Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Undetectable Spyware/Adware

This is a discussion on Undetectable Spyware/Adware within the Resolved HJT Threads forums, part of the Tech Support Forum category. Recently downloaded some file from RapidGator, which tricked me into believing that it was using its own downloader client(like Cnet).


 
 
Thread Tools Search this Thread
Old 05-11-2013, 11:51 PM   #1
Registered Member
 
Join Date: Jul 2009
Location: Singapore
Posts: 143
OS: Windows 7 Ultimate SP1



Recently downloaded some file from RapidGator, which tricked me into believing that it was using its own downloader client(like Cnet). Installed various spyware and adware into my computer, namely Websearch and Tuvaru, possibly others that I have not detected.

I have uninstalled websearch, plus did multiple full MBAM scans in Safe Mode + networking, and a full MSE scan. Neither of them can detect anything, and I'm pretty sure I am still infected: Chrome takes minutes to open, and mozilla and IE are still hijacked.

DDS log attached.

Thanks for any assistance, in advance!


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by Larry at 14:23:12 on 2013-05-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.8079.4441 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
C:\Fraps\fraps.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\tixati\tixati.exe
C:\Program Files (x86)\MiniBin\minibin.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\DAP\DAP.exe
C:\Users\Larry\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
C:\Windows\STK03N\STK03NM.exe
C:\Users\Larry\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\COMPASS Configurator\hid.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Larry\Documents\LCDSirReal\LCDSirReal.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\COMPASS Configurator\trayicon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Larry\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Larry\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Fraps\fraps64.dat
C:\Windows\system32\taskhost.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\LoL.exe
C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LOLClient.exe
C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkOverlay.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/08&hid=3373497460&lg=EN&cc=SG&unqvl=14
mStart Page = hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/08&hid=3373497460&lg=EN&cc=SG&unqvl=14
uURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
mWinlogon: Userinit = userinit.exe,
BHO: contaiynuettosaovve: {09FBB29F-6856-7F71-6081-132FC174F687} - C:\ProgramData\contaiynuettosaovve\518a5e853ad73.dll
BHO: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
uRun: [tixati] "C:\Program Files\tixati\tixati.exe" -starthiddenintray -d1
uRun: [Google Update] "C:\Users\Larry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MiniBin] C:\Program Files (x86)\MiniBin\minibin.exe
uRun: [AdobeBridge] <no file>
mRun: [GamingMouse] C:\Program Files (x86)\COMPASS Configurator\hid.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\Larry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Larry\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Larry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\Larry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPEEDF~1.LNK - C:\Program Files (x86)\SpeedFan\speedfan.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK03N~1.LNK - C:\Windows\STK03N\STK03NM.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0F762CCC-1E51-4C5F-B889-5BD72B7C3732} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6BE9D11E-FA50-4773-89ED-451F8A1275A8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6BE9D11E-FA50-4773-89ED-451F8A1275A8}\E6F6E2 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8AEA0E6A-DF10-4B3B-9E39-CF3D65B768FD} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
AppInit_DLLs= c:\progra~2\contin~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [PocketCloud Location] "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe"
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\x45vyen1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/08&hid=3373497460&lg=EN&cc=SG&unqvl=14&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/08&hid=3373497460&lg=EN&cc=SG&unqvl=14&l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Larry\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Larry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-08 22:17; eiyu-mt@crabawv.co.uk; C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\x45vyen1.default\extensions\eiyu-mt@crabawv.co.uk
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-8-25 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-6-30 23816]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-9-22 101376]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-9-22 9216]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-2 189608]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-7-2 142904]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-5 503080]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-21 130008]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-9-30 2754984]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-24 493384]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-11-5 191488]
R2 WyseRemoteAccess;Wyse Remote Access;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [2012-11-5 1436160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-6-30 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-7-2 14136]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2013-3-14 34032]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 DCamUSBSTK03N;Standard_Camera;C:\Windows\System32\drivers\STK03NW2.sys [2013-4-14 113288]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-3-14 14448]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 ipadtst;ipadtst;C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [2012-7-2 17936]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-6-30 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-6-30 14136]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-10 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-3 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-20 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-12-3 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-3 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-1 1255736]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-12 02:55:18 -------- d-----w- C:\Windows\pss
2013-05-11 15:47:11 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC039BCF-687A-4D0B-85EA-A2E7A8E2779E}\mpengine.dll
2013-05-11 14:00:17 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-10 09:59:56 -------- d-----w- C:\Users\Larry\AppData\Local\My Games
2013-05-10 09:11:58 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-05-10 09:11:54 -------- d-----w- C:\Users\Larry\AppData\Local\PunkBuster
2013-05-10 09:11:38 -------- d-----w- C:\ProgramData\Orbit
2013-05-10 09:00:40 -------- d-----w- C:\Program Files (x86)\FarCry 3
2013-05-08 13:37:11 -------- d-----w- C:\ProgramData\StarApp
2013-05-08 13:36:29 -------- d-----w- C:\Program Files (x86)\WebSearch
2013-05-08 13:36:20 -------- d-----w- C:\Program Files (x86)\ContinueToSave
2013-05-08 13:36:16 -------- d-----w- C:\ProgramData\contaiynuettosaovve
2013-05-08 13:35:46 -------- d-----w- C:\ProgramData\InstallMate
2013-05-04 05:56:33 -------- d-----w- C:\Users\Larry\AppData\Roaming\Theta
2013-05-01 12:07:27 -------- d-----w- C:\Users\Larry\AppData\Roaming\SVP 3.1
2013-05-01 12:07:22 406016 ----a-w- C:\Windows\SysWow64\avisynth.dll
2013-05-01 12:07:19 -------- d-----w- C:\Program Files (x86)\Haali
