point they might well infect your system no matter how careful you are. Three more questions if you have the time to answer them:

 

1) can malware hide out or insert themselves n DVD files like vob, ifo and bup files. If they can I would assume once you placed the DVD in the CD/DVD drive of a computer that computer would become infected with the virus. Am I correct in this assumption?

2) How effective do you think ant virus programs like AVG and their major competitors are in stopping malware?

3) Assuming the answer to question two above is "way less than 100%", would you recommend browsing in something like Sandboxie if you don't want to download anything whilst browsing (On this point is there anything better than Sandboxie out there for virtual browsing?)

 

Anyway, thanks for your help so far. I very much appreciate it and very much feel we're getting somewhere.

 

ComboFix 13-07-12.01 - GAK 07/12/2013  11:48:09.7.2 - x86 Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2608 [GMT -4:00] Running from: c:documents and settingsGAKDesktopComboFix.exe Command switches used :: c:documents and settingsGAKDesktopCFScript.txt AV: AVG Internet Security Business Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: AVG Internet Security Business Edition 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((   Files Created from 2013-06-12 to 2013-07-12  ))))))))))))))))))))))))))))))) . . 2013-07-12 14:28 . 2013-07-12 14:28    --------    d-----w-    c:documents and settingsGAKApplication DataElevatedDiagnostics 2013-07-11 15:13 . 2013-07-11 15:25    3720    ----a-w-    C:FixitRegBackup.reg 2013-07-10 18:10 . 2013-07-10 18:10    --------    d-----w-    c:program filesComboFix 2013-07-09 20:45 . 2013-07-09 20:45    --------    d-----w-    c:program filesBatchInpaint 2013-07-06 13:47 . 2013-07-06 13:47    94632    ----a-w-    c:windowssystem32WindowsAccessBridge.dll 2013-06-17 17:12 . 2013-06-17 17:12    --------    d-----w-    c:program filesAnvisoft 2013-06-14 10:33 . 2013-06-14 10:33    --------    d-----w-    C:_OTL 2013-06-13 22:38 . 2013-06-13 22:38    --------    d--h--w-    c:windowsPIF 2013-06-13 21:23 . 2013-06-13 21:25    --------    d-----w-    c:program filesAllMedia Grabber 2013-06-13 21:23 . 2013-06-13 21:24    --------    d-----w-    c:windowsAllMedia Grabber 2013-06-12 22:51 . 2013-06-12 22:51    --------    d-----w-    c:documents and settingsNetworkServiceLocal SettingsApplication DataAvg2013 2013-06-12 22:46 . 2013-06-12 22:46    --------    d-----w-    c:documents and settingsGAKApplication DataAVG2013 2013-06-12 22:46 . 2013-06-12 22:46    --------    d-----w-    c:windowssystem32configsystemprofileApplication DataAVG2013 2013-06-12 22:46 . 2013-06-12 22:46    --------    d-----w-    c:documents and settingsLocalServiceLocal SettingsApplication DataAvg2013 2013-06-12 22:44 . 2013-06-12 22:44    --------    d-----w-    C:$AVG 2013-06-12 22:44 . 2013-06-12 22:46    --------    d-----w-    c:documents and settingsAll UsersApplication DataAVG2013 2013-06-12 22:39 . 2013-06-13 10:02    --------    d-----w-    c:documents and settingsGAKLocal SettingsApplication DataAvg2013 2013-06-12 19:44 . 2013-06-12 19:44    --------    d-----w-    c:documents and settingsGAKApplication DataVuze Remote . . . ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-06 13:47 . 2012-04-29 20:53    867240    ----a-w-    c:windowssystem32npdeployJava1.dll 2013-07-06 13:47 . 2011-08-10 01:51    789416    ----a-w-    c:windowssystem32deployJava1.dll 2013-07-06 13:47 . 2011-08-10 01:51    144896    ----a-w-    c:windowssystem32javacpl.cpl 2013-06-12 17:11 . 2012-04-14 13:18    692104    ----a-w-    c:windowssystem32FlashPlayerApp.exe 2013-06-12 17:11 . 2011-12-16 02:33    71048    ----a-w-    c:windowssystem32FlashPlayerCPLApp.cpl 2013-06-08 03:55 . 2004-08-03 22:59    385024    ------w-    c:windowssystem32html.iec 2013-06-07 21:56 . 2004-08-04 00:56    920064    ----a-w-    c:windowssystem32wininet.dll 2013-06-07 21:56 . 2004-08-04 00:56    43520    ------w-    c:windowssystem32licmgr10.dll 2013-06-07 21:56 . 2004-08-04 00:56    1469440    ------w-    c:windowssystem32inetcpl.cpl 2013-06-04 07:23 . 2004-08-04 00:56    562688    ----a-w-    c:windowssystem32qedit.dll 2013-06-04 01:40 . 2004-08-03 23:17    1876736    ----a-w-    c:windowssystem32win32k.sys 2013-05-30 10:20 . 2013-05-30 10:20    30464    ----a-w-    c:windowssystem32drivershitmanpro37.sys 2013-05-29 18:41 . 2013-05-29 18:41    388096    ----a-r-    c:documents and settingsGAKApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2013-05-24 21:14 . 2013-05-24 21:14    19504    ------w-    c:windowssystem32driversvmdebug.sys 2013-05-24 21:14 . 2013-05-24 21:14    54960    ------w-    c:windowssystem32driversvmci.sys 2013-05-24 21:14 . 2013-05-24 21:14    35328    ----a-w-    c:windowssystem32driverspcntpci5.sys 2013-05-24 21:14 . 2013-05-24 21:14    10624    ----a-w-    c:windowssystem32driversgameenum.sys 2013-05-24 21:14 . 2013-05-24 21:14    40704    ----a-w-    c:windowssystem32driverses1371mp.sys 2013-05-24 21:14 . 2013-05-24 21:14    10240    ----a-w-    c:windowssystem32driverscompbatt.sys 2013-05-24 21:14 . 2013-05-24 21:14    13952    ----a-w-    c:windowssystem32driverscmbatt.sys 2013-05-24 21:14 . 2013-05-24 21:14    14208    ----a-w-    c:windowssystem32driversbattc.sys 2013-05-24 20:49 . 2013-05-24 20:59    16205390    ------w-    c:documents and settingsDLLSuite_Setup_2013.exe 2013-05-24 20:48 . 2013-05-24 21:09    105472    ------w-    c:documents and settingsHAL.DLL 2013-05-22 17:21 . 2013-05-21 21:55    37664    ------w-    c:windowssystem32driversavgtpx86.sys 2013-05-16 03:32 . 2013-05-16 03:32    51976    ----a-w-    c:windowsAUDBootDefrag.exe 2013-05-10 16:43 . 2011-04-22 23:02    1696256    ------w-    c:windowssystem32wmv9vcm.dll 2013-05-03 01:30 . 2004-08-03 23:20    2149888    ----a-w-    c:windowssystem32ntoskrnl.exe 2013-05-03 00:38 . 2004-08-03 22:59    2028544    ----a-w-    c:windowssystem32ntkrnlpa.exe 2013-03-27 18:49 . 2013-03-27 18:49    848    ------w-    c:program filesSystem Restore Daily Backup.vbs 2012-10-07 09:43 . 2012-10-07 09:16    6733824    ------w-    c:program filesAllMySongsDatabase.exe 2012-05-11 19:16 . 2012-05-11 19:16    171520    ------w-    c:program filesCommon FilesdsfOggDemux2.dll 2011-04-19 03:51 . 2011-04-19 03:51    653136    ------w-    c:program filesCommon FilesMSVCR90.dll 2011-04-19 03:51 . 2011-04-19 03:51    569680    ------w-    c:program filesCommon FilesMSVCP90.dll 2011-01-12 07:00 . 2011-01-12 07:00    30208    ------w-    c:program filesCommon Fileswmpinfo.dll 2011-01-12 07:00 . 2011-01-12 07:00    240128    ------w-    c:program filesCommon FilesdsfVorbisDecoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    146944    ------w-    c:program filesCommon FilesdsfFLACDecoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    221184    ------w-    c:program filesCommon FilesdsfFLACEncoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    204800    ------w-    c:program filesCommon FilesdsfNativeFLACSource.dll 2010-12-17 02:39 . 2010-12-17 02:39    302592    ------w-    c:program filesCommon Fileswebmmux.dll 2010-12-17 02:39 . 2010-12-17 02:39    701440    ------w-    c:program filesCommon Filesvp8encoder.dll 2010-12-17 02:39 . 2010-12-17 02:39    412672    ------w-    c:program filesCommon Filesvp8decoder.dll 2010-12-17 02:39 . 2010-12-17 02:39    292352    ------w-    c:program filesCommon Fileswebmsplit.dll 2007-11-19 19:10 . 2012-10-07 09:16    1937408    ------w-    c:program filesFreeImage.dll 2004-02-28 19:05 . 2011-05-18 22:56    266240    ------w-    c:program filesvbalTreeView6.ocx 2004-01-21 22:35 . 2011-05-18 22:56    40960    ------w-    c:program filesSSubTmr6.dll 2003-04-01 13:35 . 2011-05-18 22:56    122880    ------w-    c:program filescPopMenu6.ocx . . (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersGladinetIconOverlay] @="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}" [HKEY_CLASSES_ROOTCLSID{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}] 2011-05-09 12:10    194416    ------w-    c:program filesNuanceNuance Cloud ConnectorGlOverlayIcon.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersGladinetUploading] @="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}" [HKEY_CLASSES_ROOTCLSID{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}] 2011-05-09 12:13    194416    ------w-    c:program filesNuanceNuance Cloud ConnectorGlOverlayIconU.dll . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "STARTRIGHT"="c:program filesStartRightStartRight.exe" [2007-01-30 781824] "SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2004-10-14 1404928] . c:documents and settingsGAKStart MenuProgramsStartupCodeStuff Starter CodeStuff - Website.url [2011-8-24 54] Starter.lnk - c:program filesCodeStuffStarterStarter.exe [2009-5-17 485888] Uninstall Starter.lnk - c:program filesCodeStuffStarterunStarter.exe [2011-8-24 59740] . c:documents and settingsAdministrator.YOUR-70FEC468DEStart MenuProgramsStartup Chaos Manager loader.lnk - c:program filesChaos Manager 2cm2.exe [2011-7-30 1881600] . c:documents and settingsAll UsersStart MenuProgramsStartupAutorunsDisabled Adobe Gamma.lnk - c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) . [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute    REG_MULTI_SZ       autocheck autochk *0c:progra~1AVGAVG2013avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys] @="Driver" . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] backup=c:windowspssAdobe Acrobat Synchronizer.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:windowspssAdobe Gamma.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^iFinger 2.0.lnk] backup=c:windowspssiFinger 2.0.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk] backup=c:windowspssInterVideo Scheduler server.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] backup=c:windowspssInterVideo WinCinema Manager.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk] backup=c:windowspssNuance Cloud Connector.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^GAK^Desktop^Startup^Launch WhiteSmoke.lnk] backup=c:windowspssLaunch WhiteSmoke.lnkStartup . [HKLM~startupfolderC:^Shortcuts^Startup^Chaos Manager loader.lnk] backup=c:windowspssChaos Manager loader.lnkStartup . [HKLM~startupfolderC:^Shortcuts^Startup^Spartan.lnk] backup=c:windowspssSpartan.lnkStartup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAVG_UI] 2013-04-29 04:58    4408368    ----a-w-    c:program filesAVGAVG2013avgui.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2008-04-14 00:12    15360    ----a-w-    c:windowssystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTARTRIGHT] 2007-01-30 01:51    781824    ------w-    c:program filesStartRightStartRight.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTakeYourBreak 1.0] 2006-05-09 06:37    5467648    ------w-    c:program filesTakeYourBreakTakeYourBreak.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices] "WMService"=2 (0x2) "avast! Antivirus"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) "RapportMgmtService"=2 (0x2) "MBAMService"=2 (0x2) "MBAMScheduler"=2 (0x2) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "EnableFirewall"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "c:Program FilesAdobeAdobe Version Cue CS2binVersionCueCS2.exe"= "%windir%Network Diagnosticxpnetdiag.exe"= "c:Program FilesNuanceOmniPage18OmniPage18.exe"= "c:Program FilesNuanceOmniPage18PPMV.exe"= "c:Program FilesNuanceOmniPage18EregEreg.exe"= "c:Program FilesNuanceNuance Cloud ConnectorGladinetClient.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvr.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvr2003.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvrXP32.exe"= "c:Program FilesICQ7.5ICQ.exe"= "c:Program Filesbackburner 2monitor.exe"= "c:Program Filesbackburner 2manager.exe"= "c:Program Filesbackburner 2server.exe"= "c:WINDOWSsystem32SUPDSvc.exe"= "c:Program FilesIBMSPSSStatistics19stats.com"= "c:Program FilesIBMSPSSStatistics19WinWrapIDE.exe"= "c:Program FilesIBMSPSSStatistics19stats.exe"= "c:Program FilesOperaopera.exe"= "c:Program FilesAVGAVG2012avgmfapx.exe"= "c:Program FilesMicrosoft OfficeOFFICE12OUTLOOK.EXE"= "c:WINDOWSsystem32dpvsetup.exe"= "c:Program FilesSkypePhoneSkype.exe"= "c:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cRpcAgentSrv.exe"= "c:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cWNt500x86RpcSandraSrv.exe"= "c:Program FilesRoboTaskRoboTask.exe"= "c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"= "c:Program FilesEPSON SoftwareEvent ManagerEEventManager.exe"= "c:Documents and SettingsGAKApplication DataSpotifyspotify.exe"= "c:Program FilesLeawoLeawo Blu-ray PlayerLeawo Blu-ray Player.exe"= "c:Program FilesEASEUSTodo BackupbinAgent.exe"= "c:Program FilesEASEUSTodo BackupbinTbService.exe"= "c:Program FilesEASEUSTodo BackupbinTBConsoleUI.exe"= "c:WINDOWSsystem32mmc.exe"= "c:Program FilesVuzeAzureus.exe"= "c:Program FilesAVGAVG2013avgnsx.exe"= "c:Program FilesAVGAVG2013avgdiagex.exe"= "c:Program FilesAVGAVG2013avgmfapx.exe"= "c:Program FilesAVGAVG2013avgwdsvc.exe"= "c:Program FilesAVGAVG2013avgemcx.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "51001:TCP"= 51001:TCP:Dragon Smart Phone Server "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 AVGIDSHX;AVGIDSHX;c:windowssystem32driversavgidshx.sys [2/8/2013 4:37 AM 60216] R0 Avglogx;AVG Logging Driver;c:windowssystem32driversavglogx.sys [2/8/2013 4:37 AM 245048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2/8/2013 4:37 AM 39224] R0 EUBAKUP;EUBAKUP;c:windowssystem32driverseubakup.sys [3/5/2013 8:57 PM 50248] R0 EUBKMON;EUBKMON;c:windowssystem32driversEUBKMON.sys [3/5/2013 8:57 PM 40648] R0 FileLock;FileLock;c:windowssystem32driversFileLock.sys [1/22/2012 12:51 PM 35456] R0 hotcore3;hc3ServiceName;c:windowssystem32drivershotcore3.sys [9/6/2011 4:27 PM 57112] R1 aflfile;AFLFile;c:windowssystem32driversaflfile.sys [11/17/2012 9:15 PM 22984] R1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversavgidsdriverx.sys [3/29/2013 2:53 AM 208184] R1 AVGIDSShim;AVGIDSShim;c:windowssystem32driversavgidsshimx.sys [3/1/2013 10:32 AM 22328] R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2/8/2013 4:37 AM 170808] R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [3/21/2013 3:08 AM 182072] R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [5/21/2013 5:55 PM 37664] R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:windowssystem32driversCSN5PDTS82.sys [4/10/2012 4:58 PM 28184] R1 EUDSKACS;EUDSKACS;c:windowssystem32driverseudskacs.sys [3/5/2013 8:57 PM 14920] R1 EUFDDISK;EUFDDISK;c:windowssystem32driversEuFdDisk.sys [3/5/2013 8:57 PM 185672] R1 SafDskNT;SafeHouse;c:windowssystem32driversSafDskNT.sys [12/7/2009 8:12 PM 78336] R1 Uim_Vim;UIM Virtual Image Plugin;c:windowssystem32driversUim_Vim.sys [10/31/2012 2:17 PM 283472] R2 AHDDC2;Ashampoo HDD Control 2 Service;c:program filesAshampooAshampoo HDD Control 2AHDDC2_Service.exe [6/10/2013 8:02 AM 1518504] R2 avgwd;AVG WatchDog;c:program filesAVGAVG2013avgwdsvc.exe [4/18/2013 4:34 AM 283136] R2 MCDefragService;mobile concepts DefragService;c:program filesCommon FilesMC CommonAMDSrv.exe [11/23/2011 5:18 PM 5663856] R2 NetBalancer Windows Service;NetBalancer Windows Service;c:program filesNetBalancerSeriousBit.NetBalancer.Service.exe [2/18/2012 7:34 AM 10240] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:program filesNuancePaperPortPDFProFiltSrvPP.exe [2/11/2010 2:30 AM 144672] R2 PS-Disk Monitoring Utility;PS-Disk Monitoring Utility;c:program filesPS-Disk Monitoring UtilityHardDiskMonitoringService.exe [8/12/2008 5:04 PM 53248] R2 SCRCAMNETDRIVER;ScreenCamera.Net Video Camera;c:windowssystem32driversSCRCAMNETDRIVER.sys [6/28/2012 8:41 AM 233096] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:windowssystem32driversthdudf.sys [10/8/2012 12:26 PM 66944] R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:program filesUSB Safely RemoveUSBSRService.exe [1/12/2012 6:59 PM 257880] R3 Avgfwdx;Avgfwdx;c:windowssystem32driversavgfwdx.sys [1/12/2012 7:52 PM 30944] R3 dc3d;MS Hardware Device Detection Driver (USB);c:windowssystem32driversdc3d.sys [9/22/2011 10:02 PM 45288] R3 Nbdrv;NetBalancer Service;c:windowssystem32driversnbdrv.sys [2/18/2012 7:34 AM 31016] R3 pcouffin;VSO Software pcouffin;c:windowssystem32driverspcouffin.sys [10/28/2011 2:33 PM 47360] R3 RRNetCapMP;RRNetCapMP;c:windowssystem32driversrrnetcap.sys [7/19/2012 11:21 PM 31848] S2 avgfws;AVG Firewall;c:program filesAVGAVG2013avgfws.exe [4/10/2013 11:07 AM 1428472] S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2013avgidsagent.exe [5/14/2013 12:54 AM 4937264] S3 ampa;ampa;c:windowssystem32ampa.sys [4/28/2012 6:23 PM 10936] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:windowssystem32driversApowersoft_AudioDevice.sys [11/4/2011 11:16 AM 16640] S3 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwdx.sys [1/12/2012 7:52 PM 30944] S3 BrYNSvc;BrYNSvc;c:program filesBrowny02BrYNSvc.exe [1/31/2013 3:37 PM 245760] S3 DfSdkS;Defragmentation-Service;c:program filesAshampooAshampoo HDD Control 2DfSdkS.exe [6/10/2013 8:03 AM 406016] S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:windowssystem32driversDigiartyVirtualCDBus.sys [10/28/2011 10:39 PM 163616] S3 DragonSvc;Dragon Service;c:program filesCommon FilesNuancedgnsvc.exe [6/4/2011 1:12 PM 296808] S3 epmntdrv;epmntdrv;c:windowssystem32epmntdrv.sys [1/11/2012 10:58 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:windowssystem32EuGdiDrv.sys [1/11/2012 10:58 PM 8456] S3 GladFileMonSvc;GladFileMonSvc;c:program filesNuanceNuance Cloud ConnectorGladFileMonSvc.exe [5/9/2011 8:18 AM 29552] S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:windowssystem32drivershitmanpro37.sys [5/30/2013 6:20 AM 30464] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [4/22/2011 10:09 AM 22856] S3 RRNetCap;RRNetCap Service;c:windowssystem32driversrrnetcap.sys [7/19/2012 11:21 PM 31848] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:program filesSiSoftwareSiSoftware Sandra Personal 2012.SP5cRpcAgentSrv.exe [9/23/2012 2:48 PM 68760] S3 SpeedBoosterSvc;AppBooster 2.0 Service;c:program filesCommon FilesMC CommonBoostService.exe [11/23/2011 5:18 PM 2236528] S3 wimmount;wimmount;c:windowssystem32driverswimmount.sys [9/30/2012 7:10 PM 19024] S3 WISOVD;WISOVD;c:program filesWinISO ComputingWinISObindriverWISOVD_xp.sys [3/21/2012 7:22 AM 4992] S4 ADExchange;ArcSoft Exchange Service;c:program filesCommon FilesArcSoftesinterBineservutil.exe [10/25/2011 10:32 PM 37280] S4 ctm;Convar task manager;c:program filesConvarTaskManagerctm.exe [11/23/2011 8:38 PM 98304] S4 DymoPnpService;DYMO PnP Service;c:program filesDYMODYMO Label SoftwareDymoPnpService.exe [10/9/2012 12:30 PM 32368] S4 EaseUS Agent;EaseUS Agent Service;c:program filesEASEUSTodo BackupbinAgent.exe [5/23/2013 10:04 AM 68168] S4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:program filesEPSONEpsonCustomerParticipationEPCP.exe [5/10/2012 2:00 PM 539744] S4 EpsonScanSvc;Epson Scanner Service;c:windowssystem32escsvc.exe [3/10/2013 1:00 PM 122000] S4 FLService;FLService;c:program filesidooFile EncryptionFLService.exe [1/22/2012 12:51 PM 86016] S4 GSService;GSService;c:windowssystem32GSService.exe [7/17/2012 5:13 PM 252416] S4 Guard Agent;Guard Agent Service;c:program filesEASEUSTodo BackupbinGuardAgent.exe [5/23/2013 10:04 AM 23624] S4 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [9/11/2012 5:00 PM 418376] S4 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [4/22/2011 10:09 AM 701512] S4 ocster_1clk_backup;Ocster 1-Click Backup;c:program filesOcster 1-Click BackupbinbackupService-ox1c.exe [5/5/2013 2:47 AM 20656] S4 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [7/13/2012 1:28 PM 160944] S4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:program filesCommon FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe --> c:program filesCommon FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe [?] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-09 23:14    1173456    ----a-w-    c:program filesGoogleChromeApplication28.0.1500.71Installerchrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-12 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-14 17:11] . 2013-01-14 c:windowsTasksAppleSoftwareUpdate.job - c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 22:57] . 2013-07-12 c:windowsTasksGlaryInitialize.job - c:program filesGlary Utilitiesinitialize.exe [2012-01-25 14:50] . 2013-07-12 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2011-04-24 01:55] . 2013-07-12 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2011-04-24 01:55] . 2011-09-23 c:windowsTasksMicrosoft_Hardware_Launch_IType_exe.job - c:program filesMicrosoft IntelliType Proitype.exe [2011-08-10 23:39] . 2013-07-11 c:windowsTasksSystem Restore Daily Backup.job - c:program filesSystem Restore Daily Backup.vbs [2013-03-27 18:49] . 2013-07-11 c:windowsTasksUnattended System Restore Point.vbs.job - d:miscellaneousUnattended System Restore Point.vbs.docx [2013-03-23 18:47] . 2013-07-12 c:windowsTasksUser_Feed_Synchronization-{FC8AAE0C-A3CC-4CF3-AA8B-3A2599249992}.job - c:windowssystem32msfeedssync.exe [2009-03-08 12:31] . . ------- Supplementary Scan ------- . IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:program filesICQ7.5ICQ.exe TCP: DhcpNameServer = 192.168.0.1 DPF: Microsoft XML Parser for Java FF - ProfilePath - c:documents and settingsGAKApplication DataMozillaFirefoxprofilesostayg09.default FF - ExtSQL: 2013-05-20 09:55; SoundFrost@helper.com; c:program filesSoundFrostSoundFrost.xpi FF - ExtSQL: 2013-06-09 13:50; troubleshooter@mozilla.org; c:documents and settingsGAKApplication DataMozillaFirefoxProfilesostayg09.defaultextensionstroubleshooter@mozilla.org.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-12 12:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ...   . scanning hidden autostart entries ... . scanning hidden files ...   . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESystemControlSet003ServicesSentinelImagePath] . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4052) c:windowssystem32WININET.dll c:program files4t Tray MinimizerShellEh552.dll c:program filesStart Menu XStartMenuXHook32.dll c:program filesSticky PasswordspCapBtnLdr.dll c:program filesSticky PasswordspCapBtn.dll c:program filesNuanceNuance Cloud ConnectorGlOverlayIcon.dll c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll c:program filesNuanceNuance Cloud ConnectorGlOverlayIconU.dll c:windowssystem32ieframe.dll c:windowssystem32webcheck.dll . Completion time: 2013-07-12  12:04:24 ComboFix-quarantined-files.txt  2013-07-12 16:04 ComboFix2.txt  2013-07-11 16:44 ComboFix3.txt  2013-07-10 18:43 ComboFix4.txt  2013-06-08 23:30 ComboFix5.txt  2013-07-12 15:41 . Pre-Run: 431,829,716,992 bytes free Post-Run: 431,869,886,464 bytes free . - - End Of File - - 6B65D98CA7F4E076E16B19CAA4B64600 8F558EB6672622401DA993E1E865C861  



