Jump to content

Kashik

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Kashik
    C:\Documents and Settings\Kashik\Documents\Old Stuff\From Black Computer\Programs\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application C:\Documents and Settings\Kashik\Documents\Old Stuff\From Silver Computer\Downloads\OrbitSetup4.0.4.exe Win32/OpenCandy application C:\Documents and Settings\Kashik\Documents\Old Stuff\From Silver Computer\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application C:\Documents and Settings\Kashik\Downloads\netbeans-ide.exe a variant of Win32/DomaIQ.A application C:\Documents and Settings\Kashik\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application C:\Documents and Settings\Kashik\Downloads\windows.7.codec.pack.v4.0.3.setup.exe probably a variant of Win32/Toolbar.Widgi application C:\Documents and Settings\Kashik\Downloads\youtube_downloader_hd_setup(1).exe Win32/OpenCandy application C:\Documents and Settings\Kashik\Downloads\youtube_downloader_hd_setup.exe Win32/OpenCandy application C:\Documents and Settings\Kashik\Downloads\network3com-01\DriverUpdaterSetup-2.0.0.4701.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Documents and Settings\Kashik\Dropbox\Web110\PUSHP-PC.eml Win32/Chir.B virus C:\Users\Kashik\Documents\Old Stuff\From Black Computer\Programs\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application C:\Users\Kashik\Documents\Old Stuff\From Silver Computer\Downloads\OrbitSetup4.0.4.exe Win32/OpenCandy application C:\Users\Kashik\Documents\Old Stuff\From Silver Computer\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application C:\Users\Kashik\Downloads\netbeans-ide.exe a variant of Win32/DomaIQ.A application C:\Users\Kashik\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application C:\Users\Kashik\Downloads\windows.7.codec.pack.v4.0.3.setup.exe probably a variant of Win32/Toolbar.Widgi application C:\Users\Kashik\Downloads\youtube_downloader_hd_setup(1).exe Win32/OpenCandy application C:\Users\Kashik\Downloads\youtube_downloader_hd_setup.exe Win32/OpenCandy application C:\Users\Kashik\Downloads\network3com-01\DriverUpdaterSetup-2.0.0.4701.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Kashik\Dropbox\Web110\PUSHP-PC.eml Win32/Chir.B virus
  2. Kashik
    Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.09.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kashik :: WATERBIRD-CI [administrator] Protection: Enabled 2/9/2013 9:16:07 PM mbam-log-2013-02-09 (21-16-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 334798 Time elapsed: 5 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:06:15 PM, on 2/10/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Kashik\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Users\Kashik\Downloads\HijackThis(2).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder O4 - HKLM\..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Kashik\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - Startup: Hauppauge Device Central Tray Tool.lnk = C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HcwDevCentralService - Hauppauge Computer Works, Inc. - C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15338 bytes Before going through and following your latest set of instructions I had started experiencing the redirect again. So far after following the instructions I have not had any redirect. I will have to let you know within the next couple days if it begins to reoccur or not, for whatever the reason it seems to take a couple days to crop up agian.
  3. Kashik
    Sorry but I'm currently caught up in some college home work, I will get to this as soon as I have time. I would like to know though why I'm unstalling McAfee because it is a registered vers.
  4. Kashik
    Extra Combofix Report Tools for .Net 3.5 Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.5) Age of Chivalry Apple Application Support Apple Software Update ArcSoft ShowBiz ASUS nVidia Driver AudioGenie Blend for Visual Studio 2012 Blend for Visual Studio 2012 ENU resources BlueJ 3.0.2 Chicken Shake Game ControlCenter Definition update for Microsoft Office 2010 (KB982726) Dotfuscator and Analytics Community Edition EasyViewer Entity Framework Designer for Visual Studio 2012 - enu eSobi v2 FileZilla Client 3.6.0.1 Firebird SQL Server - MAGIX Edition GeoSetter 3.4.16 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hauppauge Device Central Hotfix for Microsoft Visual C# 2010 Express - ENU (KB982218) Intel® Management Engine Components Java 7 Update 9 Java Auto Updater JavaFX 2.1.1 jGRASP Kotor Tool Live Update 5 LocalESPC LocalESPCui for en-us MAGIX Video easy SE Malwarebytes Anti-Malware version 1.70.0.1100 McAfee AntiVirus Plus McAfee Security Scan Plus Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft .NET Framework 4.5 Multi-Targeting Pack Microsoft .NET Framework 4.5 SDK Microsoft Application Error Reporting Microsoft ASP.NET MVC 3 Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools Microsoft ASP.NET MVC 4 Runtime Microsoft ASP.NET Web Pages Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools Microsoft ASP.NET Web Pages 2 Runtime Microsoft Expression Blend 3 SDK Microsoft Expression Blend 4 Microsoft Expression Blend 4 Add-in for Adobe FXG Import Microsoft Expression Blend SDK for .NET 4 Microsoft Expression Blend SDK for Silverlight 4 Microsoft Expression Blend SDK for Windows Phone 7 Microsoft Games for Windows - LIVE Redistributable Microsoft GIF Animator Microsoft Help Viewer 2.0 Microsoft LightSwitch for Visual Studio 2012 Core Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU Microsoft NuGet - Visual Studio 2012 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Portable Library Multi-Targeting Pack Microsoft Portable Library Multi-Targeting Pack Language Pack - enu Microsoft Report Viewer Add-On for Visual Studio 2012 Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft Silverlight 5 SDK Microsoft Silverlight Tools for Visual Studio 2010 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2012 Data-Tier App Framework Microsoft SQL Server 2012 Management Objects Microsoft SQL Server 2012 T-SQL Language Service Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Data Tools - enu (11.1.20627.00) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) Microsoft SQL Server System CLR Types Microsoft System CLR Types for SQL Server 2012 Microsoft Visual C# 2010 Express - ENU Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Compilers Microsoft Visual C++ 2012 Compilers - ENU Resources Microsoft Visual C++ 2012 Core Libraries Microsoft Visual C++ 2012 Extended Libraries Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Express for Windows Phone - ENU Microsoft Visual Studio 2012 Devenv Microsoft Visual Studio 2012 Devenv Resources Microsoft Visual Studio 2012 IntelliTrace Core x86 Microsoft Visual Studio 2012 IntelliTrace