2013-05-01 12:07:09 -------- d-----w- C:\Program Files (x86)\SVP
2013-05-01 10:42:33 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-05-01 10:42:33 -------- d-----w- C:\Program Files (x86)\ffdshow
2013-05-01 10:42:28 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2013-04-30 13:42:29 -------- d-----w- C:\Users\Larry\.shsh
2013-04-29 13:33:55 -------- d-----w- C:\Users\Larry\AppData\Local\IsolatedStorage
2013-04-28 14:34:36 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-04-28 12:18:38 1579520 ------w- C:\Windows\System32\athrx.sys
2013-04-27 13:36:07 -------- d-----w- C:\Users\Larry\AppData\Roaming\FreemakeVideoDownloader
2013-04-27 11:52:31 -------- d-----w- C:\Program Files\Core Temp
2013-04-27 11:51:35 -------- d-----w- C:\ProgramData\APN
2013-04-25 06:09:15 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B26A01F-E21A-4AEC-85FB-A019A6E936CB}\gapaengine.dll
2013-04-24 07:59:02 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-21 13:51:15 -------- d-----w- C:\Program Files (x86)\LOLReplay
2013-04-21 04:23:49 -------- d-----w- C:\Users\Larry\AppData\Local\Jutera
2013-04-21 03:40:10 -------- d-----w- C:\Users\Larry\AppData\Local\Focus Home Interactive
2013-04-21 03:40:07 -------- d-----w- C:\Program Files (x86)\Focus Home Interactive
2013-04-21 02:41:44 -------- d-----w- C:\Program Files (x86)\GPU-Z
2013-04-18 13:15:40 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-14 12:17:40 40960 ----a-w- C:\Windows\SysWow64\STK03NP.ax
2013-04-14 12:17:40 40872 ----a-w- C:\Windows\SysWow64\drivers\STK03NW1.sys
2013-04-14 12:17:40 35464 ----a-w- C:\Windows\System32\drivers\STK03NW1.sys
2013-04-14 12:17:40 113288 ----a-w- C:\Windows\System32\drivers\STK03NW2.sys
2013-04-14 12:17:40 108544 ----a-w- C:\Windows\SysWow64\drivers\STK03NW2.sys
2013-04-14 12:17:40 -------- d-----w- C:\Windows\STK03N
2013-04-14 04:59:19 -------- d-----w- C:\Users\Larry\AppData\Local\Thunderbird
2013-04-14 01:28:52 -------- d-----w- C:\Users\Larry\AppData\Local\{FBF53C0C-FD1D-4CF2-96ED-38378B528529}
2013-04-13 13:28:32 -------- d-----w- C:\Users\Larry\AppData\Local\{4289DD26-1BA4-47D9-BB6D-A5782C05D6E9}
2013-04-13 04:43:38 -------- d-----w- C:\Fraps
2013-04-13 01:28:09 -------- d-----w- C:\Users\Larry\AppData\Local\{17022677-0555-43F9-9792-1D21CA468E8C}
2013-04-12 12:14:06 -------- d-----w- C:\Users\Larry\AppData\Local\{946DD10D-5704-48C7-AC50-79717AF0007E}
.
==================== Find3M ====================
.
2013-05-10 09:11:59 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-05-10 09:09:26 282512 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-05-10 09:09:24 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-20 02:51:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 02:51:26 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-18 13:15:36 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-18 13:15:36 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-04 06:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-03-29 02:37:06 139696 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-03-29 02:37:04 92304 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-03-29 02:37:04 118584 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-03-29 02:37:04 112440 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-03-29 02:37:02 1155264 ----a-w- C:\Windows\System32\aticfx64.dll
2013-03-29 02:37:00 970912 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-03-29 02:36:56 8272136 ----a-w- C:\Windows\System32\atidxx64.dll
2013-03-29 02:36:54 7233336 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-03-29 02:36:50 4450264 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-03-29 02:36:44 5944264 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-03-29 02:36:40 5000320 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-03-29 02:36:38 6985624 ----a-w- C:\Windows\System32\atiumd64.dll
2013-03-29 02:35:02 11658752 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-03-29 02:13:28 222720 ----a-w- C:\Windows\System32\clinfo.exe
2013-03-29 02:13:14 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-03-29 02:13:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-03-29 02:13:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13:08 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-03-29 02:13:04 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-03-29 02:13:00 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-03-29 02:12:56 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-03-29 02:12:48 29150720 ----a-w- C:\Windows\System32\amdocl64.dll
2013-03-29 02:10:52 23810560 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-03-29 02:09:04 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2013-03-29 02:09:00 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-03-29 02:04:42 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2013-03-29 02:00:54 76800 ----a-w- C:\Windows\System32\coinst_12.104.dll
2013-03-29 01:57:54 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-03-29 01:55:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-03-29 01:55:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-03-29 01:55:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-03-29 01:55:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-03-29 01:55:16 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-03-29 01:51:04 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-03-29 01:48:26 19870720 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-03-29 01:35:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-03-29 01:35:06 562688 ----a-w- C:\Windows\System32\atieclxx.exe
2013-03-29 01:34:18 241152 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-03-29 01:33:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2013-03-29 01:32:46 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-03-29 01:32:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2013-03-29 01:32:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2013-03-29 01:11:48 79360 ----a-w- C:\Windows\System32\amdave64.dll
2013-03-29 01:11:42 78336 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-03-29 01:11:32 74240 ----a-w- C:\Windows\System32\atisamu64.dll
2013-03-29 01:11:26 71168 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-03-29 01:10:30 636416 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-03-29 01:10:20 430080 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-03-29 01:10:08 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-03-29 01:10:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-03-29 01:10:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-03-29 01:10:00 44032 ----a-w- C:\Windows\System32\atig6txx.dll
2013-03-29 01:09:52 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-03-29 01:09:44 581120 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-03-29 01:07:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 0333 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-14 05:33:54 34032 ----a-w- C:\Windows\System32\drivers\seehcri.sys
2013-03-14 05:33:50 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2013-03-14 05:33:50 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-03-14 05:33:50 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys
2013-03-10 01:41:45 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2013-03-01 04:30:15 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-26 06:55:24 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2013-02-26 06:55:22 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-14 11:41:10 96768 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-02-14 11:40:58 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
.
============= FINISH: 14:23:24.90 ===============
Attached Files
File Type: zip attach.zip (12.9 KB, 13 views)