#10 Tomk_

Tomk_

    WTT Teacher

  • Trusted Malware Techs
  • 1,094 posts
  • Gender:Male


Posted 12 July 2013 - 01:06 PM

1) can malware hide out or insert themselves n DVD files like vob, ifo and bup files. If they can I would assume once you placed the DVD in the CD/DVD drive of a computer that computer would become infected with the virus. Am I correct in this assumption?

 

Malware can hide... but it cannot insert itself into those files.  Some person would have had to "patch" the "good" file with malware.  If the file is infected... the system will become infected upon execution... even if from a DVD.  There is malware that hides in the autostart of CD's so that it executes as soon as the cd is put in the drive.  This is why after XP (Vista, Windows 7 and 8) microsoft did away with the autoplay function.

2) How effective do you think ant virus programs like AVG and their major competitors are in stopping malware?

 

They are very effective against threats that have been identified.  The problem is that there are dozens or even hundreds found each day.  The AV programmers moniter many places, such as download sites, to get a copy of the newest strains.  That is why definitions are updated daily.  If you frequent these sites, you will become infected before the AV people have a chance to identify them - therefore your AV will not have a chance to do anything for you.

3) Assuming the answer to question two above is "way less than 100%", would you recommend browsing in something like Sandboxie if you don't want to download anything whilst browsing (On this point is there anything better than Sandboxie out there for virtual browsing?)

 

Sandboxie is a good tool.  AVAST! has a sandbox built right into it.  But you must remember that it can only provide protection while the file is in the box.  If you copy it... you've removed it and therefore Sandboxie can do nothing for you.  If you intend to exhibit "risky" behavior with your computer... you could set up a virtual machine.  That is like having a whole computer in the sandbox.  If the virtual machine gets infected... you just delete it and set up a new image.  Again... you cannot transfer anything from the virtual machine to a "live" machine without passing infections.  This is why cross contamination is so common.

 

We are going to try a script one more time

 

[color=#0000FF;]COMBOFIX-Script[/color]
 


    [*]Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Firefox::FF - ProfilePath - c:documents and settingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultFF - ExtSQL: 2013-05-20 09:55; SoundFrost@helper.com; c:program filesSoundFrostSoundFrost.xpiDDS::FF - ExtSQL: 2013-05-20 09:55; SoundFrost@helper.com; c:program filesSoundFrostSoundFrost.xpifolder::c:program filesSoundFrost
    [*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
    [*][color=#FF0000;]Very Important![/color] Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    [*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    [*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    [*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    [/list]

    [color=#FF0000;]CAUTION:[/color] Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
     

     



#11 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 12 July 2013 - 06:41 PM

Thanks for your comments on viruses and virtual browsers. I guess there really is no fool proof way of dealing with dodgy websites. Sell your soul to the devil and there definitely is a catch.

 

I ran ComboFix again with added code. For some reason it crashed the first time. I don't know why as I'd stepped away from the computer. It could have been because AVG came back on. I don't think I was away from the computer long enough before I needed to extend the time it was disabled, but maybe I misjudged the time.

 

Anyway, I ran ComboFix with the code again and stayed at the computer throughout. Below is the log.

 

Have a great night and thanks again for your help.

 