Front End x86 Microsoft Visual Studio 2012 Preparation Microsoft Visual Studio 2012 SharePoint Developer Tools Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack Microsoft Visual Studio 2012 Shell (Minimum) Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies Microsoft Visual Studio 2012 Shell (Minimum) Resources Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU Microsoft Visual Studio Premium 2012 Microsoft Visual Studio Premium 2012 - ENU Microsoft Visual Studio Professional 2012 Microsoft Visual Studio Professional 2012 - ENU Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU Microsoft Visual Studio Ultimate 2012 Microsoft Visual Studio Ultimate 2012 - ENU Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources Microsoft Web Deploy dbSqlPackage Provider - enu Microsoft Web Developer Tools - Visual Studio 2012 Microsoft Windows Phone 7 Developer Resources Microsoft Windows Phone Developer Tools - ENU Microsoft XNA Framework Redistributable 4.0 Microsoft XNA Game Studio 4.0 Microsoft XNA Game Studio 4.0 (ARP entry) Microsoft XNA Game Studio 4.0 (Redists) Microsoft XNA Game Studio 4.0 (Shared Components) Microsoft XNA Game Studio 4.0 (Visual Studio) Microsoft XNA Game Studio 4.0 (XnaLiveProxy) Microsoft XNA Game Studio 4.0 Documentation Microsoft XNA Game Studio 4.0 Windows Phone Extensions Microsoft XNA Game Studio Platform Tools Mozilla Firefox 18.0.2 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.2 (x86 en-US) MSI Q-Face MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) mufin player 2.0 Mumble 1.2.3 Norton Online Backup Notepad++ NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Octoshape Streaming Services Orbit Downloader Origin PhotoME Beta-Release PreEmptive Analytics Visual Studio Components Prerequisites for SSDT QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Roll Security Update for Microsoft .NET Framework 4.5 (KB2729460) Security Update for Microsoft .NET Framework 4.5 (KB2737083) Security Update for Microsoft .NET Framework 4.5 (KB2742613) Sid Meier's Civilization V Skype™ 6.1 Splashtop Connect for Firefox Splashtop Connect IE Spybot - Search & Destroy Star Mission Game Star Wars Knights of the Old Republic Star Wars® Knights of the Old Republic® II: The Sith Lords Star Wars: The Old Republic StarCraft II Steam Super-Charger Teaming Genie TextPad 6 TI Connect 1.6 Update for (KB2504637) Update for Microsoft .NET Framework 4.5 (KB2750147) VideoGenie Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU Visual Studio Extensions for Windows Library for JavaScript WCF Data Services 5.0 (for OData v3) Primary Components WCF Data Services Tools for Microsoft Visual Studio 2012 WCF RIA Services V1.0 SP2 Windows 7 Codec Pack 4.0.3 Windows App Certification Kit x64 Windows Phone 7 Add-in for Visual Studio 2010 - ENU Windows Runtime Intellisense Content - en-us Windows Software Development Kit Windows Software Development Kit DirectX x86 Remote Windows Software Development Kit for Windows Store Apps Windows Software Development Kit for Windows Store Apps DirectX x86 Remote Wolfram CDF Player (M-WIN-D 9.0.0 3942419) WPF Toolkit February 2010 (Version 3.5.50211.1) Youtube Downloader HD v. 2.9.5
  5. Kashik
    ComboFix Log ComboFix 13-02-03.03 - Kashik 02/06/2013 10:20:22.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.5859 [GMT -5:00] Running from: c:\users\Kashik\Desktop\ComboFix.exe Command switches used :: c:\users\Kashik\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.dat . . ((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 ))))))))))))))))))))))))))))))) . . 2013-02-06 15:32 . 2013-02-06 15:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-02-06 15:32 . 2013-02-06 15:32 -------- d-----w- c:\users\Tac\AppData\Local\temp 2013-02-06 15:32 . 2013-02-06 15:32 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-02-06 15:32 . 2013-02-06 15:32 -------- d-----w- c:\users\EB\AppData\Local\temp 2013-02-06 15:32 . 2013-02-06 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-06 15:32 . 2013-02-06 15:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-02-04 15:59 . 2013-02-04 15:59 -------- d-----w- c:\users\Kashik\AppData\Local\Octoshape 2013-02-04 15:59 . 2013-02-04 15:59 -------- d-----w- c:\users\Kashik\AppData\Roaming\Octoshape 2013-02-03 04:40 . 2013-02-03 04:40 -------- d-----w- c:\program files\DIFX 2013-02-03 04:40 . 2009-09-03 21:30 128512 ----a-w- c:\windows\system32\drivers\tiehdusb.sys 2013-02-03 04:40 . 2013-02-03 04:40 -------- d-----w- c:\program files (x86)\Common Files\TI Shared 2013-02-03 04:40 . 2013-02-03 04:40 -------- d-----w- c:\program files (x86)\TI Education 2013-02-03 04:35 . 2013-02-03 04:35 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-02-03 03:41 . 2013-02-03 03:41 -------- d-----w- c:\program files (x86)\jGRASP 2013-02-03 03:37 . 2013-02-03 03:37 -------- d-----w- c:\users\Kashik\.netbeans 2013-02-03 03:37 . 2013-02-03 03:37 -------- d-----w- c:\users\Kashik\.netbeans-registration 2013-02-03 03:35 . 2013-02-03 03:37 -------- d-----w- c:\program files\NetBeans 6.9.1 2013-02-03 03:34 . 2013-02-03 03:34 -------- d-----w- C:\eclipse-java-helios-win32-x86_64 2013-02-03 03:29 . 2013-02-03 03:29 -------- d-----w- C:\eclipse-java-helios-win32 2013-02-03 03:27 . 2013-02-03 03:30 -------- d-----w- c:\users\Kashik\bluej 2013-02-03 03:27 . 2013-02-03 03:27 -------- d-----w- C:\BlueJ 2013-02-03 02:42 . 2013-02-05 16:59 -------- d-----w- C:\JavaP 2013-01-25 17:17 . 2013-01-25 17:17 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-01-24 22:49 . 2013-01-24 22:49 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-01-22 07:40 . 2013-01-22 07:45 -------- d-----w- c:\users\Kashik\AppData\Roaming\.techniclauncher 2013-01-22 07:40 . 2013-01-22 07:44 -------- d-----w- c:\users\Kashik\AppData\Roaming\logs 2013-01-22 04:57 . 2013-01-22 04:57 -------- d-----w- c:\program files (x86)\TextPad 6 2013-01-18 01:58 . 2012-05-28 15:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-01-18 01:56 . 2012-11-09 11:37 177680 ----a-w- c:\windows\system32\mfevtps.exe 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\ja-JP 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\SysWow64\ja 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\ja-JP 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\SysWow64\drivers\ja-JP 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\SysWow64\0411 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\SysWow64\wbem\ja-JP 2013-01-12 11:47 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\ja-JP 2013-01-12 11:47 . 2013-01-12 11:47 -------- d-----w- c:\windows\system32\ja 2013-01-12 11:47 . 2013-01-12 11:47 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP 2013-01-12 11:47 . 2013-01-12 11:47 -------- d-----w- c:\windows\system32\0411 2013-01-12 11:47 . 2013-01-12 11:47 -------- d-----w- c:\windows\system32\wbem\ja-JP 2013-01-12 11:41 . 