__________________
Firedrops is offline  
Old 05-14-2013, 10:00 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,632
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see a gmer log in order to help you.

Download GMER Rootkit Scanner from here and Save it to your Desktop.
  • Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
  • First, gmer will run a short, initial scan.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel-Programs->Programs and Features if it still exists:

ContinueToSave<<Please read this

Also delete the following Folders if they still exist:

C:\ProgramData\contaiynuettosaovve
C:\Program Files (x86)\ContinueToSave

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Programs->Programs and Features if it still exists:

Search Assistant WebSearch 1.74<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files (x86)\WebSearch

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-16-2013, 07:42 AM   #3
Registered Member
 
Join Date: Jul 2009
Location: Singapore
Posts: 143
OS: Windows 7 Ultimate SP1



Hi, thank you for the response. I have successfully carried out all your instructions except for the one with the GMER scan. It alway gives

" 0zuz7xel.exe has stopped working.

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is found."

I have tried again after using AdwCleaner and a restart, but the problem persists.

Adw log:

# AdwCleaner v2.300 - Logfile created 05/16/2013 at 22:02:23
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Larry - SYNAPSE
# Boot Mode : Normal
# Running from : C:\Users\Larry\Desktop\-\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\x45vyen1.default\searchplugins\WebSearch.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\Users\Larry\AppData\Local\PackageAware
Folder Deleted : C:\Users\Larry\AppData\LocalLow\Speedbit

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\contin~1\sprote~1.dll
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SpeedBit
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/08&hid=3373497460&lg=EN&cc=SG&unqvl=14 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/08&hid=3373497460&lg=EN&cc=SG&unqvl=14 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\x45vyen1.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/08&hi[...]
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("extensions.518a5e853ac8b.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("keyword.URL", "hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/08&hid=3373497460&l[...]
Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3803] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://websearch.lookforithere.info[...]