ComboFix 13-07-12.01 - GAK 07/12/2013  19:08:52.9.2 - x86 Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2645 [GMT -4:00] Running from: c:documents and settingsGAKDesktopComboFix.exe Command switches used :: c:documents and settingsGAKDesktopCFScript.txt AV: AVG Internet Security Business Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: AVG Internet Security Business Edition 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((   Files Created from 2013-06-12 to 2013-07-12  ))))))))))))))))))))))))))))))) . . 2013-07-12 20:00 . 2013-07-12 20:12    --------    d-----w-    c:windowssystem32MRT 2013-07-12 14:28 . 2013-07-12 14:28    --------    d-----w-    c:documents and settingsGAKApplication DataElevatedDiagnostics 2013-07-11 15:13 . 2013-07-11 15:25    3720    ----a-w-    C:FixitRegBackup.reg 2013-07-10 18:10 . 2013-07-10 18:10    --------    d-----w-    c:program filesComboFix 2013-07-09 20:45 . 2013-07-09 20:45    --------    d-----w-    c:program filesBatchInpaint 2013-07-06 13:47 . 2013-07-06 13:47    94632    ----a-w-    c:windowssystem32WindowsAccessBridge.dll 2013-06-17 17:12 . 2013-06-17 17:12    --------    d-----w-    c:program filesAnvisoft 2013-06-14 10:33 . 2013-06-14 10:33    --------    d-----w-    C:_OTL 2013-06-13 22:38 . 2013-06-13 22:38    --------    d--h--w-    c:windowsPIF 2013-06-13 21:23 . 2013-06-13 21:25    --------    d-----w-    c:program filesAllMedia Grabber 2013-06-13 21:23 . 2013-06-13 21:24    --------    d-----w-    c:windowsAllMedia Grabber . . . ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-06 13:47 . 2012-04-29 20:53    867240    ----a-w-    c:windowssystem32npdeployJava1.dll 2013-07-06 13:47 . 2011-08-10 01:51    789416    ----a-w-    c:windowssystem32deployJava1.dll 2013-07-06 13:47 . 2011-08-10 01:51    144896    ----a-w-    c:windowssystem32javacpl.cpl 2013-06-12 17:11 . 2012-04-14 13:18    692104    ----a-w-    c:windowssystem32FlashPlayerApp.exe 2013-06-12 17:11 . 2011-12-16 02:33    71048    ----a-w-    c:windowssystem32FlashPlayerCPLApp.cpl 2013-06-08 03:55 . 2004-08-03 22:59    385024    ------w-    c:windowssystem32html.iec 2013-06-07 21:56 . 2004-08-04 00:56    920064    ----a-w-    c:windowssystem32wininet.dll 2013-06-07 21:56 . 2004-08-04 00:56    43520    ------w-    c:windowssystem32licmgr10.dll 2013-06-07 21:56 . 2004-08-04 00:56    1469440    ------w-    c:windowssystem32inetcpl.cpl 2013-06-04 07:23 . 2004-08-04 00:56    562688    ----a-w-    c:windowssystem32qedit.dll 2013-06-04 01:40 . 2004-08-03 23:17    1876736    ----a-w-    c:windowssystem32win32k.sys 2013-05-30 10:20 . 2013-05-30 10:20    30464    ----a-w-    c:windowssystem32drivershitmanpro37.sys 2013-05-29 18:41 . 2013-05-29 18:41    388096    ----a-r-    c:documents and settingsGAKApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2013-05-24 21:14 . 2013-05-24 21:14    19504    ------w-    c:windowssystem32driversvmdebug.sys 2013-05-24 21:14 . 2013-05-24 21:14    54960    ------w-    c:windowssystem32driversvmci.sys 2013-05-24 21:14 . 2013-05-24 21:14    35328    ----a-w-    c:windowssystem32driverspcntpci5.sys 2013-05-24 21:14 . 2013-05-24 21:14    10624    ----a-w-    c:windowssystem32driversgameenum.sys 2013-05-24 21:14 . 2013-05-24 21:14    40704    ----a-w-    c:windowssystem32driverses1371mp.sys 2013-05-24 21:14 . 2013-05-24 21:14    10240    ----a-w-    c:windowssystem32driverscompbatt.sys 2013-05-24 21:14 . 2013-05-24 21:14    13952    ----a-w-    c:windowssystem32driverscmbatt.sys 2013-05-24 21:14 . 2013-05-24 21:14    14208    ----a-w-    c:windowssystem32driversbattc.sys 2013-05-24 20:49 . 2013-05-24 20:59    16205390    ------w-    c:documents and settingsDLLSuite_Setup_2013.exe 2013-05-24 20:48 . 2013-05-24 21:09    105472    ------w-    c:documents and settingsHAL.DLL 2013-05-22 17:21 . 2013-05-21 21:55    37664    ------w-    c:windowssystem32driversavgtpx86.sys 2013-05-16 03:32 . 2013-05-16 03:32    51976    ----a-w-    c:windowsAUDBootDefrag.exe 2013-05-10 16:43 . 2011-04-22 23:02    1696256    ------w-    c:windowssystem32wmv9vcm.dll 2013-05-03 01:30 . 2004-08-03 23:20    2149888    ----a-w-    c:windowssystem32ntoskrnl.exe 2013-05-03 00:38 . 2004-08-03 22:59    2028544    ----a-w-    c:windowssystem32ntkrnlpa.exe 2013-03-27 18:49 . 2013-03-27 18:49    848    ------w-    c:program filesSystem Restore Daily Backup.vbs 2012-10-07 09:43 . 2012-10-07 09:16    6733824    ------w-    c:program filesAllMySongsDatabase.exe 2012-05-11 19:16 . 2012-05-11 19:16    171520    ------w-    c:program filesCommon FilesdsfOggDemux2.dll 2011-04-19 03:51 . 2011-04-19 03:51    653136    ------w-    c:program filesCommon FilesMSVCR90.dll 2011-04-19 03:51 . 2011-04-19 03:51    569680    ------w-    c:program filesCommon FilesMSVCP90.dll 2011-01-12 07:00 . 2011-01-12 07:00    30208    ------w-    c:program filesCommon Fileswmpinfo.dll 2011-01-12 07:00 . 2011-01-12 07:00    240128    ------w-    c:program filesCommon FilesdsfVorbisDecoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    146944    ------w-    c:program filesCommon FilesdsfFLACDecoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    221184    ------w-    c:program filesCommon FilesdsfFLACEncoder.dll 2011-01-12 07:00 . 2011-01-12 07:00    204800    ------w-    c:program filesCommon FilesdsfNativeFLACSource.dll 2010-12-17 02:39 . 2010-12-17 02:39    302592    ------w-    c:program filesCommon Fileswebmmux.dll 2010-12-17 02:39 . 2010-12-17 02:39    701440    ------w-    c:program filesCommon Filesvp8encoder.dll 2010-12-17 02:39 . 2010-12-17 02:39    412672    ------w-    c:program filesCommon Filesvp8decoder.dll 2010-12-17 02:39 . 2010-12-17 02:39    292352    ------w-    c:program filesCommon Fileswebmsplit.dll 2007-11-19 19:10 . 2012-10-07 09:16    1937408    ------w-    c:program filesFreeImage.dll 2004-02-28 19:05 . 2011-05-18 22:56    266240    ------w-    c:program filesvbalTreeView6.ocx 2004-01-21 22:35 . 2011-05-18 22:56    40960    ------w-    c:program filesSSubTmr6.dll 2003-04-01 13:35 . 2011-05-18 22:56    122880    ------w-    c:program filescPopMenu6.ocx . . (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersGladinetIconOverlay] @="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}" [HKEY_CLASSES_ROOTCLSID{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}] 2011-05-09 12:10    194416    ------w-    c:program filesNuanceNuance Cloud ConnectorGlOverlayIcon.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersGladinetUploading] @="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}" [HKEY_CLASSES_ROOTCLSID{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}] 2011-05-09 12:13    194416    ------w-    c:program filesNuanceNuance Cloud ConnectorGlOverlayIconU.dll . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "STARTRIGHT"="c:program filesStartRightStartRight.exe" [2007-01-30 781824] "SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2004-10-14 1404928] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce] "STARTRIGHT"="c:program filesStartRightStartRight.exe" [2007-01-30 781824] . c:documents and settingsGAKStart MenuProgramsStartupCodeStuff Starter CodeStuff - Website.url [2011-8-24 54] Starter.lnk - c:program filesCodeStuffStarterStarter.exe [2009-5-17 485888] Uninstall Starter.lnk - c:program filesCodeStuffStarterunStarter.exe [2011-8-24 59740] . c:documents and settingsAdministrator.YOUR-70FEC468DEStart MenuProgramsStartup Chaos Manager loader.lnk - c:program filesChaos Manager 2cm2.exe [2011-7-30 1881600] . c:documents and settingsAll UsersStart MenuProgramsStartupAutorunsDisabled Adobe Gamma.lnk - c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) . [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute    REG_MULTI_SZ       autocheck autochk *0c:progra~1AVGAVG2013avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys] @="Driver" . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] backup=c:windowspssAdobe Acrobat Synchronizer.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:windowspssAdobe Gamma.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^iFinger 2.0.lnk] backup=c:windowspssiFinger 2.0.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk] backup=c:windowspssInterVideo Scheduler server.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] backup=c:windowspssInterVideo WinCinema Manager.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk] backup=c:windowspssNuance Cloud Connector.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^GAK^Desktop^Startup^Launch WhiteSmoke.lnk] backup=c:windowspssLaunch WhiteSmoke.lnkStartup . [HKLM~startupfolderC:^Shortcuts^Startup^Chaos Manager loader.lnk] backup=c:windowspssChaos Manager loader.lnkStartup . [HKLM~startupfolderC:^Shortcuts^Startup^Spartan.lnk] backup=c:windowspssSpartan.lnkStartup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAVG_UI] 2013-04-29 04:58    4408368    ----a-w-    c:program filesAVGAVG2013avgui.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2008-04-14 00:12    15360    ----a-w-    c:windowssystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTARTRIGHT] 2007-01-30 01:51    781824    ------w-    c:program filesStartRightStartRight.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTakeYourBreak 1.0] 2006-05-09 06:37    5467648    ------w-    c:program filesTakeYourBreakTakeYourBreak.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices] "WMService"=2 (0x2) "avast! Antivirus"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) "RapportMgmtService"=2 (0x2) "MBAMService"=2 (0x2) "MBAMScheduler"=2 (0x2) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "EnableFirewall"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "c:Program FilesAdobeAdobe Version Cue CS2binVersionCueCS2.exe"= "%windir%Network Diagnosticxpnetdiag.exe"= "c:Program FilesNuanceOmniPage18OmniPage18.exe"= "c:Program FilesNuanceOmniPage18PPMV.exe"= "c:Program FilesNuanceOmniPage18EregEreg.exe"= "c:Program FilesNuanceNuance Cloud ConnectorGladinetClient.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvr.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvr2003.exe"= "c:Program FilesNuanceNuance Cloud ConnectorWOSVSSSvrXP32.exe"= "c:Program FilesICQ7.5ICQ.exe"= "c:Program Filesbackburner 2monitor.exe"= "c:Program Filesbackburner 2manager.exe"= "c:Program Filesbackburner 2server.exe"= "c:WINDOWSsystem32SUPDSvc.exe"= "c:Program FilesIBMSPSSStatistics19stats.com"= "c:Program FilesIBMSPSSStatistics19WinWrapIDE.exe"= "c:Program FilesIBMSPSSStatistics19stats.exe"= "c:Program FilesOperaopera.exe"= "c:Program FilesAVGAVG2012avgmfapx.exe"= "c:Program FilesMicrosoft OfficeOFFICE12OUTLOOK.EXE"= "c:WINDOWSsystem32dpvsetup.exe"= "c:Program FilesSkypePhoneSkype.exe"= "c:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cRpcAgentSrv.exe"= "c:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cWNt500x86RpcSandraSrv.exe"= "c:Program FilesRoboTaskRoboTask.exe"= "c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"= "c:Program FilesEPSON SoftwareEvent ManagerEEventManager.exe"= "c:Documents and SettingsGAKApplication DataSpotifyspotify.exe"= "c:Program FilesLeawoLeawo Blu-ray PlayerLeawo Blu-ray Player.exe"= "c:Program FilesEASEUSTodo BackupbinAgent.exe"= "c:Program FilesEASEUSTodo BackupbinTbService.exe"= "c:Program FilesEASEUSTodo BackupbinTBConsoleUI.exe"= "c:WINDOWSsystem32mmc.exe"= "c:Program FilesVuzeAzureus.exe"= "c:Program FilesAVGAVG2013avgnsx.exe"= "c:Program FilesAVGAVG2013avgdiagex.exe"= "c:Program FilesAVGAVG2013avgmfapx.exe"= "c:Program FilesAVGAVG2013avgwdsvc.exe"= "c:Program FilesAVGAVG2013avgemcx.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "51001:TCP"= 51001:TCP:Dragon Smart Phone Server "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 AVGIDSHX;AVGIDSHX;c:windowssystem32driversavgidshx.sys [2/8/2013 4:37 AM 60216] R0 Avglogx;AVG Logging Driver;c:windowssystem32driversavglogx.sys [2/8/2013 4:37 AM 245048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2/8/2013 4:37 AM 39224] R0 EUBAKUP;EUBAKUP;c:windowssystem32driverseubakup.sys [3/5/2013 8:57 PM 50248] R0 EUBKMON;EUBKMON;c:windowssystem32driversEUBKMON.sys [3/5/2013 8:57 PM 40648] R0 FileLock;FileLock;c:windowssystem32driversFileLock.sys [1/22/2012 12:51 PM 35456] R0 hotcore3;hc3ServiceName;c:windowssystem32drivershotcore3.sys [9/6/2011 4:27 PM 57112] R1 aflfile;AFLFile;c:windowssystem32driversaflfile.sys [11/17/2012 9:15 PM 22984] R1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversavgidsdriverx.sys [3/29/2013 2:53 AM 208184] R1 AVGIDSShim;AVGIDSShim;c:windowssystem32driversavgidsshimx.sys [3/1/2013 10:32 AM 22328] R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2/8/2013 4:37 AM 170808] R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [3/21/2013 3:08 AM 182072] R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [5/21/2013 5:55 PM 37664] R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:windowssystem32driversCSN5PDTS82.sys [4/10/2012 4:58 PM 28184] R1 EUDSKACS;EUDSKACS;c:windowssystem32driverseudskacs.sys [3/5/2013 8:57 PM 14920] R1 EUFDDISK;EUFDDISK;c:windowssystem32driversEuFdDisk.sys [3/5/2013 8:57 PM 185672] R1 SafDskNT;SafeHouse;c:windowssystem32driversSafDskNT.sys [12/7/2009 8:12 PM 78336] R1 Uim_Vim;UIM Virtual Image Plugin;c:windowssystem32driversUim_Vim.sys [10/31/2012 2:17 PM 283472] R2 AHDDC2;Ashampoo HDD Control 2 Service;c:program filesAshampooAshampoo HDD Control 2AHDDC2_Service.exe [6/10/2013 8:02 AM 1518504] R2 avgwd;AVG WatchDog;c:program filesAVGAVG2013avgwdsvc.exe [4/18/2013 4:34 AM 283136] R2 MCDefragService;mobile concepts DefragService;c:program filesCommon FilesMC CommonAMDSrv.exe [11/23/2011 5:18 PM 5663856] R2 NetBalancer Windows Service;NetBalancer Windows Service;c:program filesNetBalancerSeriousBit.NetBalancer.Service.exe [2/18/2012 7:34 AM 10240] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:program filesNuancePaperPortPDFProFiltSrvPP.exe [2/11/2010 2:30 AM 144672] R2 PS-Disk Monitoring Utility;PS-Disk Monitoring Utility;c:program filesPS-Disk Monitoring UtilityHardDiskMonitoringService.exe [8/12/2008 5:04 PM 53248] R2 SCRCAMNETDRIVER;ScreenCamera.Net Video Camera;c:windowssystem32driversSCRCAMNETDRIVER.sys [6/28/2012 8:41 AM 233096] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:windowssystem32driversthdudf.sys [10/8/2012 12:26 PM 66944] R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:program filesUSB Safely RemoveUSBSRService.exe [1/12/2012 6:59 PM 257880] R3 Avgfwdx;Avgfwdx;c:windowssystem32driversavgfwdx.sys [1/12/2012 7:52 PM 30944] R3 dc3d;MS Hardware Device Detection Driver (USB);c:windowssystem32driversdc3d.sys [9/22/2011 10:02 PM 45288] R3 Nbdrv;NetBalancer Service;c:windowssystem32driversnbdrv.sys [2/18/2012 7:34 AM 31016] R3 pcouffin;VSO Software pcouffin;c:windowssystem32driverspcouffin.sys [10/28/2011 2:33 PM 47360] R3 RRNetCapMP;RRNetCapMP;c:windowssystem32driversrrnetcap.sys [7/19/2012 11:21 PM 31848] S2 avgfws;AVG Firewall;c:program filesAVGAVG2013avgfws.exe [4/10/2013 11:07 AM 1428472] S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2013avgidsagent.exe [5/14/2013 12:54 AM 4937264] S3 ampa;ampa;c:windowssystem32ampa.sys [4/28/2012 6:23 PM 10936] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:windowssystem32driversApowersoft_AudioDevice.sys [11/4/2011 11:16 AM 16640] S3 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwdx.sys [1/12/2012 7:52 PM 30944] S3 BrYNSvc;BrYNSvc;c:program filesBrowny02BrYNSvc.exe [1/31/2013 3:37 PM 245760] S3 DfSdkS;Defragmentation-Service;c:program filesAshampooAshampoo HDD Control 2DfSdkS.exe [6/10/2013 8:03 AM 406016] S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:windowssystem32driversDigiartyVirtualCDBus.sys [10/28/2011 10:39 PM 163616] S3 DragonSvc;Dragon Service;c:program filesCommon FilesNuancedgnsvc.exe [6/4/2011 1:12 PM 296808] S3 epmntdrv;epmntdrv;c:windowssystem32epmntdrv.sys [1/11/2012 10:58 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:windowssystem32EuGdiDrv.sys [1/11/2012 10:58 PM 8456] S3 GladFileMonSvc;GladFileMonSvc;c:program filesNuanceNuance Cloud ConnectorGladFileMonSvc.exe [5/9/2011 8:18 AM 29552] S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:windowssystem32drivershitmanpro37.sys [5/30/2013 6:20 AM 30464] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [4/22/2011 10:09 AM 22856] S3 RRNetCap;RRNetCap Service;c:windowssystem32driversrrnetcap.sys [7/19/2012 11:21 PM 31848] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:program filesSiSoftwareSiSoftware Sandra Personal 2012.SP5cRpcAgentSrv.exe [9/23/2012 2:48 PM 68760] S3 SpeedBoosterSvc;AppBooster 2.0 Service;c:program filesCommon FilesMC CommonBoostService.exe [11/23/2011 5:18 PM 2236528] S3 wimmount;wimmount;c:windowssystem32driverswimmount.sys [9/30/2012 7:10 PM 19024] S3 WISOVD;WISOVD;c:program filesWinISO ComputingWinISObindriverWISOVD_xp.sys [3/21/2012 7:22 AM 4992] S4 ADExchange;ArcSoft Exchange Service;c:program filesCommon FilesArcSoftesinterBineservutil.exe [10/25/2011 10:32 PM 37280] S4 ctm;Convar task manager;c:program filesConvarTaskManagerctm.exe [11/23/2011 8:38 PM 98304] S4 DymoPnpService;DYMO PnP Service;c:program filesDYMODYMO Label SoftwareDymoPnpService.exe [10/9/2012 12:30 PM 32368] S4 EaseUS Agent;EaseUS Agent Service;c:program filesEASEUSTodo BackupbinAgent.exe [5/23/2013 10:04 AM 68168] S4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:program filesEPSONEpsonCustomerParticipationEPCP.exe [5/10/2012 2:00 PM 539744] S4 EpsonScanSvc;Epson Scanner Service;c:windowssystem32escsvc.exe [3/10/2013 1:00 PM 122000] S4 FLService;FLService;c:program filesidooFile EncryptionFLService.exe [1/22/2012 12:51 PM 86016] S4 GSService;GSService;c:windowssystem32GSService.exe [7/17/2012 5:13 PM 252416] S4 Guard Agent;Guard Agent Service;c:program filesEASEUSTodo BackupbinGuardAgent.exe [5/23/2013 10:04 AM 23624] S4 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [9/11/2012 5:00 PM 418376] S4 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [4/22/2011 10:09 AM 701512] S4 ocster_1clk_backup;Ocster 1-Click Backup;c:program filesOcster 1-Click BackupbinbackupService-ox1c.exe [5/5/2013 2:47 AM 20656] S4 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [7/13/2012 1:28 PM 160944] S4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:program filesCommon FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe --> c:program filesCommon FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe [?] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-09 23:14    1173456    ----a-w-    c:program filesGoogleChromeApplication28.0.1500.71Installerchrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-12 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-14 17:11] . 2013-01-14 c:windowsTasksAppleSoftwareUpdate.job - c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 22:57] . 2013-07-12 c:windowsTasksGlaryInitialize.job - c:program filesGlary Utilitiesinitialize.exe [2012-01-25 14:50] . 2013-07-12 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2011-04-24 01:55] . 2013-07-12 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2011-04-24 01:55] . 2011-09-23 c:windowsTasksMicrosoft_Hardware_Launch_IType_exe.job - c:program filesMicrosoft IntelliType Proitype.exe [2011-08-10 23:39] . 2013-07-11 c:windowsTasksSystem Restore Daily Backup.job - c:program filesSystem Restore Daily Backup.vbs [2013-03-27 18:49] . 2013-07-11 c:windowsTasksUnattended System Restore Point.vbs.job - d:miscellaneousUnattended System Restore Point.vbs.docx [2013-03-23 18:47] . 2013-07-12 c:windowsTasksUser_Feed_Synchronization-{FC8AAE0C-A3CC-4CF3-AA8B-3A2599249992}.job - c:windowssystem32msfeedssync.exe [2009-03-08 12:31] . . ------- Supplementary Scan ------- . IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:program filesICQ7.5ICQ.exe TCP: DhcpNameServer = 192.168.0.1 DPF: Microsoft XML Parser for Java FF - ProfilePath - c:documents and settingsGAKApplication DataMozillaFirefoxprofilesostayg09.default FF - ExtSQL: 2013-05-20 09:55; SoundFrost@helper.com; c:program filesSoundFrostSoundFrost.xpi FF - ExtSQL: 2013-06-09 13:50; troubleshooter@mozilla.org; c:documents and settingsGAKApplication DataMozillaFirefoxProfilesostayg09.defaultextensionstroubleshooter@mozilla.org.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-12 19:21 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ...   . scanning hidden autostart entries ... . scanning hidden files ...   . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESystemControlSet003ServicesSentinelImagePath] . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4564) c:windowssystem32WININET.dll c:program files4t Tray MinimizerShellEh552.dll c:program filesStart Menu XStartMenuXHook32.dll c:program filesSticky PasswordspCapBtnLdr.dll c:program filesSticky PasswordspCapBtn.dll c:program filesNuanceNuance Cloud ConnectorGlOverlayIcon.dll c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll c:program filesNuanceNuance Cloud ConnectorGlOverlayIconU.dll c:windowssystem32ieframe.dll c:windowssystem32webcheck.dll . Completion time: 2013-07-12  19:25:16 ComboFix-quarantined-files.txt  2013-07-12 23:25 ComboFix2.txt  2013-07-12 16:04 ComboFix3.txt  2013-07-11 16:44 ComboFix4.txt  2013-07-10 18:43 ComboFix5.txt  2013-07-12 22:36 . Pre-Run: 431,664,504,832 bytes free Post-Run: 431,632,203,776 bytes free . - - End Of File - - AF940DB2FC3AE7B28C05F822F0B392A3 8F558EB6672622401DA993E1E865C861  