2010-11-20 10:27 287744 ----a-w- c:\windows\system32\lzhfldr2.dll 2013-01-12 11:41 . 2010-11-20 09:20 266240 ----a-w- c:\windows\SysWow64\lzhfldr2.dll 2013-01-12 11:40 . 2009-07-13 23:15 377856 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll 2013-01-12 11:40 . 2009-07-13 23:15 1179136 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll 2013-01-12 11:40 . 2009-07-13 23:15 9728 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll 2013-01-12 11:40 . 2009-07-13 23:07 11507712 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll 2013-01-12 11:40 . 2009-07-14 00:12 3072 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ja-JP\LXKPTPRC.DLL.mui 2013-01-12 11:40 . 2009-07-13 23:41 492032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll 2013-01-12 11:40 . 2009-07-13 23:41 1198080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll 2013-01-12 11:40 . 2009-07-13 23:40 11776 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll 2013-01-12 11:40 . 2009-07-13 23:29 11507712 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\SysWow64\drivers\da-DK 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\SysWow64\wbem\da-DK 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\SysWow64\da 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\da-DK 2013-01-12 11:38 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\da-DK 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\system32\drivers\UMDF\da-DK 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\system32\wbem\da-DK 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\system32\da 2013-01-12 11:32 . 2009-07-14 00:01 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\da-DK\LXKPTPRC.DLL.mui 2013-01-12 11:30 . 2013-01-12 11:30 -------- d-----w- c:\windows\SysWow64\wbem\ro-RO 2013-01-12 11:30 . 2013-01-12 11:30 -------- d-----w- c:\windows\SysWow64\drivers\ro-RO 2013-01-12 11:30 . 2013-01-12 11:30 -------- d-----w- c:\windows\ro-RO 2013-01-12 11:30 . 2013-01-12 11:30 -------- d-----w- c:\windows\system32\drivers\ro-RO 2013-01-12 11:30 . 2013-01-12 11:30 -------- d-----w- c:\windows\system32\wbem\ro-RO 2013-01-12 11:24 . 2013-01-12 11:24 -------- d-----w- c:\windows\SysWow64\drivers\hr-HR 2013-01-12 11:24 . 2013-01-12 11:24 -------- d-----w- c:\windows\SysWow64\wbem\hr-HR 2013-01-12 11:24 . 2013-01-12 11:24 -------- d-----w- c:\windows\system32\drivers\hr-HR 2013-01-12 11:24 . 2013-01-12 11:24 -------- d-----w- c:\windows\hr-HR 2013-01-12 11:24 . 2013-01-12 11:24 -------- d-----w- c:\windows\system32\wbem\hr-HR 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\SysWow64\zh-CHT 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\SysWow64\wbem\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\SysWow64\wbem\zh-HK 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\SysWow64\drivers\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\system32\zh-CHT 2013-01-12 11:16 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\system32\drivers\zh-HK 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\system32\wbem\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\system32\wbem\zh-HK 2013-01-12 11:09 . 2009-07-13 23:15 424448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwcht.dll 2013-01-12 11:09 . 2009-07-13 23:07 15720448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwchtr.dll 2013-01-12 11:09 . 2009-07-14 01:06 3072 ----a-w- c:\windows\system32\Spool\prtprocs\x64\zh-TW\LXKPTPRC.DLL.mui 2013-01-12 11:09 . 2009-07-13 23:41 492544 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwcht.dll 2013-01-12 11:09 . 2009-07-13 23:29 15720448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwchtr.dll 2013-01-12 11:07 . 2013-01-12 11:07 -------- d-----w- c:\windows\pt-BR 2013-01-12 11:07 . 2013-01-12 11:07 -------- d-----w- c:\windows\SysWow64\drivers\pt-BR 2013-01-12 11:07 . 2013-01-12 11:07 -------- d-----w- c:\windows\SysWow64\wbem\pt-BR 2013-01-12 11:07 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\pt-BR 2013-01-12 11:07 . 2013-01-12 11:07 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR 2013-01-12 11:07 . 2013-01-12 11:07 -------- d-----w- c:\windows\system32\wbem\pt-BR 2013-01-12 11:02 . 2009-07-13 23:48 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\pt-BR\LXKPTPRC.DLL.mui 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\pt-PT 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\SysWow64\wbem\pt-PT 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\SysWow64\drivers\pt-PT 2013-01-12 10:54 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\pt-PT 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\system32\wbem\pt-PT 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\system32\pt 2013-01-12 10:48 . 2009-07-13 23:57 4096 ----a-w- c:\windows\system32\Spool\prtprocs\x64\pt-PT\LXKPTPRC.DLL.mui 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\SysWow64\drivers\pl-PL 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\SysWow64\wbem\pl-PL 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\SysWow64\pl 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\pl-PL 2013-01-12 10:46 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\pl-PL 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\system32\drivers\UMDF\pl-PL 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\system32\wbem\pl-PL 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\system32\pl 2013-01-12 10:40 . 2009-07-13 23:48 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\pl-PL\LXKPTPRC.DLL.mui 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\tr-TR 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\SysWow64\wbem\tr-TR 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\SysWow64\tr 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\SysWow64\drivers\tr-TR 2013-01-12 10:37 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\tr-TR 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\system32\tr 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\system32\drivers\UMDF\tr-TR 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\system32\wbem\tr-TR 2013-01-12 10:31 . 2009-07-13 23:48 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\tr-TR\LXKPTPRC.DLL.mui 2013-01-12 10:29 . 2013-01-12 10:29 -------- d-----w- c:\windows\SysWow64\drivers\bg-BG 2013-01-12 10:29 . 2013-01-12 10:29 -------- d-----w- c:\windows\SysWow64\wbem\bg-BG 2013-01-12 10:29 . 2013-01-12 10:29 -------- d-----w- c:\windows\system32\drivers\bg-BG 2013-01-12 10:29 . 2013-01-12 10:29 -------- d-----w- c:\windows\bg-BG 2013-01-12 10:29 . 2013-01-12 10:29 -------- d-----w- c:\windows\system32\wbem\bg-BG 2013-01-12 10:21 . 2013-01-12 10:21 -------- d-----w- c:\windows\SysWow64\zh-CHS . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-25 17:17 . 2012-07-12 02:29 960416 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-25 17:17 . 2012-07-12 02:29 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-09 09:51 . 