*************************

AdwCleaner[S1].txt - [5040 octets] - [16/05/2013 22:02:23]

########## EOF - C:\AdwCleaner[S1].txt - [5100 octets] ##########
__________________
Firedrops is offline  
Old 05-16-2013, 07:59 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,632
OS: XP SP3; Win7 32/64-bit



Hello Firedrops. Please do not wrap logs in code or quote boxes. It makes them harder to read. Thanks.

Is the machine behaving better now?

------------------------------------------------------

Please download aswMBR.exe to your desktop.
  • Double-click aswMBR.exe to run it.
  • When prompted to download the latest Avast! virus definitions, please choose Yes
  • Click the Scan button to start scan.
  • Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
  • Click Save log, and save it to your desktop.
  • Click Exit.
  • Please post the contents of that log, aswMBR.txt, in your next reply.
There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file to your next reply.

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.2.8.16.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-17-2013, 02:02 AM   #5
Registered Member
 
Join Date: Jul 2009
Location: Singapore
Posts: 143
OS: Windows 7 Ultimate SP1



Hi, noted about the log, sorry about that.

Thanks for the help, my computer appears to be uninfected now.

tdsskiller.exe showed no infections.

aswMBR.exe log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-17 16:24:15
-----------------------------
16:24:15.301 OS Version: Windows x64 6.1.7601 Service Pack 1
16:24:15.301 Number of processors: 4 586 0x3A09
16:24:15.301 ComputerName: SYNAPSE UserName: Larry
16:24:15.793 Initialize success
16:31:20.332 AVAST engine defs: 13051601
16:46:14.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
16:46:14.969 Disk 0 Vendor: M4-CT256M4SSD2 0309 Size: 244198MB BusType: 3
16:46:14.975 Disk 0 MBR read successfully
16:46:14.976 Disk 0 MBR scan
16:46:14.978 Disk 0 Windows 7 default MBR code
16:46:14.979 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:46:14.982 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 19899 MB offset 206848
16:46:14.984 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 224197 MB offset 40960000
16:46:14.992 Disk 0 scanning C:\Windows\system32\drivers
16:46:19.131 Service scanning
16:46:26.613 Modules scanning
16:46:26.616 Disk 0 trace - called modules:
16:46:26.619 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:46:26.622 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007233060]
16:46:26.626 3 CLASSPNP.SYS[fffff880019bb43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006c85060]
16:46:26.871 AVAST engine scan C:\Windows
16:46:27.727 AVAST engine scan C:\Windows\system32
16:48:36.443 AVAST engine scan C:\Windows\system32\drivers
16:48:41.835 AVAST engine scan C:\Users\Larry
16:53:12.902 AVAST engine scan C:\ProgramData
16:53:37.702 Scan finished successfully
16:58:13.978 Disk 0 MBR has been saved successfully to "C:\Users\Larry\Desktop\MBR.dat"
16:58:13.981 The log file has been saved successfully to "C:\Users\Larry\Desktop\aswMBR.txt"
__________________
Firedrops is offline  
Old 05-17-2013, 09:58 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,632
OS: XP SP3; Win7 32/64-bit



Hello again, Firedrops. You're welcome. Glad to hear it.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-18-2013, 07:40 AM   #7
Registered Member
 
Join Date: Jul 2009
Location: Singapore
Posts: 143
OS: Windows 7 Ultimate SP1



Hi, thank you for the continued assistance. I have done as per your instructions.

ComboFix log:

ComboFix 13-05-18.02 - Larry 18/05/2013 22:22:00.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.8079.5941 [GMT 8:00]
Running from: c:\users\Larry\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\contaiynuettosaovve
c:\programdata\Microsoft\Windows\Start Menu\Programs\contaiynuettosaovve\contaiynuettosaovve.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\contaiynuettosaovve\Uninstall.lnk
c:\programdata\ntuser.dat
c:\users\Larry\AppData\Local\assembly\tmp
c:\users\Larry\AppData\Roaming\baidu\hao123
c:\users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe.lnk
c:\windows\Downloaded Program Files\7894633
c:\windows\Downloaded Program Files\7894633\BaiduSetupAx_0.dll
c:\windows\ST6UNST.000
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
H:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-04-18 to 2013-05-18 )))))))))))))))))))))))))))))))
.
.
2013-05-18 14:25 . 2013-05-18 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-17 11:40 . 2013-05-17 11:40 -------- d-----w- c:\programdata\Nexon
2013-05-17 11:34 . 2013-05-17 11:34 -------- d-----w- c:\program files (x86)\Wizet
2013-05-17 07:18 . 2013-05-17 07:18 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 07:18 . 2013-05-17 07:18 -------- d-----w- c:\program files\iTunes
2013-05-17 07:18 . 2013-05-17 07:18 -------- d-----w- c:\program files (x86)\iTunes
2013-05-17 07:18 . 2013-05-17 07:18 -------- d-----w- c:\program files\iPod
2013-05-15 11:17 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 12:10 . 2013-05-14 12:10 -------- d-----w- c:\users\Larry\AppData\Roaming\AVG2013
2013-05-14 12:09 . 2013-05-14 12:09 -------- d-----w- c:\users\Larry\AppData\Roaming\TuneUp Software
2013-05-14 12:09 . 2013-05-14 12:10 -------- d-----w- c:\programdata\AVG2013
2013-05-14 12:09 . 2013-05-14 12:09 -------- d-----w- C:\$AVG
2013-05-14 12:09 . 2013-05-14 12:09 -------- d-----w- c:\program files (x86)\AVG
2013-05-14 12:07 . 2013-05-18 10:05 -------- d-----w- c:\programdata\MFAData
2013-05-14 12:07 . 2013-05-14 13:32 -------- d-----w- c:\users\Larry\AppData\Local\Avg2013
2013-05-14 12:07 . 2013-05-14 12:07 -------- d--h--w- c:\programdata\Common Files
2013-05-14 12:07 . 2013-05-14 12:07 -------- d-----w- c:\users\Larry\AppData\Local\MFAData
2013-05-12 09:30 . 2013-05-12 09:30 -------- d-----w- c:\users\Larry\AppData\Roaming\LavasoftStatistics
2013-05-12 08:30 . 2013-05-12 08:30 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-05-12 08:30 . 2013-05-12 08:30 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-12 08:30 . 2013-05-12 08:30 -------- d-----w- c:\users\Larry\AppData\Roaming\Ad-Aware Antivirus
2013-05-10 09:59 . 2013-05-10 09:59 -------- d-----w- c:\users\Larry\AppData\Local\My Games
2013-05-10 09:11 . 2013-05-10 09:11 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-10 09:11 . 2013-05-10 09:11 -------- d-----w- c:\users\Larry\AppData\Local\PunkBuster
2013-05-10 09:11 . 2013-05-10 09:11 -------- d-----w- c:\programdata\Orbit
2013-05-10 09:00 . 2013-05-10 09:00 -------- d-----w- c:\program files (x86)\FarCry 3
2013-05-08 13:37 . 2013-05-08 13:37 -------- d-----w- c:\programdata\StarApp
2013-05-04 05:56 . 2013-05-04 05:56 -------- d-----w- c:\users\Larry\AppData\Roaming\Theta
2013-05-01 12:08 . 2013-05-01 12:08 -------- d-----w- c:\users\Larry\AppData\Roaming\Media Player Classic
2013-05-01 12:07 . 2013-05-01 12:07 -------- d-----w- c:\users\Larry\AppData\Roaming\SVP 3.1
2013-05-01 12:07 . 2012-09-14 05:25 406016 ----a-w- c:\windows\SysWow64\avisynth.dll
2013-05-01 12:07 . 2013-05-01 12:07 -------- d-----w- c:\program files (x86)\Haali
2013-05-01 12:07 . 2013-05-01 12:07 -------- d-----w- c:\program files (x86)\SVP
2013-05-01 10:42 . 2013-05-01 10:42 -------- d-----w- c:\program files (x86)\ffdshow
2013-05-01 10:42 . 2013-01-06 14:22 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2013-05-01 10:42 . 2013-05-01 10:42 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2013-04-30 13:42 . 2013-04-30 13:43 -------- d-----w- c:\users\Larry\.shsh
2013-04-29 13:33 . 2013-04-29 13:33 -------- d-----w- c:\users\Larry\AppData\Local\IsolatedStorage
2013-04-28 14:34 . 2013-04-28 14:34 -------- d-----w- c:\program files (x86)\AMD AVT
2013-04-28 14:34 . 2013-04-28 14:34 -------- d-----w- c:\programdata\ATI
2013-04-28 12:18 . 2011-04-12 03:39 1579520 ------w- c:\windows\system32\athrx.sys
2013-04-27 13:36 . 2013-04-27 13:36 -------- d-----w- c:\users\Larry\AppData\Roaming\FreemakeVideoDownloader
2013-04-27 11:52 . 2013-04-28 09:11 -------- d-----w- c:\program files\Core Temp
2013-04-24 07:59 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 13:51 . 2013-04-21 13:51 -------- d-----w- c:\program files (x86)\LOLReplay
2013-04-21 04:23 . 2013-04-28 13:30 -------- d-----w- c:\users\Larry\AppData\Local\Jutera
2013-04-21 03:40 . 2013-04-21 03:40 -------- d-----w- c:\users\Larry\AppData\Local\Focus Home Interactive
2013-04-21 03:40 . 2013-04-21 03:40 -------- d-----w- c:\program files (x86)\Focus Home Interactive
2013-04-21 02:41 . 2013-04-21 02:41 -------- d-----w- c:\program files (x86)\GPU-Z