#12 Tomk_

Tomk_

    WTT Teacher

  • Trusted Malware Techs
  • 1,094 posts
  • Gender:Male


Posted 12 July 2013 - 11:45 PM

OK... you already have OTL... please run it and paste me the log.

#13 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 13 July 2013 - 08:12 AM

After I ran the last ComboFix I was still being redirected.

 

Here is the output of the OTL run you requested:

 

OTL logfile created on: 7/13/2013 7:36:50 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:Documents and SettingsGAKDesktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 79.90% Memory free
5.09 Gb Paging File | 4.45 Gb Available in Paging File | 87.47% Paging File free
Paging file location(s): C:pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 488.28 Gb Total Space | 401.89 Gb Free Space | 82.31% Space Free | Partition Type: NTFS
Drive D: | 488.28 Gb Total Space | 387.38 Gb Free Space | 79.34% Space Free | Partition Type: NTFS
Drive E: | 488.28 Gb Total Space | 488.07 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive F: | 398.16 Gb Total Space | 398.08 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 308.66 Gb Free Space | 66.27% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-BAE951A73C | User Name: GAK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/10 10:39:39 | 000,681,768 | ---- | M] (Bitsum) -- C:Program FilesProcess LassoProcessGovernor.exe
PRC - [2013/07/10 10:39:38 | 000,958,248 | ---- | M] (Bitsum) -- C:Program FilesProcess LassoProcessLasso.exe
PRC - [2013/07/06 09:47:04 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:Program FilesJavajre7binjqs.exe
PRC - [2013/06/19 16:55:32 | 008,136,504 | ---- | M] (Lamantine Software a.s.) -- C:Program FilesSticky Passwordstpass.exe
PRC - [2013/06/17 08:52:18 | 000,543,320 | ---- | M] (Sandboxie Holdings, LLC) -- C:Program FilesSandboxieSbieCtrl.exe
PRC - [2013/06/17 08:52:18 | 000,126,040 | ---- | M] (Sandboxie Holdings, LLC) -- C:Program FilesSandboxieSbieSvc.exe
PRC - [2013/06/11 19:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsGAKdesktopOTL.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2013avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2013avgwdsvc.exe
PRC - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2013avgfws.exe
PRC - [2012/10/04 11:46:54 | 003,511,728 | ---- | M] (OrdinarySoft) -- C:Program FilesStart Menu XStartMenuX.exe
PRC - [2012/07/30 09:48:20 | 003,783,592 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:Program FilesAshampooAshampoo HDD Control 2AHDDC2_Guard.exe
PRC - [2012/07/30 09:48:16 | 001,518,504 | ---- | M] () -- C:Program FilesAshampooAshampoo HDD Control 2AHDDC2_Service.exe
PRC - [2012/02/16 12:26:04 | 000,010,240 | ---- | M] (SeriousBit) -- C:Program FilesNetBalancerSeriousBit.NetBalancer.Service.exe
PRC - [2011/09/08 13:48:34 | 005,663,856 | ---- | M] (mobile concepts) -- C:Program FilesCommon FilesMC CommonAMDSrv.exe
PRC - [2011/09/06 21:37:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
PRC - [2011/08/11 17:58:24 | 001,848,832 | ---- | M] (4t Niagara Software) -- C:Program Files4t Tray Minimizer4t-min.exe
PRC - [2011/08/04 14:25:20 | 000,257,880 | ---- | M] () -- C:Program FilesUSB Safely RemoveUSBSRService.exe
PRC - [2010/02/11 02:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:Program FilesNuancePaperPortPDFProFiltSrvPP.exe
PRC - [2010/01/31 22:55:50 | 001,881,600 | ---- | M] () -- C:Program FilesChaos Manager 2cm2.exe
PRC - [2008/10/15 00:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe
PRC - [2008/08/12 17:04:30 | 000,053,248 | ---- | M] () -- C:Program FilesPS-Disk Monitoring UtilityHardDiskMonitoringService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe
PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:WINDOWSsystem32CtHelper.exe
PRC - [2002/12/17 20:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/10 18:12:18 | 000,028,160 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32SeriousBit.NetBalan#aa7039909e62bb4cbbb3b36582b0cd28SeriousBit.NetBalancer.Service.ni.exe
MOD - [2013/07/10 18:12:12 | 001,711,616 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.VisualBas#a1434aebf13ff1e4c5de2840a06b7c38Microsoft.VisualBasic.ni.dll
MOD - [2013/07/10 18:12:09 | 000,503,808 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32SeriousBit.Licensinga6cc7a012e50cdbddb571fc9c6956854SeriousBit.Licensing.ni.dll
MOD - [2013/07/10 18:12:03 | 000,998,400 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Managementb22afb5424455b579511b925aa1563c9System.Management.ni.dll
MOD - [2013/07/10 18:11:33 | 000,771,584 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Runtime.Remo#da28f3d44be7def2d84269f1db5718d6System.Runtime.Remoting.ni.dll
MOD - [2013/07/10 18:11:32 | 001,170,432 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32SeriousBit.NetBalan#e45662e073f48ad357ec3c6dacc7ab30SeriousBit.NetBalancer.Core.ni.dll
MOD - [2013/07/10 18:11:28 | 000,212,992 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.ServiceProce#8f3e54440f3742da409131428ad1bce1System.ServiceProcess.ni.dll
MOD - [2013/07/10 18:11:23 | 000,369,664 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32PacketDotNet7820edfdb652f1256cd7bede60be5596PacketDotNet.ni.dll
MOD - [2013/07/10 18:11:22 | 000,030,208 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Localizator6d2dc5c0afe193ba8bcf69d6cf351088Localizator.ni.dll
MOD - [2013/07/10 18:11:21 | 000,492,544 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32LinqBridgee3a1e3a4aa6eb346fe08856bbaf2ea8dLinqBridge.ni.dll
MOD - [2013/07/10 18:11:19 | 000,941,056 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Ionic.Zip6fa1329589f1afd60d32a5d2eac48c04Ionic.Zip.ni.dll
MOD - [2013/07/10 18:11:07 | 000,978,944 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Configuration79533103112291e81204ca24aed19890System.Configuration.ni.dll
MOD - [2013/07/10 18:11:05 | 000,071,680 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32BugReportingb5ad16550fe0d6046a8a8f22aa069dcaBugReporting.ni.dll
MOD - [2013/07/10 16:55:32 | 005,462,016 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Xmla1d221960bf7a0cbfd1f355595f77e83System.Xml.ni.dll
MOD - [2013/07/10 16:48:58 | 001,593,344 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawing82a53e923936d5f62d9af4cdfe50a4f8System.Drawing.ni.dll
MOD - [2013/07/10 16:48:09 | 006,616,576 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Data2ac6146a15ceb466f389e373699b3b90System.Data.ni.dll
MOD - [2013/07/10 16:45:26 | 007,977,984 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System16562c54978851e92db8fec6f759bba1System.ni.dll
MOD - [2013/07/10 16:44:40 | 011,497,984 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlibb14359470744c840c59fbe4e58034fd6mscorlib.ni.dll
MOD - [2013/07/10 16:43:36 | 002,933,248 | ---- | M] () -- C:WINDOWSassemblyGAC_32System.Data2.0.0.0__b77a5c561934e089System.Data.dll
MOD - [2012/07/30 09:48:16 | 001,518,504 | ---- | M] () -- C:Program FilesAshampooAshampoo HDD Control 2AHDDC2_Service.exe
MOD - [2011/08/04 14:25:20 | 000,257,880 | ---- | M] () -- C:Program FilesUSB Safely RemoveUSBSRService.exe
MOD - [2010/01/31 22:55:50 | 001,881,600 | ---- | M] () -- C:Program FilesChaos Manager 2cm2.exe
MOD - [2008/08/12 17:04:30 | 000,053,248 | ---- | M] () -- C:Program FilesPS-Disk Monitoring UtilityHardDiskMonitoringService.exe
MOD - [2008/06/04 02:53:14 | 000,026,624 | ---- | M] () -- C:WINDOWSsystem32spd__l.dll
MOD - [2001/08/18 01:36:16 | 000,165,888 | ---- | M] () -- C:WINDOWSsystem32hpgt53.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - File not found [On_Demand | Stopped] -- C:Program FilesCommon FilesSureThing Sharedstllssvr.exe -- (stllssvr)
SRV - File not found [Disabled | Stopped] -- C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:Program FilesCommon FilesSonic SharedRoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - File not found [Disabled | Stopped] -- C:Program FilesCommon FilesSonic SharedRoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2013/07/06 09:47:04 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:Program FilesJavajre7binjqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/03 09:57:46 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/17 08:52:18 | 000,126,040 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:Program FilesSandboxieSbieSvc.exe -- (SbieSvc)
SRV - [2013/06/12 13:11:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:Program FilesAVGAVG2013avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/05 02:47:36 | 000,020,656 | ---- | M] () [Disabled | Stopped] -- c:Program FilesOcster 1-Click BackupbinbackupService-ox1c.exe -- (ocster_1clk_backup)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:Program FilesAVGAVG2013avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:Program FilesAVGAVG2013avgfws.exe -- (avgfws)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/16 13:13:06 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:Program FilesEASEUSTodo BackupbinGuardAgent.exe -- (Guard Agent)
SRV - [2013/03/16 13:00:52 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:Program FilesEASEUSTodo BackupbinAgent.exe -- (EaseUS Agent)
SRV - [2012/10/09 12:30:28 | 000,032,368 | ---- | M] (Sanford, L.P.) [Disabled | Stopped] -- C:Program FilesDYMODYMO Label SoftwareDymoPnpService.exe -- (DymoPnpService)
SRV - [2012/07/30 09:48:16 | 001,518,504 | ---- | M] () [Auto | Running] -- C:Program FilesAshampooAshampoo HDD Control 2AHDDC2_Service.exe -- (AHDDC2)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:Program FilesSkypeUpdaterUpdater.exe -- (SkypeUpdate)
SRV - [2012/07/05 17:50:22 | 000,252,416 | ---- | M] () [Disabled | Stopped] -- C:WINDOWSsystem32GSService.exe -- (GSService)
SRV - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:Program FilesEPSONEpsonCustomerParticipationEPCP.exe -- (EpsonCustomerParticipation)
SRV - [2012/02/16 12:26:04 | 000,010,240 | ---- | M] (SeriousBit) [Auto | Running] -- C:Program FilesNetBalancerSeriousBit.NetBalancer.Service.exe -- (NetBalancer Windows Service)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Disabled | Stopped] -- C:WINDOWSsystem32escsvc.exe -- (EpsonScanSvc)
SRV - [2011/10/25 22:32:24 | 000,037,280 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:Program FilesCommon FilesArcSoftesinterBineservutil.exe -- (ADExchange)
SRV - [2011/09/08 13:48:38 | 002,236,528 | ---- | M] (mobile concepts) [On_Demand | Stopped] -- C:Program FilesCommon FilesMC CommonBoostService.exe -- (SpeedBoosterSvc)
SRV - [2011/09/08 13:48:34 | 005,663,856 | ---- | M] (mobile concepts) [Auto | Running] -- C:Program FilesCommon FilesMC CommonAMDSrv.exe -- (MCDefragService)
SRV - [2011/09/06 21:37:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/04 14:25:20 | 000,257,880 | ---- | M] () [Auto | Running] -- C:Program FilesUSB Safely RemoveUSBSRService.exe -- (USBSafelyRemoveService)
SRV - [2011/06/09 19:39:14 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:Program FilesidooFile EncryptionFLService.exe -- (FLService)
SRV - [2011/06/04 13:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesNuancedgnsvc.exe -- (DragonSvc)
SRV - [2011/05/09 08:18:30 | 000,029,552 | ---- | M] (Gladinet, INC) [On_Demand | Stopped] -- C:Program FilesNuanceNuance Cloud ConnectorGladFileMonSvc.exe -- (GladFileMonSvc)
SRV - [2010/02/11 02:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:Program FilesNuancePaperPortPDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:Program FilesBrowny02BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:Program FilesAshampooAshampoo HDD Control 2DfSdkS.exe -- (DfSdkS)
SRV - [2008/09/05 01:09:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cRpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/08/12 17:04:30 | 000,053,248 | ---- | M] () [Auto | Running] -- C:Program FilesPS-Disk Monitoring UtilityHardDiskMonitoringService.exe -- (PS-Disk Monitoring Utility)
SRV - [2007/09/30 03:17:44 | 001,536,000 | ---- | M] () [Disabled | Stopped] -- C:WINDOWSsystem32AvidStartup.exe -- (AvidStartup)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:WINDOWSsystem32PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/06 13:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Disabled | Stopped] -- C:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 16:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/04/04 21:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:Program FilesAdobeAdobe Version Cue CS2binVersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/04/02 14:24:48 | 000,098,304 | ---- | M] (Convar Deutschland GmbH) [Disabled | Stopped] -- C:Program FilesConvarTaskManagerctm.exe -- (ctm)
SRV - [2002/12/17 20:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 20:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:WINDOWSsystem32driversSIODRV.SYS -- (SIODRV)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:DOCUME~1GAKLOCALS~1Tempcatchme.sys -- (catchme)
DRV - [2013/06/17 08:52:16 | 000,159,208 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:Program FilesSandboxieSbieDrv.sys -- (SbieDrv)
DRV - [2013/05/30 06:20:41 | 000,030,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32drivershitmanpro37.sys -- (hitmanpro37)
DRV - [2013/05/22 13:21:49 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgtpx86.sys -- (avgtp)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:WINDOWSsystem32driversmbam.sys -- (MBAMProtector)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgtdix.sys -- (Avgtdix)
DRV - [2013/03/16 12:50:16 | 000,185,672 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:WINDOWSsystem32driversEuFdDisk.sys -- (EUFDDISK)
DRV - [2013/03/16 12:47:04 | 000,040,648 | ---- | M] () [Kernel | Boot | Running] -- C:WINDOWSsystem32driversEUBKMON.sys -- (EUBKMON)
DRV - [2013/03/16 12:41:46 | 000,014,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:WINDOWSsystem32driverseudskacs.sys -- (EUDSKACS)
DRV - [2013/03/16 12:38:36 | 000,050,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:WINDOWSsystem32driverseubakup.sys -- (EUBAKUP)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:WINDOWSsystem32driversavgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversavglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversavgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:WINDOWSsystem32driversavgrkx86.sys -- (Avgrkx86)
DRV - [2013/02/05 19:34:43 | 000,039,048 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverstbhsd.sys -- (tbhsd)
DRV - [2012/10/31 14:17:26 | 000,452,688 | ---- | M] (Paragon) [Kernel | System | Running] -- C:WINDOWSsystem32driversUim_IM.sys -- (Uim_IM)
DRV - [2012/10/31 14:17:26 | 000,283,472 | ---- | M] (Paragon) [Kernel | System | Running] -- C:WINDOWSsystem32driversUim_Vim.sys -- (Uim_Vim)
DRV - [2012/10/31 14:17:26 | 000,081,232 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:WINDOWSsystem32driversUimBus.sys -- (UimBus)
DRV - [2012/09/27 12:08:10 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:WINDOWSsystem32driversthdudf.sys -- (thdudf)
DRV - [2012/08/25 06:25:10 | 000,022,984 | ---- | M] (Giant Matrix Limited) [Kernel | System | Running] -- C:WINDOWSsystem32driversaflfile.sys -- (aflfile)
DRV - [2012/07/25 10:36:37 | 000,163,616 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversDigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV - [2012/07/19 23:21:13 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversrrnetcap.sys -- (RRNetCapMP)
DRV - [2012/07/19 23:21:13 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversrrnetcap.sys -- (RRNetCap)
DRV - [2012/05/09 15:03:54 | 000,233,096 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversSCRCAMNETDRIVER.sys -- (SCRCAMNETDRIVER)
DRV - [2012/03/21 07:22:52 | 000,004,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:Program FilesWinISO ComputingWinISObindriverWISOVD_xp.sys -- (WISOVD)
DRV - [2012/02/02 16:13:44 | 000,057,112 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:WINDOWSsystem32drivershotcore3.sys -- (hotcore3)
DRV - [2012/01/22 12:51:52 | 000,035,456 | ---- | M] (Gili Soft Inc.) [File_System | Boot | Running] -- C:WINDOWSsystem32driversFileLock.sys -- (FileLock)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversavgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversavgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/26 15:34:30 | 000,010,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32ampa.sys -- (ampa)
DRV - [2011/10/14 23:21:42 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:WINDOWSsystem32driverstruecrypt.sys -- (truecrypt)
DRV - [2011/08/10 19:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversdc3d.sys -- (dc3d)
DRV - [2011/07/29 14:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/05/18 18:11:14 | 000,031,016 | ---- | M] (SeriousBit) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversnbdrv.sys -- (Nbdrv)
DRV - [2011/04/23 19:45:50 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:WINDOWSsystem32driverstifsfilt.sys -- (tifsfilter)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:WINDOWSsystem32speedfan.sys -- (speedfan)
DRV - [2010/12/30 18:19:40 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversApowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2010/05/20 15:14:52 | 000,028,184 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:WINDOWSsystem32driversCSN5PDTS82.sys -- (CSN5PDTS82)
DRV - [2009/12/07 20:12:36 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:WINDOWSsystem32driversSafDskNT.sys -- (SafDskNT)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:Program FilesSiSoftwareSiSoftware Sandra Personal 2012.SP5cWNt500x86sandra.sys -- (SANDRA)
DRV - [2008/02/27 16:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:WINDOWSsystem32driversBANTExt.sys -- (BANTExt)
DRV - [2008/02/25 16:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversRtnicxp.sys -- (RTL8023xp)
DRV - [2007/09/30 00:48:26 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:WINDOWSSystem32driversaspi32.sys -- (Aspi32)
DRV - [2007/09/29 23:38:48 | 000,056,832 | ---- | M] () [Kernel | System | Running] -- C:WINDOWSsystem32driversAvidXPSerial.sys -- (Serial)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32drivershaP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32drivershaP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversemupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversctac32k.sys -- (ctac32k)
DRV - [2006/08/08 12:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 12:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 12:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 12:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 12:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 12:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 12:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 12:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 23:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:WINDOWSsystem32driversDLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 23:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:WINDOWSsystem32driversDLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/02/09 23:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversati2mtag.sys -- (ati2mtag)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverssenfilt.sys -- (senfilt)
DRV - [2004/08/23 17:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversb57xp32.sys -- (b57w2k)
DRV - [2004/05/17 09:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversDGIVECP.SYS -- (DgiVecp)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversP16X.sys -- (P16X)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversctoss2k.sys -- (ossrv)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverspfc.sys -- (Pfc)
DRV - [2003/08/18 19:33:48 | 000,014,564 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:WINDOWSsystem32driversPCLEPCI.sys -- (PCLEPCI)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:WINDOWSsystem32driversomci.sys -- (OMCI)
DRV - [2001/08/17 15:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversel90xbc5.sys -- (EL90XBC)
DRV - [1996/12/12 08:30:00 | 000,064,512 | ---- | M] () [Kernel | Auto | Running] -- C:WINDOWSsystem32driversSENTINEL.SYS -- (Sentinel)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:WINDOWSsystem32giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com
IE - HKLM..URLSearchHook:  - No CLSID value found
IE - HKLM..SearchScopes,DefaultScope =
IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
 