2012-07-12 02:58 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 09:51 . 2012-07-12 02:58 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 04:32 . 2012-07-21 17:36 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-25 22:43 . 2012-11-07 20:33 791856 ----a-w- c:\windows\system32\drivers\hcwE5bda.sys 2012-12-25 22:43 . 2012-11-07 20:16 45056 ----a-w- c:\windows\system32\hcwD1ep.ax 2012-12-25 22:43 . 2012-11-07 20:16 41984 ----a-w- c:\windows\SysWow64\hcwD1ep.ax 2012-12-25 22:43 . 2012-11-07 20:14 125440 ----a-w- c:\windows\system32\hcwE5prx.ax 2012-12-25 22:43 . 2012-11-07 20:12 126464 ----a-w- c:\windows\SysWow64\hcwE5prx.ax 2012-12-16 17:11 . 2013-01-03 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2013-01-03 05:47 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2013-01-03 05:47 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2013-01-03 05:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 21:49 . 2012-10-10 06:01 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-09 04:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-12 06:34 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 06:34 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 06:34 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 06:34 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 06:34 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 06:34 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 06:34 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 06:34 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 06:34 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 06:34 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 06:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 06:34 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 06:34 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 06:34 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 06:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 06:34 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 06:34 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 06:34 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 06:34 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 06:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 06:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 06:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 11:40 . 2012-11-09 11:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 11:37 . 2012-11-09 11:37 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 11:35 . 2012-11-09 11:35 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 11:34 . 2012-11-09 11:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 11:34 . 2012-11-09 11:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 11:33 . 2012-11-09 11:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-11-09 05:45 . 2012-12-12 06:33 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 06:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-02-14 165776] . [HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}] [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}] [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-07 1354736] "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] "Octoshape Streaming Services"="c:\users\Kashik\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Live Update 5"="c:\program files (x86)\MSI\Live Update 5\LU5.exe" [2011-05-09 1277952] "NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160] . c:\users\Kashik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Hauppauge Device Central Tray Tool.lnk - c:\program files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe [2012-12-25 578456] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] R4 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384] R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2010-11-26 497480] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 hcwE5bda;Hauppauge Siena Video Capture;c:\windows\system32\drivers\hcwE5bda.sys [2012-12-25 791856] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976] S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\DRIVERS\MSILiveVirtualCamera.sys [2007-01-29 456192] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 13:49 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 09:51] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 03:32] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 03:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-03 6628968] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Kashik\AppData\Roaming\Mozilla\Firefox\Profiles\xgwwv71x.default\ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - ExtSQL: 2012-12-16 06:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Kashik\AppData\Roaming\Mozilla\Firefox\Profiles\xgwwv71x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-01-02 11:21; {35379F86-8CCB-4724-AE33-4278DE266C70}; c:\program files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader . - - - - ORPHANS REMOVED - - - - . Notify-SDWinLogon - SDWinLogon.dll ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-06 10:36:06 ComboFix-quarantined-files.txt 2013-02-06 15:36 ComboFix2.txt 2013-02-06 07:33 . Pre-Run: 1,238,795,071,488 bytes free Post-Run: 1,238,329,159,680 bytes free . - - End Of File - - 672215A6A1C095735536D9A6C1876208 Computer is doing great
  6. Kashik
    ComboFix Log ComboFix 13-02-03.03 - Kashik 02/06/2013 2:17.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.5743 [GMT -5:00] Running from: c:\users\Kashik\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Vid-Saver c:\program files (x86)\Vid-Saver\ButtonUtil.dll c:\program files (x86)\Vid-Saver\Vid-Saver-bg.exe c:\program files (x86)\Vid-Saver\Vid-Saver.exe c:\program files (x86)\Vid-Saver\Vid-Saver.ico c:\program files (x86)\Vid-Saver\Vid-Saver.ini c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log c:\users\Kashik\AppData\Local\assembly\tmp c:\users\Kashik\AppData\Local\Vid-Saver c:\users\Kashik\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx c:\windows\SysWow64\d2d1debug1.dll c:\windows\SysWow64\pt c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll . . ((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 ))))))))))))))))))))))))))))))) . . 2013-02-06 07:29 . 2013-02-06 07:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-02-06 07:29 . 2013-02-06 07:29 -------- d-----w- c:\users\Tac\AppData\Local\temp 2013-02-04 15:59 . 2013-02-04 15:59 -------- d-----w- c:\users\Kashik\AppData\Local\Octoshape 2013-02-04 15:59 . 2013-02-04 15:59 -------- d-----w- c:\users\Kashik\AppData\Roaming\Octoshape 2013-02-03 04:40 . 2013-02-03 04:40 -------- d-----w- c:\program files\DIFX 2013-02-03 04:40 . 2009-09-03 21:30 128512 ----a-w- c:\windows\system32\drivers\tiehdusb.sys 2013-02-03 04:40 . 2013-02-03 04:40 -------- d-----w- c:\program files (x86)\Common Files\TI Shared 2013-02-03 04:40 . 