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 14:43 . 2012-07-02 23:18 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 12:36 . 2012-06-30 02:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 12:36 . 2012-06-30 02:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-10 09:11 . 2013-03-01 04:30 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-10 09:09 . 2013-03-01 04:30 282512 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-10 09:09 . 2013-03-01 04:30 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 13:15 . 2013-04-18 13:15 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-18 13:15 . 2012-06-30 02:45 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-18 13:15 . 2012-06-30 02:45 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-15 11:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 11:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 11:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 11:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 11:17 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 11:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-04 06:50 . 2012-07-02 01:02 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-03-29 02:37 . 2012-02-24 16:22 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-03-29 02:37 . 2012-09-28 01:11 112440 ----a-w- c:\windows\system32\atiu9p64.dll
2013-03-29 02:37 . 2012-02-24 16:22 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-03-29 02:37 . 2012-02-24 16:21 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-03-29 02:37 . 2012-02-24 17:20 1155264 ----a-w- c:\windows\system32\aticfx64.dll
2013-03-29 02:37 . 2012-02-24 17:22 970912 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-03-29 02:36 . 2012-02-24 16:58 8272136 ----a-w- c:\windows\system32\atidxx64.dll
2013-03-29 02:36 . 2013-03-29 02:36 7233336 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-03-29 02:36 . 2012-02-24 16:39 4450264 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-03-29 02:36 . 2012-02-24 16:41 5944264 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-03-29 02:36 . 2012-09-28 01:31 5000320 ----a-w- c:\windows\system32\atiumd6a.dll
2013-03-29 02:36 . 2012-09-28 01:25 6985624 ----a-w- c:\windows\system32\atiumd64.dll
2013-03-29 02:35 . 2013-03-29 02:35 11658752 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-03-29 02:13 . 2013-03-29 02:13 222720 ----a-w- c:\windows\system32\clinfo.exe
2013-03-29 02:13 . 2013-03-29 02:13 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13 . 2013-03-29 02:13 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-03-29 02:13 . 2013-03-29 02:13 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-03-29 02:13 . 2013-03-29 02:13 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13 . 2013-03-29 02:13 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-03-29 02:13 . 2013-03-29 02:13 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-03-29 02:13 . 2013-03-29 02:13 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2013-03-29 02:12 . 2013-03-29 02:12 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-03-29 02:12 . 2013-03-29 02:12 29150720 ----a-w- c:\windows\system32\amdocl64.dll
2013-03-29 02:10 . 2012-12-19 07:38 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-03-29 02:09 . 2013-03-29 02:09 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-29 02:09 . 2013-03-29 02:09 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-03-29 02:04 . 2013-03-29 02:04 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2013-03-29 02:00 . 2013-03-29 02:00 76800 ----a-w- c:\windows\system32\coinst_12.104.dll
2013-03-29 01:57 . 2013-03-29 01:57 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-03-29 01:55 . 2013-03-29 01:55 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-03-29 01:55 . 2013-03-29 01:55 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-03-29 01:55 . 2013-03-29 01:55 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-03-29 01:55 . 2013-03-29 01:55 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-03-29 01:55 . 2013-03-29 01:55 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-03-29 01:51 . 2013-03-29 01:51 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-03-29 01:48 . 2013-03-29 01:48 19870720 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-03-29 01:35 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-03-29 01:35 . 2013-03-29 01:35 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-03-29 01:34 . 2013-03-29 01:34 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-03-29 01:33 . 2013-03-29 01:33 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-03-29 01:32 . 2013-03-29 01:32 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-03-29 01:32 . 2013-03-29 01:32 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-03-29 01:32 . 2013-03-29 01:32 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-03-29 01:11 . 2013-03-29 01:11 79360 ----a-w- c:\windows\system32\amdave64.dll
2013-03-29 01:11 . 2013-03-29 01:11 78336 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-03-29 01:11 . 2013-03-29 01:11 74240 ----a-w- c:\windows\system32\atisamu64.dll
2013-03-29 01:11 . 2013-03-29 01:11 71168 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-03-29 01:10 . 2012-09-28 01:13 636416 ----a-w- c:\windows\system32\atiadlxx.dll
2013-03-29 01:10 . 2012-10-13 15:58 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-03-29 01:10 . 2013-03-29 01:10 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 44032 ----a-w- c:\windows\system32\atig6txx.dll
2013-03-29 01:09 . 2012-12-19 19:33 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-03-29 01:09 . 2013-03-29 01:09 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-03-29 01:07 . 2013-03-29 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-03-28 18:53 . 2013-03-28 18:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-20 19:08 . 2013-03-20 19:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-03-19 06:04 . 2013-04-10 12:21 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:21 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:21 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:21 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:21 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-14 05:33 . 2013-03-14 05:33 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys
2013-03-14 05:33 . 2013-03-14 05:33 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-03-14 05:33 . 2013-03-14 05:33 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-03-14 05:33 . 2013-03-14 05:33 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-03-10 01:41 . 2013-03-10 06:03 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2013-03-01 04:30 . 2013-03-01 04:30 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-02-26 06:55 . 2013-02-26 06:55 71680 ----a-w- c:\windows\system32\frapsv64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2012-12-04 06:34 431784 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"tixati"="c:\program files\tixati\tixati.exe" [2013-05-14 22696848]
"MiniBin"="c:\program files (x86)\MiniBin\minibin.exe" [2012-03-14 56832]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-12-04 3811544]
"F.lux"="c:\users\Larry\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-05-09 9829680]
"iFunBoxConnector"="c:\program files (x86)\i-Funbox DevTeam\ifb_conn.exe" [2012-11-19 812544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GamingMouse"="c:\program files (x86)\COMPASS Configurator\hid.exe" [2012-04-20 271872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-02-14 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-05-22 502328]
"ControlCenterCount"="c:\program files (x86)\MSI\ControlCenter\ControlCenterCount.exe" [2012-03-27 872448]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
c:\users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Larry\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-10 27151288]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-8-19 41160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2013-4-14 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-11-05 191488]
R2 WyseRemoteAccess;Wyse Remote Access;c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [2012-11-05 1436160]
R3 DCamUSBSTK03N;Standard_Camera;c:\windows\system32\DRIVERS\STK03NW2.sys [2009-12-18 113288]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-03-14 14448]
R3 GPU-Z;GPU-Z;c:\users\Larry\AppData\Local\Temp\GPU-Z.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [2011-12-12 17936]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 rak;rak;c:\game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2013-01-23 13368]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-30 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-07 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-07 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-07 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-07 45880]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-12 14456]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-28 246072]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-07 206136]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-20 240952]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-25 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-29 241152]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-04-25 4936752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-17 283136]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-02-07 101376]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-02-07 9216]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-10 189608]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [2012-05-22 142904]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 ALSysIO;ALSysIO;c:\users\Larry\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-02-14 96768]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2013-03-14 34032]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 12:36]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531268803-2396245915-1512792176-1000Core.job
- c:\users\Larry\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 03:05]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531268803-2396245915-1512792176-1000UA.job
- c:\users\Larry\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 03:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2012-11-05 935312]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-07-22 464744]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
FF - ProfilePath - c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\x45vyen1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-LoL - c:\program files (x86)\GarenaLoL\uninst.exe
AddRemove-SP_e14dcdfa - c:\program files (x86)\ContinueToSave\uninstall.exe
AddRemove-{503EFEA6-1BB5-6525-2AC9-FC49E8B9548D} - c:\progra~3\INSTAL~1\{95BF4~1\Setup.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\contaiynuettosaovve\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2531268803-2396245915-1512792176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2531268803-2396245915-1512792176-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-2531268803-2396245915-1512792176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2531268803-2396245915-1512792176-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d2,d8,88,9c,c9,da,75,1b,6f,ac,83,b3,29,81,03,0b,c0,27,2b,33,fb,87,d5,
3c,d9,e6,ef,09,1d,05,bc,19,06,e2,af,16,6f,8f,2e,7f,f2,5d,0c,03,48,57,ca,af,\
"??"=hex:da,e0,33,f9,9a,4b,29,ae,f3,18,7e,b6,00,c0,58,f4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\fraps\fraps.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2013-05-18 22:28:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-18 14:28
.
Pre-Run: 9,683,034,112 bytes free
Post-Run: 1,857,753,088 bytes free
.
- - End Of File - - 4E4BB0F5235A6DD7BE1F20553EDC0E4F
__________________
Firedrops is offline  
Old 05-18-2013, 05:20 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,632
OS: XP SP3; Win7 32/64-bit