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com
IE - HKCU..SearchScopes,DefaultScope =
IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU..SearchScopes{81675A2E-6191-4130-A937-F55A88BDA63F}: "URL" = http://search.yahoo....&type=994519&p={searchTerms}
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....r=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: SoundFrost@helper.com:3.7.0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....&type=994519&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....r=spigot-yhp-ff"
FF - user.js - File not found
 
FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32_11_7_700_224.dll ()
FF - HKLMSoftwareMozillaPlugins@dymo.com/DymoLabelFramework: C:Program FilesDYMODYMO Label SoftwareFrameworknpDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.25.2: C:WINDOWSsystem32npDeployJava1.dll (Oracle Corporation)
FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.25.2: C:Program FilesJavajre7binMsiExec.exenpjp2.dll File not found
FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll ( Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=6.0.11.2061: C:Program FilesRealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=1.0.2.2122: C:Program FilesRealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=6.0.12.1059: C:Program FilesRealRealPlayerNetscape6nprpjplug.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.6: C:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)
FF - HKLMSoftwareMozillaPlugins@winzip.com/Winzip Courier: C:Program FilesWinZip Couriernpwzwmc.dll (WinZip Computing, S.L.)
FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
FF - HKCUSoftwareMozillaPlugins@stickypassword.com/Sticky Password: C:Program FilesSticky PasswordnpspAutofill.dll (Lamantine Software a.s.)
FF - HKCUSoftwareMozillaPluginsen.pixelplan.pl/PIXELPLANWebViewer: C:Documents and SettingsGAKApplication DataPixelplanPixelplan O4C Viewer Web1.2.7npPIXELPLANWebViewer.dll (Pixelplan S.C.)
 
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program FilesAVGAVG2012Firefox4
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{9193F654-D886-4fef-8894-A97EF6623104}: C:Program FilesWondershareAllMyTubeSVRFirefoxExt
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 22.0extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2013/07/03 09:57:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 22.0extensionsPlugins: C:Program FilesMozilla Firefoxplugins
FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{54affe52-8223-453b-be1e-2fe2e250045c}: C:Documents and SettingsGAKApplication DataLamantineSticky PasswordspAutofill [2013/07/03 09:11:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsCaptureSaver@goldgingko.com: C:Program FilesCaptureSaverFirefox [2013/03/19 15:31:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsSoundFrost@helper.com: C:Program FilesSoundFrostSoundFrost.xpi [2013/05/20 09:55:10 | 000,038,116 | ---- | M] ()
 
[2011/12/21 12:30:51 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsGAKApplication DataMozillaExtensions
[2013/06/14 17:50:38 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofileshz32imv0.defaultextensions
[2013/06/14 17:50:38 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesnmk1y36l.defaultextensions
[2013/06/22 12:23:11 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions
[2013/06/22 12:23:10 | 000,000,000 | ---D | M] (FireShot) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/04/27 05:34:30 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2013/06/22 12:23:06 | 000,000,000 | ---D | M] (FEBE) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2013/04/08 09:05:49 | 000,000,000 | ---D | M] (Memory Fox) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2013/06/08 06:04:52 | 000,000,000 | ---D | M] (TooManyTabs) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensionsTooManyTabs@visibotech.com
[2013/06/09 13:50:16 | 000,011,571 | ---- | M] () (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensionstroubleshooter@mozilla.org.xpi
[2012/03/24 09:39:00 | 000,049,303 | ---- | M] () (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2011/12/21 14:18:44 | 000,020,995 | ---- | M] () (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{8a8c1ada-2504-45c6-a2d2-265591abbd00}.xpi
[2013/06/07 20:35:02 | 000,870,680 | ---- | M] () (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/21 16:46:25 | 000,001,362 | ---- | M] () (No name found) -- C:Documents and SettingsGAKApplication DataMozillaFirefoxprofilesostayg09.defaultextensions{4BBDD651-70CF-4821-84F8-2B918CF89CA3}chromeskinxpinstallItemGeneric.png
[2013/07/03 09:57:39 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions
[2013/07/03 09:57:39 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/03 09:57:39 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/07/03 09:57:38 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxbrowserextensions
[2013/07/03 09:57:47 | 000,000,000 | ---D | M] (Default) -- C:Program FilesMozilla Firefoxbrowserextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/20 09:55:10 | 000,038,116 | ---- | M] () (No name found) -- C:PROGRAM FILESSOUNDFROSTSOUNDFROST.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....&type=994519&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...fxjson&command={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:Program FilesGoogleChromeApplication28.0.1500.71PepperFlashpepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:Program FilesGoogleChromeApplication28.0.1500.71ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program FilesGoogleChromeApplication28.0.1500.71pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin7.dll
CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:Program FilesWindows Media Playernpdsplay.dll
CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpwmsdrm.dll
CHR - plugin: Pixelplan Web Viewer (Enabled) = C:Documents and SettingsGAKApplication DataPixelplanPixelplan O4C Viewer Web1.2.7npPIXELPLANWebViewer.dll
CHR - plugin: DYMO Label Framework (Enabled) = C:Program FilesDYMODYMO Label SoftwareFrameworknpDYMOLabelFramework.dll
CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.149npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:Program FilesMicrosoft Silverlight5.1.20125.0npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:Program FilesRealRealPlayerNetscape6nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprpjplug.dll
CHR - plugin: Sticky Password (Enabled) = C:Program FilesSticky PasswordnpspAutofill.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:Program FilesVideoLANVLCnpvlc.dll
CHR - plugin: WinZip Courier (Enabled) = C:Program FilesWinZip Couriernpwzwmc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:WINDOWSsystem32MacromedFlashNPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:WINDOWSsystem32npDeployJava1.dll
CHR - Extension: WinZip Courier = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsilckobikkmajlmhhdenkhonjkoaneclk3.0.2_0
CHR - Extension: Click to call with Skype = C:Documents and SettingsGAKLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.6.0.8153_0
 
O1 HOSTS File: ([2013/06/08 19:27:08 | 000,000,027 | ---- | M]) - C:WINDOWSsystem32driversetchosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:Program FilesNuancePDFViewerPlusbinPlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:Program FilesWinZip Courierwzwmcie.dll (WinZip Computing, S.L.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre1.6.0_22libdeployjqsiejqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU..ToolbarWebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..Run: [STARTRIGHT] C:Program FilesStartRightStartRight.exe (www.joejoesoft.com)
O4 - HKLM..RunOnce: [STARTRIGHT] C:Program FilesStartRightStartRight.exe (www.joejoesoft.com)
O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerInfodelivery present
O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoCDBurning = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoResolveTrack = Reg Error: Value error. File not found
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerAdvancedFolderHiddenSHOWALL: CheckedValue = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoResolveTrack = Reg Error: Value error. File not found
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerAdvancedFolderHiddenSHOWALL: CheckedValue = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{382AB702-38F6-4784-B97A-37E2BCF6B8EB}: DhcpNameServer = 192.168.0.1
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{7F7178A5-E3FE-4146-89AE-F6E85D233AF4}: DhcpNameServer = 192.168.0.1
O18 - ProtocolHandlerAutorunsDisabled - No CLSID value found
O18 - ProtocolHandlerAutorunsDisabledbelarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:Program FilesBelarcAdvisorSystemBAVoilaX.dll (Belarc, Inc.)
O18 - ProtocolHandlerAutorunsDisabledlinkscanner - No CLSID value found
O18 - ProtocolHandlerAutorunsDisabledskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies)
O18 - ProtocolHandlerAutorunsDisabledskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O18 - ProtocolHandlerAutorunsDisabledviprotocol - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) - C:WINDOWSsystem32userinit.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:Documents and SettingsGAKLocal SettingsApplication DataMicrosoftWallpaper1.bmp
O24 - Desktop BackupWallPaper: C:Documents and SettingsGAKLocal SettingsApplication DataMicrosoftWallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:Program FilesWindows Desktop SearchMsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/20 18:55:25 | 000,000,000 | -HS- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/01/13 20:18:15 | 000,000,000 | ---D | M] - C:Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/27 15:14:46 | 000,000,000 | ---D | M] - D:autorun -- [ NTFS ]
O32 - AutoRun File - [2011/10/05 12:36:11 | 000,000,000 | ---D | M] - D:Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/10/05 12:36:13 | 000,000,000 | ---D | M] - E:Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/10/05 12:36:14 | 000,000,000 | ---D | M] - F:Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:PROGRA~1AVGAVG2013avgrsx.exe /sync /restart)
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O35 - HKCU..exefile [open] -- "%1" %*
O37 - HKLM...com [@ = ComFile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*
O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/12 19:07:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:WINDOWSSWREG.exe
[2013/07/12 19:07:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:WINDOWSSWSC.exe
[2013/07/12 19:07:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:WINDOWSSWXCACLS.exe
[2013/07/12 19:07:00 | 000,060,416 | ---- | C] (NirSoft) -- C:WINDOWSNIRCMD.exe
[2013/07/12 16:00:33 | 000,000,000 | ---D | C] -- C:WINDOWSSystem32MRT
[2013/07/12 10:28:30 | 000,000,000 | ---D | C] -- C:Documents and SettingsGAKApplication DataElevatedDiagnostics
[2013/07/10 14:12:36 | 005,088,739 | R--- | C] (Swearware) -- C:Documents and SettingsGAKDesktopComboFix.exe
[2013/07/10 14:10:13 | 000,000,000 | ---D | C] -- C:Program FilesComboFix
[2013/07/09 16:45:01 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsBatchInpaint
[2013/07/09 16:45:00 | 000,000,000 | ---D | C] -- C:Program FilesBatchInpaint
[2013/07/06 09:47:29 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32javaws.exe
[2013/07/06 09:47:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32javaw.exe
[2013/07/06 09:47:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32java.exe
[2013/07/06 09:47:22 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32WindowsAccessBridge.dll
[2013/07/04 10:36:33 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsSandboxie
[2013/07/03 09:57:37 | 000,000,000 | ---D | C] -- C:Program FilesMozilla Firefox
[2013/06/17 13:12:12 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsAnvisoft
[2013/06/17 13:12:05 | 000,000,000 | ---D | C] -- C:Program FilesAnvisoft
[2013/06/16 13:48:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:Documents and SettingsGAKDesktopJRT.exe
[2013/06/14 06:33:22 | 000,000,000 | ---D | C] -- C:_OTL
[2013/06/13 18:38:50 | 000,000,000 | -H-D | C] -- C:WINDOWSPIF
[2013/06/13 17:23:22 | 000,000,000 | ---D | C] -- C:WINDOWSAllMedia Grabber
[2013/06/13 17:23:22 | 000,000,000 | ---D | C] -- C:Program FilesAllMedia Grabber
[2012/10/07 05:16:34 | 006,733,824 | ---- | C] (OptWin Software) -- C:Program FilesAllMySongsDatabase.exe
[2012/10/07 05:16:34 | 001,937,408 | ---- | C] (FreeImage) -- C:Program FilesFreeImage.dll
[2011/10/28 14:33:14 | 000,047,360 | ---- | C] (VSO Software) -- C:Documents and SettingsGAKApplication Datapcouffin.sys
[2011/05/18 18:56:23 | 000,266,240 | ---- | C] (vbAccelerator) -- C:Program FilesvbalTreeView6.ocx
[2011/05/18 18:56:23 | 000,122,880 | ---- | C] (vbAccelerator) -- C:Program FilescPopMenu6.ocx
[2011/05/18 18:56:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:Program FilesSSubTmr6.dll
[2011/04/18 23:51:20 | 000,653,136 | ---- | C] (Microsoft Corporation) -- C:Program FilesCommon FilesMSVCR90.dll
[2011/04/18 23:51:20 | 000,569,680 | ---- | C] (Microsoft Corporation) -- C:Program FilesCommon FilesMSVCP90.dll
[2010/12/16 22:39:36 | 000,302,592 | ---- | C] (Google) -- C:Program FilesCommon Fileswebmmux.dll
[2010/12/16 22:39:16 | 000,701,440 | ---- | C] (Google) -- C:Program FilesCommon Filesvp8encoder.dll
[2010/12/16 22:39:16 | 000,412,672 | ---- | C] (Google) -- C:Program FilesCommon Filesvp8decoder.dll
[2010/12/16 22:39:14 | 000,292,352 | ---- | C] (Google) -- C:Program FilesCommon Fileswebmsplit.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/13 07:42:50 | 000,000,418 | -H-- | M] () -- C:WINDOWStasksUser_Feed_Synchronization-{FC8AAE0C-A3CC-4CF3-AA8B-3A2599249992}.job
[2013/07/13 07:19:00 | 000,000,880 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job
[2013/07/13 07:11:00 | 000,000,830 | ---- | M] () -- C:WINDOWStasksAdobe Flash Player Updater.job
[2013/07/13 04:54:30 | 000,002,206 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl
[2013/07/13 04:52:18 | 000,000,308 | ---- | M] () -- C:WINDOWStasksGlaryInitialize.job
[2013/07/13 04:52:17 | 000,000,876 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job
[2013/07/13 04:52:09 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat
[2013/07/12 12:28:35 | 000,000,000 | ---- | M] () -- C:WINDOWSFileLock.bin
[2013/07/12 11:40:31 | 005,088,739 | R--- | M] (Swearware) -- C:Documents and SettingsGAKDesktopComboFix.exe
[2013/07/11 15:41:01 | 000,002,587 | ---- | M] () -- C:Documents and SettingsGAKDesktopMicrosoft Office Word 2007.lnk
[2013/07/11 15:41:01 | 000,002,549 | ---- | M] () -- C:Documents and SettingsGAKDesktopMicrosoft Office Excel 2007.lnk
[2013/07/11 15:41:01 | 000,002,539 | ---- | M] () -- C:Documents and SettingsGAKDesktopMicrosoft Office PowerPoint 2007.lnk
[2013/07/11 15:41:01 | 000,002,537 | ---- | M] () -- C:Documents and SettingsGAKDesktopMicrosoft Office Access 2007.lnk
[2013/07/11 14:07:11 | 000,650,027 | ---- | M] () -- C:Documents and SettingsGAKDesktopadwcleaner.exe
[2013/07/11 11:25:08 | 000,003,720 | ---- | M] () -- C:FixitRegBackup.reg
[2013/07/11 09:00:00 | 000,000,300 | ---- | M] () -- C:WINDOWStasksUnattended System Restore Point.vbs.job
[2013/07/11 09:00:00 | 000,000,282 | ---- | M] () -- C:WINDOWStasksSystem Restore Daily Backup.job
[2013/07/11 05:54:02 | 000,390,384 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT
[2013/07/10 16:50:41 | 000,544,128 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat
[2013/07/10 16:50:41 | 000,103,560 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat
[2013/07/10 16:45:12 | 000,001,374 | ---- | M] () -- C:WINDOWSimsins.BAK
[2013/07/09 16:45:03 | 000,000,730 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopBatchInpaint.lnk
[2013/07/07 15:40:14 | 000,039,424 | ---- | M] () -- C:Documents and SettingsGAKLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/06 09:47:07 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32WindowsAccessBridge.dll
[2013/07/06 09:47:04 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32javaws.exe
[2013/07/06 09:47:04 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32javaw.exe
[2013/07/06 09:47:03 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32npdeployJava1.dll
[2013/07/06 09:47:03 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32deployJava1.dll
[2013/07/06 09:47:03 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32java.exe
[2013/07/06 09:47:03 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32javacpl.cpl
[2013/07/04 10:33:37 | 000,001,866 | ---- | M] () -- C:WINDOWSSandboxie.ini
[2013/06/17 13:12:12 | 000,000,844 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAnvi Ultimate Defrag.lnk
[2013/06/16 13:48:42 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:Documents and SettingsGAKDesktopJRT.exe
[2013/06/13 18:25:00 | 000,000,020 | -HS- | M] () -- C:ArcDeviceInfo
 
========== Files Created - No Company Name ==========
 
[2013/07/12 19:07:00 | 000,208,896 | ---- | C] () -- C:WINDOWSMBR.exe
[2013/07/12 19:07:00 | 000,098,816 | ---- | C] () -- C:WINDOWSsed.exe
[2013/07/12 19:07:00 | 000,080,412 | ---- | C] () -- C:WINDOWSgrep.exe
[2013/07/12 19:07:00 | 000,068,096 | ---- | C] () -- C:WINDOWSzip.exe
[2013/07/11 14:07:10 | 000,650,027 | ---- | C] () -- C:Documents and SettingsGAKDesktopadwcleaner.exe
[2013/07/11 11:13:13 | 000,003,720 | ---- | C] () -- C:FixitRegBackup.reg
[2013/07/09 16:45:03 | 000,000,730 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopBatchInpaint.lnk
[2013/06/17 13:12:12 | 000,000,844 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopAnvi Ultimate Defrag.lnk
[2013/06/13 18:25:00 | 000,000,020 | -HS- | C] () -- C:ArcDeviceInfo
[2013/06/08 15:55:03 | 000,000,049 | ---- | C] () -- C:Documents and SettingsGAKApplication Datamainhst.zgh
[2013/05/30 06:20:40 | 000,030,464 | ---- | C] () -- C:WINDOWSSystem32drivershitmanpro37.sys
[2013/05/21 06:12:56 | 000,016,676 | ---- | C] () -- C:Documents and SettingsGAKmain.dat
[2013/05/15 23:32:44 | 000,051,976 | ---- | C] () -- C:WINDOWSAUDBootDefrag.exe
[2013/03/27 14:49:01 | 000,000,848 | ---- | C] () -- C:Program FilesSystem Restore Daily Backup.vbs
[2013/03/10 20:44:29 | 000,000,000 | ---- | C] () -- C:WINDOWSEEventManager.INI
[2013/03/10 13:29:38 | 000,000,045 | ---- | C] () -- C:WINDOWSWF-3520.ini
[2013/03/05 20:57:54 | 000,040,648 | ---- | C] () -- C:WINDOWSSystem32driversEUBKMON.sys
[2013/01/31 15:38:06 | 000,000,114 | ---- | C] () -- C:WINDOWSSystem32BRLMW03A.INI
[2013/01/31 15:38:06 | 000,000,050 | ---- | C] () -- C:WINDOWSSystem32BRADM10A.DAT
[2013/01/31 15:38:05 | 000,045,056 | ---- | C] () -- C:WINDOWSSystem32BRTCPCON.DLL
[2012/12/21 14:26:00 | 000,237,568 | ---- | C] () -- C:WINDOWSSystem32lame_enc.dll
[2012/12/12 09:56:32 | 000,004,249 | ---- | C] () -- C:Documents and SettingsGAKlog.xml
[2012/12/12 09:56:32 | 000,000,008 | ---- | C] () -- C:Documents and SettingsGAKlog-suffix.xml
[2012/12/12 09:56:32 | 000,000,000 | ---- | C] () -- C:Documents and SettingsGAKlog.xml.lock
[2012/12/07 15:02:15 | 000,000,026 | ---- | C] () -- C:WINDOWSMINIvue.INI
[2012/12/03 11:07:09 | 000,000,040 | ---- | C] () -- C:Documents and SettingsGAKApplication Databurnaware.ini
[2012/12/02 15:51:28 | 000,000,037 | ---- | C] () -- C:Program Filesvisiblefields.dat
[2012/12/02 15:26:01 | 000,000,007 | ---- | C] () -- C:Program Filesamsd20.dat
[2012/11/26 14:12:57 | 000,111,932 | ---- | C] () -- C:WINDOWSSystem32EPPICPrinterDB.dat
[2012/11/26 14:12:57 | 000,001,120 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_IT.dat
[2012/11/26 14:12:57 | 000,000,097 | ---- | C] () -- C:WINDOWSSystem32PICSDK.ini
[2012/11/26 14:12:56 | 000,031,053 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern131.dat
[2012/11/26 14:12:56 | 000,027,417 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern121.dat
[2012/11/26 14:12:56 | 000,026,154 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern1.dat
[2012/11/26 14:12:56 | 000,024,903 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern3.dat
[2012/11/26 14:12:56 | 000,021,390 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern5.dat
[2012/11/26 14:12:56 | 000,020,148 | ---


#14 Tomk_

Tomk_

    WTT Teacher

  • Trusted Malware Techs
  • 1,094 posts
  • Gender:Male


Posted 13 July 2013 - 10:39 AM

That is only part of the log... but let's start with what we have:

 

Double click on OTL


    [*]Under the [color=#0000FF;]Custom Scans/Fixes[/color] box at the bottom, paste in the following
    [*]Do Not copy the word CODE
    [*]please note the fix starts with the :
    [/list]
    :Processes:OTLSRV - File not found [Disabled | Stopped] -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)SRV - File not found [On_Demand | Stopped] -- C:Program FilesCommon FilesSureThing Sharedstllssvr.exe -- (stllssvr)SRV - File not found [Disabled | Stopped] -- C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxLiveShare9.exe -- (RoxLiveShare9)SRV - File not found [Disabled | Stopped] -- C:Program FilesCommon FilesSonic SharedRoxioUpnpService9.exe -- (Roxio Upnp Server 9)SRV - File not found [Disabled | Stopped] -- C:Program FilesCommon FilesSonic SharedRoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)DRV - File not found [Kernel | On_Demand | Stopped] -- C:DOCUME~1GAKLOCALS~1Tempcatchme.sys -- (catchme)IE - HKLM..URLSearchHook:  - No CLSID value foundIE - HKLM..SearchScopes,DefaultScope =IE - HKCU..SearchScopes,DefaultScope =FF - prefs.js..extensions.enabledAddons: SoundFrost@helper.com:3.7.0FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"FF - user.js - File not foundFF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=:  File not foundFF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsSoundFrost@helper.com: C:Program FilesSoundFrostSoundFrost.xpi [2013/05/20 09:55:10 | 000,038,116 | ---- | M] ()[2013/05/20 09:55:10 | 000,038,116 | ---- | M] () (No name found) -- C:PROGRAM FILESSOUNDFROSTSOUNDFROST.XPIO16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)O18 - ProtocolHandlerAutorunsDisabled - No CLSID value foundO18 - ProtocolHandlerAutorunsDisabledlinkscanner - No CLSID value foundO18 - ProtocolHandlerAutorunsDisabledviprotocol - No CLSID value found:Filesipconfig /release /cipconfig /renew /cipconfig /flushdns /cnetsh winsock reset all /cnetsh int ip reset all /c:Commands[purity][emptytemp][start explorer][Reboot]

    Then click the[color=#FF0000;] Run Fix[/color] button at the top


      [*]Let the program run unhindered
      [*]Please save the resulting log to be posted in your next reply.
      [*]Reboot your computer
      [/list]

      Please post the  OTL log.

      
      					
      					

#15 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 14 July 2013 - 04:34 PM

Hi,

 

I've tried running OTL with the inserted code twice now. Both times OTL has frozen. The first time I stopped it after maybe twenty minutes. The second time I let it run for about three hours. For the second run I opened Task Manager and saw that the status of OTL was "Not responding" (There were two entries for OTL in the applications Window, both has the 'not responding status'). After three or so hours I figured OTL must be have frozen up for some reason so I used Task Manager to end the OTL.

 

So far as I know I followed your instructions to the letter:

 

I copied the text from:

 

   :Processes    :OTL     SRV -

 

all the way to:

 

:Commands [purity] [emptytemp] [start explorer] [Reboot]

 

One I'd copied this text into the text window at the bottom of OTL, I clicked the Run Fix button and left the machine alone.

 

I closed all the open programs I had been using (Firefox and Excel). I didn't disable the AVG security suite since you didn't instruct me to.

 

That's about all I can tell you. So far as I can tell OTL doesn't seem to be moving through the script you had me insert.

 

So, please let me know how you want me to proceed.

 

Have a great night.



#16 Tomk_

Tomk_

    WTT Teacher

  • Trusted Malware Techs
  • 1,094 posts
  • Gender:Male


Posted 14 July 2013 - 11:06 PM

You did the right thing stopping it.  It should only take like 5 minutes max.

 

Please try this revised script.

:OTLIE - HKLM..URLSearchHook: - No CLSID value foundIE - HKLM..SearchScopes,DefaultScope =IE - HKCU..SearchScopes,DefaultScope =FF - prefs.js..extensions.enabledAddons: SoundFrost@helper.com:3.7.0FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"FF - user.js - File not foundFF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not foundFF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsSoundFrost@helper.com: C:Program FilesSoundFrostSoundFrost.xpi [2013/05/20 09:55:10 | 000,038,116 | ---- | M] ()[2013/05/20 09:55:10 | 000,038,116 | ---- | M] () (No name found) -- C:PROGRAM FILESSOUNDFROSTSOUNDFROST.XPIO16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)O18 - ProtocolHandlerAutorunsDisabled - No CLSID value foundO18 - ProtocolHandlerAutorunsDisabledlinkscanner - No CLSID value foundO18 - ProtocolHandlerAutorunsDisabledviprotocol - No CLSID value found:Filesipconfig /release /cipconfig /renew /cipconfig /flushdns /cnetsh winsock reset all /cnetsh int ip reset all /c:Commands[purity][emptytemp][start explorer][Reboot]


#17 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 17 July 2013 - 10:08 AM

Hi,

 

Sorry to be so slow in getting back to you, but I've been caught up in a few other things.

 

I ran OTL last night with the new text.

 

So far as I can tell it ran successfully - as I watched it, the program seemed to be moving through its successive lines of code.

 

However, there was no output log posted to the desktop.

 

Nor did I find one in the root directory of the C Drive. However, there is an OTL directory in the C Drive where I found the following file: 07162013_194843.log. It's a 4KB sized file dated 7/16/2013 7:51 PM which was about the time I ran the OTL program.

 

Also in the OTL directory is the following file: C:_OTLMovedFiles07162013_194843C_Program FilesSoundFrostSoundFrost.xpi. The file is dated: The SoundFrost folder in which this file is located is also dated 7/16/2013 7:51 PM.

 

Here is the text contained in the 07162013_194843.log:

 

========== OTL ========== Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURLSearchHooks deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully! HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully! Prefs.js: SoundFrost@helper.com:3.7.0 removed from extensions.enabledAddons Prefs.js: "chr-greentree_ff&ilc=12&type=994519" removed from browser.search.param.yahoo-fr Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version= deleted successfully. Registry value HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsSoundFrost@helper.com deleted successfully. C:Program FilesSoundFrostSoundFrost.xpi moved successfully. File 13/05/20 09:55:10 | 000,038,116 | ---- | M] () not found. File C:PROGRAM FILESSOUNDFROSTSOUNDFROST.XPI not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} deleted successfully. Registry key HKEY_CURRENT_USERSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} not found.   OTL by OldTimer - Version 3.2.69.0 log created on 07162013_194843  

Please let me know what the next step is.

 

Thanks for your help so far. I very much appreciate it.

 

Sincerely,

 

Graham



#18 Tomk_

Tomk_

    WTT Teacher

  • Trusted Malware Techs
  • 1,094 posts
  • Gender:Male


Posted 17 July 2013 - 12:31 PM

That was the log I was looking for. :tup:

 

Now... let's get an online scan.  This will take quite some time so let it run while you are doing something else:

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option   YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:Program FilesESETEsetOnlineScannerlog.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

 

Also... please update me on how things seem to be running now?



#19 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 18 July 2013 - 05:30 PM

Disiaster!

 

I'd previously downloaded ESET. Since it was a trial version only good for four weeks and the four weeks was up I didn't want to try and download it again and find I was unable to do so since I'd be trying to get a second free trial. Instead, It opened successfully and the virus signature database downloaded. The program started running and I went to have breakfast.

 

Unfortunately, I forgot how long it can run for. At the speed it was going I calculated the scan would take another seven to eight hours (this was after a two hour breakfast, read the newspapers etc). Even worse I forgot your admonition not to touch the keyboard or mouse. Instead, I decided to work in PowerPoint, Excel, Firefox, Word while ESET was running. I had no problem working in these programs while ESET was running.

 

Every so often I checked on ESET and saw it was making slow but steady progress scanning the system. What did surprise me was the number of viruses it was finding. By the time it had ending what it had described as stage three of four it claimed to have found 75 viruses. I'm not sure if all the items on this list of viruses are viruses but I'm not the expert.

 

The program seemed to have completed stage three of four after about eight or nine hours (it reported being 100% done if I remember correctly). I left it undisturbed for an hour or so. I finally decided it was forozen so I clicked the stop button in the ESET windoe. After doing this I was able to get a log of the viruses the program had detected. I saved them to a file. There was no log file in the ESET directory.

 

At this point or possibly shortly before this, things started to go very wrong. To begin with I lost my ability to connect wiht the computer via my keyboard. I couldn't type in either Microsoft Work or Wordpad. Nor could I type anything in Firefox. Whenever I hit a key (say the letter 'a') instead of an 'a' appering on the screen nothing would happen or the 'a' keystroke would function as function short cut e.g. as if I had typed "ctrl + 'e'" to type today's date in Word Pad. I also started having trouble with my mouse. Left clicks got no response. Only by doing right clicks could I get some minimal functinoality out of my computer.

 

I did a system restart and regained keyboard and mouse functionality for Microsoft Word and Word Pad. However, once I opened Firefox I lost keyboard functionality not only in Firefox but in Word and Word Pad as well. I did a third restart thinking I'd do a system restore. Unfortunately, I seem to have lost that functionality as well. I was able to open system restore through Start - Programs - Accessories - System Tools - System Restore. I was able to activate the restore your computer to an earlier time option. After that, though, I could proceed no further and was stuck on the 'next' button.

 

I've now successfully booted into Windows safe mode without internet access and am in Excel without any problems. I've decided to wait until I hear from you before I do a system restore.

 

Regarding system restores - are they straightforward or are there traps for the unwary?

 

I'm writing this post from another computer and can't consequently post the ESET output.

 

In a while I'll boot my problem computer into safe mode with internet access and try and send you the ESET log.

 

Very much looking forward to hearing from you.



#20 gakerby1983

gakerby1983

    Member

  • Members
  • 18 posts

Posted 18 July 2013 - 06:51 PM

I've successfully rebooted the system in safe mode with networking.

 

I've also now found a log file in the ESET directory. I've listed it below. After this log file I've pasted what I took to be a list of the viruses ESET seems to have found and which I saved to a file. First though, here is the ESET log file:

 

ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ad252d7c33807c4ca757456f0e8551a7 # engine=14011 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-06 06:13:11 # local_time=2013-06-06 02:13:11 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1042 16777213 100 93 0 56733175 0 0 # scanned=427701 # found=2 # cleaned=2 # scan_time=15815 sh=97C2D98404FF023C4B6D369612A7AA7A2A0C8D7B ft=0 fh=0000000000000000 vn="LNK/URL.B trojan (cleaned by deleting - quarantined)" ac=C fn="C:Documents and SettingsAll UsersStart MenuProgramsSystem Speed BoosterHelp.lnk" sh=A88E4CE42E879DD335C2A20EDD7D6B08420D7CA2 ft=1 fh=3973670b2e39351d vn="a variant of Win32/Adware.RealRegistryCleaner application (cleaned by deleting - quarantined)" ac=C fn="C:Program FilesSystemSpeedBoosterSystemSpeedBooster.exe" # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ad252d7c33807c4ca757456f0e8551a7 # engine=14051 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-12 05:03:17 # local_time=2013-06-12 01:03:17 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1042 16777213 100 93 0 57204181 0 0 # scanned=420833 # found=2 # cleaned=2 # scan_time=19031 sh=97C2D98404FF023C4B6D369612A7AA7A2A0C8D7B ft=0 fh=0000000000000000 vn="LNK/URL.B trojan (cleaned by deleting - quarantined)" ac=C fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP896A1849637.lnk" sh=A88E4CE42E879DD335C2A20EDD7D6B08420D7CA2 ft=1 fh=3973670b2e39351d vn="a variant of Win32/Adware.RealRegistryCleaner application (cleaned by deleting - quarantined)" ac=C fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP896A1849638.exe" # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ad252d7c33807c4ca757456f0e8551a7 # engine=14442 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-07-18 07:24:00 # local_time=2013-07-18 03:24:00 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1042 16777213 100 93 0 60366224 0 0 # scanned=387444 # found=75 # cleaned=0 # scan_time=10644 sh=09DFBD8E8FFCAF4B7636CC56FC060D678AB59D0E ft=1 fh=2a8fdac018117ccc vn="a variant of Win32/PSWTool.IEPasswordsRevealer.A application" ac=I fn="C:Documents and SettingsGAKApplication DataAsterisk Password Decryptorinstall3.01.9526AB4E2KLAstrPwdMon.dll" sh=EA0FCB5340A590E0842DEF999F345F75A0E5A773 ft=1 fh=fc5239ca7e772b40 vn="Win32/InstallMonetizer.AF application" ac=I fn="C:Documents and SettingsGAKApplication DataT55WinMateOnlineInstallwm_0.9.15.exe" sh=8F1DEDA1BD53516F7855BE34C9E523AA221889AF ft=1 fh=cc5dc27ee2639ece vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="C:Documents and SettingsGAKMy DocumentsDownloadsSoftonicDownloader_for_realtek-hd-audio-drivers.exe" sh=F949BD5336C82456E3A5E6535A845A94C42C1D5A ft=1 fh=0a24ca213d5786a4 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:DownloadsARO2011_bt.exe" sh=792FD2E01EAED40633F32A1172E2F7997ACDAD37 ft=1 fh=17acc3403899e8e0 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:Downloadsavira_free_antivirus_en.exe" sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application" ac=I fn="C:Downloadscbsidlm-tr1_13-Hard_Disk_Sentinel_Free-ORG-75133299.exe" sh=76A33F18410CD93DC994975222AA0AC5606AF1DC ft=1 fh=2b6dd7985b72d1de vn="multiple threats" ac=I fn="C:Downloadscbsidlm-tr1_5-Jing-10744274.exe" sh=76A33F18410CD93DC994975222AA0AC5606AF1DC ft=1 fh=2b6dd7985b72d1de vn="multiple threats" ac=I fn="C:Downloadscbsidlm-tr1_5-ScreenHunter_Free-10063246.exe" sh=F3782A4B2C4D6118952A991AB9BD09F06069B3E9 ft=1 fh=bb1f3b8fc3ac6976 vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_Always_1_2_setup_exe.exe" sh=074FE3B5E3D6C76D8FB04D9FD94246BB2A0DB07E ft=1 fh=bb1f3b8f547dacf3 vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_AppBooster20_Pro_Setup_exe.exe" sh=52D9942FC879392BBFAFA585F353A8EFC486BABD ft=1 fh=bb1f3b8fa7dfda15 vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_FreeSoundRecorder_exe(1).exe" sh=52D9942FC879392BBFAFA585F353A8EFC486BABD ft=1 fh=bb1f3b8fa7dfda15 vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_FreeSoundRecorder_exe.exe" sh=0478308487070E98FB6D557E9417A00DB1837BC2 ft=1 fh=bb1f3b8ff1e7b23e vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_Install-HealthyHints-2_0_exe.exe" sh=A99F69915BD4351543DDB72B8F20598BAFB18652 ft=1 fh=bb1f3b8fd7c4d38e vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_mvc_zip.exe" sh=3CF418DEEC8510E2F15AD9C5CC8B283707D302F3 ft=1 fh=bb1f3b8f915b6d0f vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_SetupTYB_exe.exe" sh=F752AB89BC3FADA4BF54231539FAE7A5CD51E758 ft=1 fh=bb1f3b8f4b15e49b vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_social2_pro_exe.exe" sh=B8EBD3F9D1C84650543B55AF9EFE4387ED177E90 ft=1 fh=bb1f3b8f410fb30e vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_SystemExplorerSetup_361_exe.exe" sh=53C537203C4AB1EBD63CE6C5420A6B64CB8F43AA ft=1 fh=bb1f3b8fbb2cb255 vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_undercoverxp_zip.exe" sh=6797B92B0CABCDD399A53CD0485425C9C89CC886 ft=1 fh=bb1f3b8f99cacc3c vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet2_zcron_zip.exe" sh=BF5BCC7CB7F2619FCD7757D82EA80E7606AF7CA2 ft=1 fh=bb1f3b8fd0fb7f32 vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet_KillProcessSetup_exe.exe" sh=C601DB9119410A8F712B7A70944A35FD678BB717 ft=1 fh=bb1f3b8f8536948b vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet_ProcessManager_exe.exe" sh=68E4E86AE059307FD9AEF01DCE2CF89094132133 ft=1 fh=bb1f3b8f867c51ee vn="a variant of Win32/InstallCore.D application" ac=I fn="C:Downloadscnet_SecurityTaskManager_Setup_exe.exe" sh=3AC51B4E9DAED70F19F075687B7C449D2CBDC067 ft=1 fh=e5eb5d50c9bc4cc1 vn="a variant of Win32/AirAdInstaller.A application" ac=I fn="C:Downloadssetup.exe" sh=71CC54688CB20304E4A12FF96D86BBF6E96D7728 ft=1 fh=b5d6fe9f4c5e2d87 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:Downloadstask-manager-setup.exe" sh=296EB7EC9BABB2CC465EFC6BF78C7A63316A9C2E ft=1 fh=b0de6ed7a0db0894 vn="a variant of Win32/TFTPD32.A application" ac=I fn="C:Downloadstb_free(1).exe" sh=296EB7EC9BABB2CC465EFC6BF78C7A63316A9C2E ft=1 fh=b0de6ed7a0db0894 vn="a variant of Win32/TFTPD32.A application" ac=I fn="C:Downloadstb_free.exe" sh=0BD9B616AF717DBD75C209C413FE86F3877F2490 ft=1 fh=6a25f1cacd22f4df vn="a variant of Win32/OpenInstall application" ac=I fn="C:DownloadsWinZip155(1).exe" sh=8553C384E0734CCA73B968861543B17E0CEAEE7E ft=1 fh=729dcb12a32bcbdc vn="Win32/OpenCandy application" ac=I fn="C:Downloadswinzip155.exe" sh=405F977016509FA868A232513EECE0DC7C957A28 ft=1 fh=44f3ccc490b3cd8d vn="a variant of Win32/TFTPD32.A application" ac=I fn="C:Program FilesEASEUSTodo BackupbinPxeServer.dll" sh=EB2B9E39C06A6BB639FEE6650E31946A3D0788FF ft=1 fh=ce22e32b19d626fa vn="a variant of Win32/KillProcess.A application" ac=I fn="C:Program FilesKillProcessKillProcess.exe" sh=09DFBD8E8FFCAF4B7636CC56FC060D678AB59D0E ft=1 fh=2a8fdac018117ccc vn="a variant of Win32/PSWTool.IEPasswordsRevealer.A application" ac=I fn="C:Program FilesKRyLack SoftwareAsterisk Password DecryptorKLAstrPwdMon.dll" sh=BF3FF859EF7211176E032FCAD83A1800FEBACF97 ft=1 fh=cabac662270238c7 vn="a variant of Win32/AdapterWatch.A application" ac=I fn="C:Program FilesNirSoftNirSoftawatch.exe" sh=5CD73A7146339C7924DFEB7EDF83B8ADC0FF6949 ft=1 fh=0bb73451975442a4 vn="a variant of Win32/PSWTool.BulletsPassView.C application" ac=I fn="C:Program FilesNirSoftNirSoftbulletspassview.exe" sh=10A11964F7A7392D3DA9F0B46BC4A3D2B7F1633C ft=1 fh=70029fb3dcc04005 vn="a variant of Win32/PSWTool.Dialupass.F application" ac=I fn="C:Program FilesNirSoftNirSoftdialupass.exe" sh=26F0AFAD5FD6294808D6BAD0DC2E41DDDEF94CEF ft=1 fh=332bd164004f9f48 vn="Win32/PSWTool.LsaSecretsDump.A application" ac=I fn="C:Program FilesNirSoftNirSoftlsasecretsdump.exe" sh=12AD742F68C077C14321B4C36B6C48565A194AAF ft=1 fh=16e4b61e731c0939 vn="Win32/PSWTool.LsasView application" ac=I fn="C:Program FilesNirSoftNirSoftlsasecretsview.exe" sh=0819B32D7539D37656F92235C6CA7C1051F4029C ft=1 fh=7a5a445c57ef1b0d vn="Win32/PSWTool.MailPassView.E application" ac=I fn="C:Program FilesNirSoftNirSoftmailpv.exe" sh=4BF3913183AD8D967C90CE36C5F8F9AAF674E746 ft=1 fh=00ac4a58b32df92b vn="a variant of Win32/NetPass.AA application" ac=I fn="C:Program FilesNirSoftNirSoftnetpass.exe" sh=C60DDCFC7B3954F4D0D515B1FDAF47C6999E50A4 ft=1 fh=3e860f1b43992094 vn="Win32/PSWTool.OperaPassView application" ac=I fn="C:Program FilesNirSoftNirSoftoperapassview.exe" sh=CAC61068382B93EE63DC06324E501DDC71AC65EF ft=1 fh=dc3432fe9a1d026b vn="Win32/PSWTool.RDPassView.NAA application" ac=I fn="C:Program FilesNirSoftNirSoftrdpv.exe" sh=5396C0A746C5C06339308B59E97350FF5F659FFA ft=1 fh=770d29888d856cbb vn="a variant of Win32/Sniffer.SniffPass.B application" ac=I fn="C:Program FilesNirSoftNirSoftsmsniff.exe" sh=49B58B79D29992A8AEEB6B32846C583AB75360F6 ft=1 fh=65159e57976f0597 vn="a variant of Win64/WirelessKeyView.B application" ac=I fn="C:Program FilesNirSoftNirSoftwirelesskeyview-x64.exe" sh=78969659BA0F478E114E08308BCF683402977655 ft=1 fh=48dc85a9683769a1 vn="Win32/PSWTool.WirelessNetView.A application" ac=I fn="C:Program FilesNirSoftNirSoftwirelessnetview.exe" sh=415EA3A87FFB3E7316CDA7E1E521A3C0BDBB135E ft=1 fh=30fbead6afd75bfb vn="Win32/PSWTool.ProductKey.106 application" ac=I fn="C:Program FilesPC Repair SystemProduKeyProduKey.exe" sh=36822AF64B678279F44A3A914739655F4B3055C0 ft=1 fh=975469875c4e7fd3 vn="a variant of Win32/SkypeLogView.A application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP834A1749152.exe" sh=A7DD102BE485B75C348588F7B7B6CB78128C0C72 ft=1 fh=aff114e2c512dd44 vn="a variant of Win32/KillProcess.A application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP834A1749153.exe" sh=FB8346C1DF55C37ECF58677ABD06CAA81ECA9EBD ft=1 fh=adb8a34b370aec56 vn="probably a variant of Win32/WhiteSmoke application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP834A1749181.exe" sh=DA2B88F255C5F320735B220A82B9DEA33E3364B8 ft=1 fh=b2c2222e2bb8b30b vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP834A1749197.exe" sh=6D2EE33A59DA71C9E721544E44C854893D90C5FD ft=1 fh=66ab38d3980d97cb vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP834A1749198.exe" sh=A0FEDE338D56FE5852F1F4632332B451F301CA6D ft=1 fh=f474a2bf498526a3 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP839A1750209.exe" sh=AFDD09BCBC5B6B55B2D46A1771B7916414F54B72 ft=1 fh=1d63494abb2ca245 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP839A1750210.dll" sh=C89865B729E1F6027A461E7B48CFA68A54590A2D ft=1 fh=30a236b0a4800cbe vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP859A1756518.dll" sh=085E2EFA6A258EEC88044241035A37DFF3DE3AE9 ft=1 fh=561b7be0126badba vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP859A1756520.exe" sh=5015006250BA24CA32B511CA9A0A0A1BEE921374 ft=1 fh=dd90f64d8c6f1065 vn="a variant of Win32/TFTPD32.A application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP870A1815905.dll" sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847800.dll" sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847801.dll" sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847802.dll" sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847803.exe" sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847805.dll" sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847809.dll" sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847810.dll" sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847811.dll" sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847812.exe" sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847814.dll" sh=F198C13AFFD277BC44FA475DC85AAA6B04657B94 ft=1 fh=f6537bec1e6cac31 vn="Win32/Toolbar.Widgi application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP893A1848589.rbf" sh=8972EA097BD9B447C166E9CFE178DE3F077B8674 ft=1 fh=0d42df664eb9d8e3 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP893A1848590.rbf" sh=82B8A4569936CE9270F46FA3494BA7C5F7F0DCCF ft=1 fh=6db72705991fee37 vn="a variant of Win32/YourFileDownloader.B application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP906A1851284.exe" sh=D845C08AA95B26C50A67FABA9F1BB8C569826CF3 ft=1 fh=ea188e9087211b2b vn="Win32/YourFileDownloader.B application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP906A1851286.exe" sh=D0DAAD284010367245707B24344DF4C7D0C4B54F ft=1 fh=08d6526be6be5c15 vn="Win32/YourFileDownloader.B application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP906A1851287.exe" sh=186060C285B73D0342DACE740C50B9A8B14A0C88 ft=1 fh=7b523398605b966c vn="a variant of Win32/YourFileDownloader.B application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP928A1854980.exe" sh=2C721C81FF5B581A314CC37D2404B20E398E6B13 ft=1 fh=9e0c78dcb91ed657 vn="a variant of Win32/YourFileDownloader.B application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP928A1854988.exe" sh=186060C285B73D0342DACE740C50B9A8B14A0C88 ft=1 fh=7b523398605b966c vn="a variant of Win32/YourFileDownloader.B application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP928A1856725.exe" sh=B13698BB6F39E8B67C7282B20A568E66F6889B2B ft=1 fh=71625d1e2a9d0e74 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP929A1856854.rbf" sh=23A95F3C0AD4A07104A18AC1D1BFF003354B911B ft=1 fh=771c96d3fccb71ba vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP929A1856857.rbf" sh=41E0B3B27143DF7ADFEBDD288512E362A47A6360 ft=1 fh=f0626a1a977101a7 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP929A1856873.rbf"  

*********************************************************

 

Here is the ESET list of viruses I saved as a file

 

C:Documents and SettingsGAKApplication DataAsterisk Password Decryptorinstall3.01.9526AB4E2KLAstrPwdMon.dll    a variant of Win32/PSWTool.IEPasswordsRevealer.A application C:Documents and SettingsGAKApplication DataT55WinMateOnlineInstallwm_0.9.15.exe    Win32/InstallMonetizer.AF application C:Documents and SettingsGAKMy DocumentsDownloadsSoftonicDownloader_for_realtek-hd-audio-drivers.exe    a variant of Win32/SoftonicDownloader.E application C:DownloadsARO2011_bt.exe    a variant of Win32/Bundled.Toolbar.Ask application C:Downloadsavira_free_antivirus_en.exe    a variant of Win32/Bundled.Toolbar.Ask application C:Downloadscbsidlm-tr1_13-Hard_Disk_Sentinel_Free-ORG-75133299.exe    Win32/DownloadAdmin.G application C:Downloadscbsidlm-tr1_5-Jing-10744274.exe    multiple threats C:Downloadscbsidlm-tr1_5-ScreenHunter_Free-10063246.exe    multiple threats C:Downloadscnet2_Always_1_2_setup_exe.exe    a variant of Win32/InstallCore.D application C:Downloadscnet2_AppBooster20_Pro_Setup_exe.exe    a variant of Win32/InstallCore.D application C:Downloadscnet2_FreeSoundRecorder_exe(1).exe    a variant of Win32/InstallCore.D application C:Downloadscnet2_FreeSoundRecorder_exe.exe    a variant of Win32/InstallCore.D application C:Downloadscnet2_Install-HealthyHints-2_0_exe.exe    a variant of Win32/InstallCore.D application C:Downloadscnet2_mvc_zip.exe    a variant of Win32/InstallCore.D application C:Downloadscnet2_SetupTYB_exe.exe    a variant of Win32/InstallCore.D application C:Downloadscnet2_social2_pro_exe.exe    a variant of Win32/InstallCore.D application C:Downloadscnet2_SystemExplorerSetup_361_exe.exe    a variant of Win32/InstallCore.D application C:Downloadscnet2_undercoverxp_zip.exe    a variant of Win32/InstallCore.D application C:Downloadscnet2_zcron_zip.exe    a variant of Win32/InstallCore.D application C:Downloadscnet_KillProcessSetup_exe.exe    a variant of Win32/InstallCore.D application C:Downloadscnet_ProcessManager_exe.exe    a variant of Win32/InstallCore.D application C:Downloadscnet_SecurityTaskManager_Setup_exe.exe    a variant of Win32/InstallCore.D application C:Downloadssetup.exe    a variant of Win32/AirAdInstaller.A application C:Downloadstask-manager-setup.exe    a variant of Win32/Bundled.Toolbar.Ask application C:Downloadstb_free(1).exe    a variant of Win32/TFTPD32.A application C:Downloadstb_free.exe    a variant of Win32/TFTPD32.A application C:DownloadsWinZip155(1).exe    a variant of Win32/OpenInstall application C:Downloadswinzip155.exe    Win32/OpenCandy application C:Program FilesEASEUSTodo BackupbinPxeServer.dll    a variant of Win32/TFTPD32.A application C:Program FilesKillProcessKillProcess.exe    a variant of Win32/KillProcess.A application C:Program FilesKRyLack SoftwareAsterisk Password DecryptorKLAstrPwdMon.dll    a variant of Win32/PSWTool.IEPasswordsRevealer.A application C:Program FilesNirSoftNirSoftawatch.exe    a variant of Win32/AdapterWatch.A application C:Program FilesNirSoftNirSoftbulletspassview.exe    a variant of Win32/PSWTool.BulletsPassView.C application C:Program FilesNirSoftNirSoftdialupass.exe    a variant of Win32/PSWTool.Dialupass.F application C:Program FilesNirSoftNirSoftlsasecretsdump.exe    Win32/PSWTool.LsaSecretsDump.A application C:Program FilesNirSoftNirSoftlsasecretsview.exe    Win32/PSWTool.LsasView application C:Program FilesNirSoftNirSoftmailpv.exe    Win32/PSWTool.MailPassView.E application C:Program FilesNirSoftNirSoftnetpass.exe    a variant of Win32/NetPass.AA application C:Program FilesNirSoftNirSoftoperapassview.exe    Win32/PSWTool.OperaPassView application C:Program FilesNirSoftNirSoftrdpv.exe    Win32/PSWTool.RDPassView.NAA application C:Program FilesNirSoftNirSoftsmsniff.exe    a variant of Win32/Sniffer.SniffPass.B application C:Program FilesNirSoftNirSoftwirelesskeyview-x64.exe    a variant of Win64/WirelessKeyView.B application C:Program FilesNirSoftNirSoftwirelessnetview.exe    Win32/PSWTool.WirelessNetView.A application C:Program FilesPC Repair SystemProduKeyProduKey.exe    Win32/PSWTool.ProductKey.106 application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP834A1749152.exe    a variant of Win32/SkypeLogView.A application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP834A1749153.exe    a variant of Win32/KillProcess.A application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP834A1749181.exe    probably a variant of Win32/WhiteSmoke application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP834A1749197.exe    a variant of Win32/Bundled.Toolbar.Ask application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP834A1749198.exe    a variant of Win32/Bundled.Toolbar.Ask application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP839A1750209.exe    a variant of Win32/Toolbar.Widgi application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP839A1750210.dll    a variant of Win32/Toolbar.Widgi application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP859A1756518.dll    a variant of Win32/Bundled.Toolbar.Ask application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP859A1756520.exe    a variant of Win32/Bundled.Toolbar.Ask application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP870A1815905.dll    a variant of Win32/TFTPD32.A application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847800.dll    a variant of Win32/Conduit.SearchProtect.C application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847801.dll    a variant of Win32/Conduit.SearchProtect.C application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847802.dll    a variant of Win32/Conduit.SearchProtect.C application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847803.exe    a variant of Win32/Conduit.SearchProtect.B application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847805.dll    probably a variant of Win32/Conduit.SearchProtect.C application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847809.dll    a variant of Win32/Conduit.SearchProtect.C application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847810.dll    a variant of Win32/Conduit.SearchProtect.C application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847811.dll    a variant of Win32/Conduit.SearchProtect.C application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847812.exe    a variant of Win32/Conduit.SearchProtect.B application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP887A1847814.dll    probably a variant of Win32/Conduit.SearchProtect.C application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP893A1848589.rbf    Win32/Toolbar.Widgi application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP893A1848590.rbf    a variant of Win32/Toolbar.Widgi application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP906A1851284.exe    a variant of Win32/YourFileDownloader.B application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP906A1851286.exe    Win32/YourFileDownloader.B application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP906A1851287.exe    Win32/YourFileDownloader.B application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP928A1854980.exe    a variant of Win32/YourFileDownloader.B application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP928A1854988.exe    a variant of Win32/YourFileDownloader.B application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP928A1856725.exe    a variant of Win32/YourFileDownloader.B application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP929A1856854.rbf    a variant of Win32/Toolbar.Widgi application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP929A1856857.rbf    a variant of Win32/Toolbar.Widgi application C:System Volume Information_restore{333BB734-830A-44F0-9A7C-3679878B7B58}RP929A1856873.rbf    a variant of Win32/Toolbar.Widgi application  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users