2013-02-03 04:40 -------- d-----w- c:\program files (x86)\TI Education 2013-02-03 04:35 . 2013-02-03 04:35 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-02-03 03:41 . 2013-02-03 03:41 -------- d-----w- c:\program files (x86)\jGRASP 2013-02-03 03:37 . 2013-02-03 03:37 -------- d-----w- c:\users\Kashik\.netbeans 2013-02-03 03:37 . 2013-02-03 03:37 -------- d-----w- c:\users\Kashik\.netbeans-registration 2013-02-03 03:35 . 2013-02-03 03:37 -------- d-----w- c:\program files\NetBeans 6.9.1 2013-02-03 03:34 . 2013-02-03 03:34 -------- d-----w- C:\eclipse-java-helios-win32-x86_64 2013-02-03 03:29 . 2013-02-03 03:29 -------- d-----w- C:\eclipse-java-helios-win32 2013-02-03 03:27 . 2013-02-03 03:30 -------- d-----w- c:\users\Kashik\bluej 2013-02-03 03:27 . 2013-02-03 03:27 -------- d-----w- C:\BlueJ 2013-02-03 02:42 . 2013-02-05 16:59 -------- d-----w- C:\JavaP 2013-01-25 17:17 . 2013-01-25 17:17 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-01-24 22:49 . 2013-01-24 22:49 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-01-22 07:40 . 2013-01-22 07:45 -------- d-----w- c:\users\Kashik\AppData\Roaming\.techniclauncher 2013-01-22 07:40 . 2013-01-22 07:44 -------- d-----w- c:\users\Kashik\AppData\Roaming\logs 2013-01-22 04:57 . 2013-01-22 04:57 -------- d-----w- c:\program files (x86)\TextPad 6 2013-01-18 01:58 . 2012-05-28 15:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-01-18 01:56 . 2012-11-09 11:37 177680 ----a-w- c:\windows\system32\mfevtps.exe 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\ja-JP 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\SysWow64\ja 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\ja-JP 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\SysWow64\drivers\ja-JP 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\SysWow64\0411 2013-01-12 11:48 . 2013-01-12 11:48 -------- d-----w- c:\windows\SysWow64\wbem\ja-JP 2013-01-12 11:47 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\ja-JP 2013-01-12 11:47 . 2013-01-12 11:47 -------- d-----w- c:\windows\system32\ja 2013-01-12 11:47 . 2013-01-12 11:47 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP 2013-01-12 11:47 . 2013-01-12 11:47 -------- d-----w- c:\windows\system32\0411 2013-01-12 11:47 . 2013-01-12 11:47 -------- d-----w- c:\windows\system32\wbem\ja-JP 2013-01-12 11:41 . 2010-11-20 10:27 287744 ----a-w- c:\windows\system32\lzhfldr2.dll 2013-01-12 11:41 . 2010-11-20 09:20 266240 ----a-w- c:\windows\SysWow64\lzhfldr2.dll 2013-01-12 11:40 . 2009-07-13 23:15 377856 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll 2013-01-12 11:40 . 2009-07-13 23:15 1179136 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll 2013-01-12 11:40 . 2009-07-13 23:15 9728 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll 2013-01-12 11:40 . 2009-07-13 23:07 11507712 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll 2013-01-12 11:40 . 2009-07-14 00:12 3072 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ja-JP\LXKPTPRC.DLL.mui 2013-01-12 11:40 . 2009-07-13 23:41 492032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll 2013-01-12 11:40 . 2009-07-13 23:41 1198080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll 2013-01-12 11:40 . 2009-07-13 23:40 11776 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll 2013-01-12 11:40 . 2009-07-13 23:29 11507712 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\SysWow64\drivers\da-DK 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\SysWow64\wbem\da-DK 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\SysWow64\da 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\da-DK 2013-01-12 11:38 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\da-DK 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\system32\drivers\UMDF\da-DK 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\system32\wbem\da-DK 2013-01-12 11:38 . 2013-01-12 11:38 -------- d-----w- c:\windows\system32\da 2013-01-12 11:32 . 2009-07-14 00:01 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\da-DK\LXKPTPRC.DLL.mui 2013-01-12 11:30 . 2013-01-12 11:30 -------- d-----w- c:\windows\SysWow64\wbem\ro-RO 2013-01-12 11:30 . 2013-01-12 11:30 -------- d-----w- c:\windows\SysWow64\drivers\ro-RO 2013-01-12 11:30 . 2013-01-12 11:30 -------- d-----w- c:\windows\ro-RO 2013-01-12 11:30 . 2013-01-12 11:30 -------- d-----w- c:\windows\system32\drivers\ro-RO 2013-01-12 11:30 . 2013-01-12 11:30 -------- d-----w- c:\windows\system32\wbem\ro-RO 2013-01-12 11:24 . 2013-01-12 11:24 -------- d-----w- c:\windows\SysWow64\drivers\hr-HR 2013-01-12 11:24 . 2013-01-12 11:24 -------- d-----w- c:\windows\SysWow64\wbem\hr-HR 2013-01-12 11:24 . 2013-01-12 11:24 -------- d-----w- c:\windows\system32\drivers\hr-HR 2013-01-12 11:24 . 2013-01-12 11:24 -------- d-----w- c:\windows\hr-HR 2013-01-12 11:24 . 2013-01-12 11:24 -------- d-----w- c:\windows\system32\wbem\hr-HR 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\SysWow64\zh-CHT 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\SysWow64\wbem\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\SysWow64\wbem\zh-HK 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\SysWow64\drivers\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\system32\zh-CHT 2013-01-12 11:16 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\system32\drivers\zh-HK 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\system32\wbem\zh-TW 2013-01-12 11:16 . 2013-01-12 11:16 -------- d-----w- c:\windows\system32\wbem\zh-HK 2013-01-12 11:09 . 2009-07-13 23:15 424448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwcht.dll 2013-01-12 11:09 . 2009-07-13 23:07 15720448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwchtr.dll 2013-01-12 11:09 . 2009-07-14 01:06 3072 ----a-w- c:\windows\system32\Spool\prtprocs\x64\zh-TW\LXKPTPRC.DLL.mui 2013-01-12 11:09 . 2009-07-13 23:41 492544 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwcht.dll 2013-01-12 11:09 . 2009-07-13 23:29 15720448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwchtr.dll 2013-01-12 11:07 . 2013-01-12 11:07 -------- d-----w- c:\windows\pt-BR 2013-01-12 11:07 . 2013-01-12 11:07 -------- d-----w- c:\windows\SysWow64\drivers\pt-BR 2013-01-12 11:07 . 2013-01-12 11:07 -------- d-----w- c:\windows\SysWow64\wbem\pt-BR 2013-01-12 11:07 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\pt-BR 2013-01-12 11:07 . 2013-01-12 11:07 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR 2013-01-12 11:07 . 2013-01-12 11:07 -------- d-----w- c:\windows\system32\wbem\pt-BR 2013-01-12 11:02 . 2009-07-13 23:48 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\pt-BR\LXKPTPRC.DLL.mui 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\pt-PT 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\SysWow64\wbem\pt-PT 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\SysWow64\drivers\pt-PT 2013-01-12 10:54 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\pt-PT 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\system32\wbem\pt-PT 2013-01-12 10:54 . 2013-01-12 10:54 -------- d-----w- c:\windows\system32\pt 2013-01-12 10:48 . 2009-07-13 23:57 4096 ----a-w- c:\windows\system32\Spool\prtprocs\x64\pt-PT\LXKPTPRC.DLL.mui 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\SysWow64\drivers\pl-PL 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\SysWow64\wbem\pl-PL 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\SysWow64\pl 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\pl-PL 2013-01-12 10:46 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\pl-PL 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\system32\drivers\UMDF\pl-PL 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\system32\wbem\pl-PL 2013-01-12 10:46 . 2013-01-12 10:46 -------- d-----w- c:\windows\system32\pl 2013-01-12 10:40 . 2009-07-13 23:48 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\pl-PL\LXKPTPRC.DLL.mui 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\tr-TR 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\SysWow64\wbem\tr-TR 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\SysWow64\tr 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\SysWow64\drivers\tr-TR 2013-01-12 10:37 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\tr-TR 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\system32\tr 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\system32\drivers\UMDF\tr-TR 2013-01-12 10:37 . 2013-01-12 10:37 -------- d-----w- c:\windows\system32\wbem\tr-TR 2013-01-12 10:31 . 2009-07-13 23:48 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\tr-TR\LXKPTPRC.DLL.mui 2013-01-12 10:29 . 2013-01-12 10:29 -------- d-----w- c:\windows\SysWow64\drivers\bg-BG 2013-01-12 10:29 . 2013-01-12 10:29 -------- d-----w- c:\windows\SysWow64\wbem\bg-BG 2013-01-12 10:29 . 2013-01-12 10:29 -------- d-----w- c:\windows\system32\drivers\bg-BG 2013-01-12 10:29 . 2013-01-12 10:29 -------- d-----w- c:\windows\bg-BG 2013-01-12 10:29 . 2013-01-12 10:29 -------- d-----w- c:\windows\system32\wbem\bg-BG 2013-01-12 10:21 . 2013-01-12 10:21 -------- d-----w- c:\windows\SysWow64\zh-CHS 2013-01-12 10:21 . 2013-01-12 10:21 -------- d-----w- c:\windows\SysWow64\wbem\zh-CN 2013-01-12 10:21 . 2013-01-12 10:21 -------- d-----w- c:\windows\SysWow64\drivers\zh-CN 2013-01-12 10:20 . 2013-01-13 19:45 -------- d-----w- c:\windows\system32\drivers\zh-CN 2013-01-12 10:20 . 2013-01-12 10:20 -------- d-----w- c:\windows\system32\zh-CHS . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-25 17:17 . 2012-07-12 02:29 960416 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-25 17:17 . 2012-07-12 02:29 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-09 09:51 . 2012-07-12 02:58 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 09:51 . 2012-07-12 02:58 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 04:32 . 2012-07-21 17:36 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-25 22:43 . 2012-11-07 20:33 791856 ----a-w- c:\windows\system32\drivers\hcwE5bda.sys 2012-12-25 22:43 . 2012-11-07 20:16 45056 ----a-w- c:\windows\system32\hcwD1ep.ax 2012-12-25 22:43 . 2012-11-07 20:16 41984 ----a-w- c:\windows\SysWow64\hcwD1ep.ax 2012-12-25 22:43 . 2012-11-07 20:14 125440 ----a-w- c:\windows\system32\hcwE5prx.ax 2012-12-25 22:43 . 2012-11-07 20:12 126464 ----a-w- c:\windows\SysWow64\hcwE5prx.ax 2012-12-16 17:11 . 2013-01-03 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2013-01-03 05:47 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2013-01-03 05:47 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2013-01-03 05:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 21:49 . 2012-10-10 06:01 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-09 04:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-12 06:34 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 06:34 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 06:34 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 06:34 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 06:34 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 06:34 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 06:34 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 06:34 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 06:34 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 06:34 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 06:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 06:34 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 06:34 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 06:34 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 06:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 06:34 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 06:34 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 06:34 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 06:34 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 06:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 06:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 06:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 11:40 . 2012-11-09 11:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 11:37 . 2012-11-09 11:37 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 11:35 . 2012-11-09 11:35 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 11:34 . 2012-11-09 11:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 11:34 . 2012-11-09 11:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 11:33 . 2012-11-09 11:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-11-09 05:45 . 2012-12-12 06:33 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 06:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-02-14 165776] . [HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}] [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}] [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-07 1354736] "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] "Octoshape Streaming Services"="c:\users\Kashik\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Live Update 5"="c:\program files (x86)\MSI\Live Update 5\LU5.exe" [2011-05-09 1277952] "NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160] . c:\users\Kashik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Hauppauge Device Central Tray Tool.lnk - c:\program files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe [2012-12-25 578456] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624] R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] R4 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384] R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2010-11-26 497480] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 hcwE5bda;Hauppauge Siena Video Capture;c:\windows\system32\drivers\hcwE5bda.sys [2012-12-25 791856] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976] S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\DRIVERS\MSILiveVirtualCamera.sys [2007-01-29 456192] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 13:49 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 09:51] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 03:32] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 03:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-03 6628968] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Kashik\AppData\Roaming\Mozilla\Firefox\Profiles\xgwwv71x.default\ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - ExtSQL: 2012-12-16 06:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Kashik\AppData\Roaming\Mozilla\Firefox\Profiles\xgwwv71x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-01-02 11:21; {35379F86-8CCB-4724-AE33-4278DE266C70}; c:\program files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-ArcSoft Connection Service - c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Notify-SDWinLogon - SDWinLogon.dll ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-06 02:33:18 ComboFix-quarantined-files.txt 2013-02-06 07:33 . Pre-Run: 1,238,948,114,432 bytes free Post-Run: 1,238,895,611,904 bytes free . - - End Of File - - 8CFDAAE2AD0D1859313AB28614D409DC Only problem I had has getting Spybot Search&Destroy to stop running. Either I have a different version, or those instructions to shut it down were outdated because I couldn't find anything similar to the instructions from the links. I did attempt to shut down the services for Spybot thorugh the task manager though. Other than that from the search's I've attempted using google the redirects seem to have stopped. The redirects have stopped for most of a day after I scanned with Spybot before though. So I need to give it a day or two to find out if it's actually fixed. I would like to add that I honestly appreciate your help thus far.
  7. Kashik
    Security Check Text File Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 Java 7 Update 9 Visual Studio Extensions for Windows Library for JavaScript Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (for.) Mozilla Thunderbird (17.0.2) Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Spybot Teatimer.exe is disabled! Malwarebytes' Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` AdwCleaner Text File # AdwCleaner v2.111 - Logfile created 02/06/2013 at 00:54:58 # Updated 05/02/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Kashik - WATERBIRD-CI # Boot Mode : Normal # Running from : C:\Users\Kashik\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Kashik\AppData\Local\TempDir Folder Deleted : C:\Users\Kashik\AppData\Roaming\Mozilla\Firefox\Profiles\xgwwv71x.default\extensions\crossriderapp3491@crossrider.com Folder Deleted : C:\Users\Tac\AppData\Roaming\Mozilla\Firefox\Profiles\3v9q2an2.default\extensions\crossriderapp3491@crossrider.com ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Users\Kashik\AppData\Roaming\Mozilla\Firefox\Profiles\xgwwv71x.default\prefs.js C:\Users\Kashik\AppData\Roaming\Mozilla\Firefox\Profiles\xgwwv71x.default\user.js ... Deleted ! Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationThankYouPage", true); Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationTime", 1353299726); Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.searchUserConifrmation", false[...] Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setHomepage", false); Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setNewTab", false); Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setSearch", false); Deleted : user_pref("extensions.crossriderapp3491.3491.active", true); Deleted : user_pref("extensions.crossriderapp3491.3491.addressbar", ""); Deleted : user_pref("extensions.crossriderapp3491.3491.addressbarenhanced", ""); Deleted : user_pref("extensions.crossriderapp3491.3491.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...] Deleted : user_pref("extensions.crossriderapp3491.3491.backgroundver", 12); Deleted : user_pref("extensions.crossriderapp3491.3491.can_run_bg_code", true); Deleted : user_pref("extensions.crossriderapp3491.3491.certdomaininstaller", ""); Deleted : user_pref("extensions.crossriderapp3491.3491.changeprevious", false); Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.value", "1353299726"); Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.value", "1353299726"); Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_blocklist.expiration", "Mon Nov 19 2012 17:[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_country_code.expiration", "Sun Nov 25 2012 [...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_country_code.value", "%22US%22"); Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.value", "1353361858"); Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.value", "%221%22"); Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.value", "%7B%22source_id%2[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.value", "%2270034%22"); Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.value", "1353299893643"); Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.value", "%221250%22"); Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.value", "%22108095%22"); Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...] Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.value", "1353299888595"); Deleted : user_pref("extensions.crossriderapp3491.3491.description", "Vid-Saver allows you to download your fa[...] Deleted : user_pref("extensions.crossriderapp3491.3491.domain", ""); Deleted : user_pref("extensions.crossriderapp3491.3491.enablesearch", false); Deleted : user_pref("extensions.crossriderapp3491.3491.fbremoteurl", ""); Deleted : user_pref("extensions.crossriderapp3491.3491.group", 0); Deleted : user_pref("extensions.crossriderapp3491.3491.homepage", ""); Deleted : user_pref("extensions.crossriderapp3491.3491.iframe", false); Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...] Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.InstallerIdentifiers.value", "%7B%22installe[...] Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...] Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.value", "58"); Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.expiration", "Fri Feb [...] Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.value", "0"); Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.value", "%7B%7D"); Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_nextCheck.expiration", "Mon Nov 19[...] Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_nextCheck.value", "true"); Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...] Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.value", "%7B%7D"); Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...] Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...] Deleted : user_pref("extensions.crossriderapp3491.3491.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...] Deleted : user_pref("extensions.crossriderapp3491.3491.manifesturl", ""); Deleted : user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver"); Deleted : user_pref("extensions.crossriderapp3491.3491.newtab", ""); Deleted : user_pref("extensions.crossriderapp3491.3491.opensearch", ""); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...] Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.ver", 7); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...] Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.name", "GPL Background (BG)"); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.ver", 4); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.code", "(function(a){a.selectedText=f[...] Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.name", "CrossriderAppUtils"); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.ver", 2); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...] Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.name", "CrossriderUtils"); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.ver", 2); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.code", "(function(f){var u={};var e=M[...] Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.name", "FacebookFFIE"); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.ver", 1); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.code", "if((typeof isBackground===\"u[...] Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.name", "FFAppAPIWrapper"); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.ver", 4); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.code", "if(typeof window!==\"undefine[...] Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.name", "jQuery"); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.ver", 3); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.code", "(function(){appAPI.ready=func[...] Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.name", "resources_background"); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.ver", 1); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_0", "17,14,16,47,1000015"); Deleted : user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_1", "17,14,13,16,15,1000014"); Deleted : user_pref("extensions.crossriderapp3491.3491.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...] Deleted : user_pref("extensions.crossriderapp3491.3491.pluginsversion", 17); Deleted : user_pref("extensions.crossriderapp3491.3491.publisher", "215 Apps"); Deleted : user_pref("extensions.crossriderapp3491.3491.searchstatus", 0); Deleted : user_pref("extensions.crossriderapp3491.3491.setnewtab", false); Deleted : user_pref("extensions.crossriderapp3491.3491.settingsurl", ""); Deleted : user_pref("extensions.crossriderapp3491.3491.thankyou", "hxxp://vid-saver.com/thankyou.html"); Deleted : user_pref("extensions.crossriderapp3491.3491.updateinterval", 360); Deleted : user_pref("extensions.crossriderapp3491.3491.ver", 58); Deleted : user_pref("extensions.crossriderapp3491.adsOldValue", -1); Deleted : user_pref("extensions.crossriderapp3491.apps", "3491"); Deleted : user_pref("extensions.crossriderapp3491.bic", "13b16f58594b84fefca56bdf82405a09"); Deleted : user_pref("extensions.crossriderapp3491.cid", 3491); Deleted : user_pref("extensions.crossriderapp3491.firstrun", false); Deleted : user_pref("extensions.crossriderapp3491.hadappinstalled", true); Deleted : user_pref("extensions.crossriderapp3491.installationdate", 1353299888); Deleted : user_pref("extensions.crossriderapp3491.lastcheck", 22555989); Deleted : user_pref("extensions.crossriderapp3491.lastcheckitem", 22556043); Deleted : user_pref("extensions.crossriderapp3491.modetype", "production"); Deleted : user_pref("extensions.crossriderapp3491.reportInstall", true); File : C:\Users\Tac\AppData\Roaming\Mozilla\Firefox\Profiles\3v9q2an2.default\prefs.js Deleted : user_pref("extensions.crossriderapp3491.adsOldValue", -1); -\\ Google Chrome v24.0.1312.57 File : C:\Users\Kashik\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\EB\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [13618 octets] - [06/02/2013 00:54:58] ########## EOF - C:\AdwCleaner[s1].txt - [13679 octets] ########## RogueKiller Text Files Forgive me for this but when I clicked Report it created the third document, the previous two auto generated. So I figured I should just let you see all three. RougeKill #1 RogueKiller V8.4.4 [Feb 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Kashik [Admin rights] Mode : Scan -- Date : 02/06/2013 01:05:20 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST1500DL003-9VT16L ATA Device +++++ --- User --- [MBR] 964b51cb634b89ce737270d332c0c388 [bSP] 0d9495db9b2dffc75ee4757de0718c91 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02062013_02d0105.txt >> RKreport[1]_S_02062013_02d0105.txt Rougekiller #2 RogueKiller V8.4.4 [Feb 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Kashik [Admin rights] Mode : Scan -- Date : 02/06/2013 01:05:39 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST1500DL003-9VT16L ATA Device +++++ --- User --- [MBR] 964b51cb634b89ce737270d332c0c388 [bSP] 0d9495db9b2dffc75ee4757de0718c91 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_S_02062013_02d0105.txt >> RKreport[1]_S_02062013_02d0105.txt ; RKreport[2]_S_02062013_02d0105.txt RougeKiller #3 RogueKiller V8.4.4 [Feb 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Kashik [Admin rights] Mode : Remove -- Date : 02/06/2013 01:06:09 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST1500DL003-9VT16L ATA Device +++++ --- User --- [MBR] 964b51cb634b89ce737270d332c0c388 [bSP] 0d9495db9b2dffc75ee4757de0718c91 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_D_02062013_02d0106.txt >> RKreport[1]_S_02062013_02d0105.txt ; RKreport[2]_S_02062013_02d0105.txt ; RKreport[3]_D_02062013_02d0106.txt I just realized I haven't put these programs on the desktop, so they ran from my downloads folder. Will this be a problem?
  8. Kashik
    I attached my hijackthis.log. I use McAfee Anti-Virus, Malwarebytes, and Spybot Search and Destroy. None of these seem to find the problem. Thankfully McAfee blocks the sites when they pop up and ask me if I'm sure I want to vist them. The problem started several months ago before I installed Malwarebytes and Spybot. When I run Spybot it seems to clear up for a short while before returing. My understanding is it may bit a root kit virus and I've had no luck getting rid of it myself. I'm fairly tech savvy but I'm no expert and this driving me insane. The redirect seems to happen on several search engines but I normally use google. I use Firefox but have also experienced the problem in Google Chrome and IE. Help at this point would be greatly appreciated. hijackthis.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.