Hello again, Firedrops. You're very welcome. Almost done.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Program Files (x86)\WebSearch"

A DOS window will open and close again, this is normal.

Repeat for the following:

cmd /c rd /s /q "C:\Program Files (x86)\ContinueToSave"

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java 7 Update 10 (64-bit)

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Leave this one as it has the latest definitions:

Java 7 Update 21

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

When updating in the future, make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-23-2013, 12:49 AM   #9
Registered Member
 
Join Date: Jul 2009
Location: Singapore
Posts: 143
OS: Windows 7 Ultimate SP1



Hi, thank you for your continued assistance. I have done as per instructed, but please give me a little more time for the ESET log; it took over 6 hours at 99% yesterday and I couldn't keep the computer running for any longer.

MBAM log:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.05.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Larry :: SYNAPSE [administrator]

22/5/2013 3:53:20 PM
mbam-log-2013-05-22 (15-53-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221420
Time elapsed: 1 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
__________________
Firedrops is offline  
Old 05-23-2013, 06:33 AM   #10
Registered Member
 
Join Date: Jul 2009
Location: Singapore
Posts: 143
OS: Windows 7 Ultimate SP1



Alright ESET's done, woo finally.

Log:

C:\Android\Root\Full Backup\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_08_12\Apps\bighead.wallpaper.dongman.yinghua1_138.apk a variant of Android/Adware.Waps.E application
C:\Android\Root\Full Backup\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_08_12\Apps\com.jb.gosms.theme.aSimpleTheme2_15.apk a variant of Android/Adware.AirPush.G application
C:\Android\Root\Full Backup\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_08_12\Apps\com.jb.gosms.theme.CloudsTheme_14.apk a variant of Android/Adware.AirPush.G application
__________________
Firedrops is offline  
Old 05-23-2013, 11:06 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,632
OS: XP SP3; Win7 32/64-bit



Hello again, Firedrops. You're very welcome.

Up to you whether to delete those ESET finds.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable Security Essentials before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure all your applications and browsers are up-to-date by visiting Secunia Online Software Inspector here:

Free Online Computer Scan - Online Software Inspector (OSI) - Secunia
  • Click 'Start Scanner'
  • Wait for Status/Currently Processing: at the lower left to say 'Java Applet loaded successfully. Press "Start" to begin.'
  • Click 'Start'.
  • The scan should take less than a minute or so.
  • When done, download and install all the recommended updates.
  • This will help ensure the malware writers cannot use exploits(bugs) in older versions of your applications to infect your computer in the future.
------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-27-2013, 03:58 AM   #12
Registered Member
 
Join Date: Jul 2009
Location: Singapore
Posts: 143
OS: Windows 7 Ultimate SP1



Hi, thank you once again for all the help. I've noted down these software in case I need them again! :)
__________________
Firedrops is offline  
Old 05-27-2013, 01:23 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,632
OS: XP SP3; Win7 32/64-bit



You're very welcome, Firedrops! Glad to have helped.

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there any undetectable spyware?
I have been monitoring a computer for three years with a guaranteed undetectable program, Webwatcher, which was detected and removed. Does anyone know of monitoring software that cannot be detected? The target is a PC and I was reading the transmitted data on a Mac. It was elegant until it was...
wendygoodman General Computer Security 1 12-06-2012 05:19 PM
Possible spyware/adware + iexplorer.exe virus?
Hi there I've had this problem for the past few days where the computer just laggs out completely when playing games and doing heavy processing tasks, I then noticed shortly after whenever I do a google search that I get multiple re-directs to other websites such as 'web answers fast'. From...
-Lee- Resolved HJT Threads 1 11-01-2011 12:39 PM
Changed SSID now router undetectable...
As title says, router is a d link dsr 2460r. Help please got a student at my house with big uni exam on friday
Edbug Modems/Cable/DSL/Satellite 6 02-28-2011 12:38 PM
Undetectable malware
Hello I have an unusual problem with possibly a really annoying malware type infection. Symptoms I know of: Changes startup page in mozilla firefox to hxxp://mmwwx.com.ar Blocks the functionality of various antivirus sotwares: BitDefender Total Security (trial) - Gets "Access denied" while...
6470 Resolved HJT Threads 7 01-20-2011 03:42 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 12:17 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts