Arts7

Members

View Profile See their activity

Posts
10
Joined
April 27, 2013
Last visited
April 28, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Arts7

Infected with new malware

Arts7 replied to Arts7's topic in Resolved Malware Removal Logs

I can't find pricepeep or yontoo on my installations, I don't know what they are, and Revo didn't see them either,
Infected with new malware

Arts7 replied to Arts7's topic in Resolved Malware Removal Logs

things seem alright. does my computer appear to be clean on your end?
Infected with new malware

Arts7 replied to Arts7's topic in Resolved Malware Removal Logs

ComboFix 13-04-27.04 - Sean 04/27/2013 23:24:20.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5557 [GMT -5:00] Running from: c:\users\Sean\Downloads\ComboFix.exe Command switches used :: c:\users\Sean\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 ))))))))))))))))))))))))))))))) . . 2013-04-28 04:27 . 2013-04-28 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-28 00:15 . 2013-04-28 00:15 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-28 00:15 . 2013-04-28 00:15 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-28 00:15 . 2013-04-28 00:15 -------- d-----w- c:\program files (x86)\Java 2013-04-27 23:37 . 2013-04-27 23:37 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BD31B31-9F07-4B74-80FE-BB5F6EDE7F15}\offreg.dll 2013-04-27 22:53 . 2013-04-07 01:16 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX 2013-04-27 22:53 . 2013-04-07 01:16 117507 ----a-w- c:\windows\SysWow64\msinet.ocx 2013-04-27 22:53 . 2013-04-07 01:16 109248 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX 2013-04-27 21:13 . 2013-04-17 11:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BD31B31-9F07-4B74-80FE-BB5F6EDE7F15}\mpengine.dll 2013-04-27 09:50 . 2013-04-27 11:21 -------- d-----w- C:\Simba 2013-04-27 09:42 . 2013-04-27 09:42 -------- d-----w- c:\users\Sean\AppData\Roaming\.tribot 2013-04-25 16:39 . 2013-04-25 16:39 -------- d-----w- c:\windows\Sun 2013-04-25 16:36 . 2013-04-25 16:39 -------- d-----w- c:\programdata\SwiftKit 2013-04-25 16:36 . 2013-04-28 03:51 -------- d-----w- c:\program files (x86)\SwiftKit 2013-04-24 21:37 . 2013-04-24 21:37 -------- d-----w- C:\found.000 2013-04-22 01:04 . 2013-04-22 01:04 -------- d-----w- c:\users\Sean\jagexcache1 2013-04-21 01:22 . 2013-04-27 11:27 -------- d-----w- c:\program files (x86)\Common Files\WuShu_0.0.1.034 2013-04-21 01:22 . 2013-04-27 11:27 -------- d-----w- c:\program files (x86)\Common Files\AgeofWushu_download 2013-04-07 01:16 . 2013-04-07 01:16 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll 2013-04-07 01:16 . 2013-04-07 01:16 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx 2013-04-07 01:16 . 2013-04-07 01:16 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-28 00:15 . 2013-01-06 01:34 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-04-28 00:15 . 2013-01-06 01:34 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-27 22:42 . 2012-12-18 19:42 45056 ----a-w- c:\windows\system32\acovcnt.exe 2013-03-22 08:03 . 2013-03-22 08:03 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-22 08:03 . 2013-03-22 08:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-22 08:03 . 2013-03-22 08:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-22 08:03 . 2013-03-22 08:03 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-03-22 08:03 . 2013-03-22 08:03 855552 ----a-w- c:\windows\system32\jscript.dll 2013-03-22 08:03 . 2013-03-22 08:03 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-22 08:03 . 2013-03-22 08:03 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-22 08:03 . 2013-03-22 08:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-22 08:03 . 2013-03-22 08:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-22 08:03 . 2013-03-22 08:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-22 08:03 . 2013-03-22 08:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-03-22 08:03 . 2013-03-22 08:03 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-03-22 08:03 . 2013-03-22 08:03 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-22 08:03 . 2013-03-22 08:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-22 08:03 . 2013-03-22 08:03 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-03-22 08:03 . 2013-03-22 08:03 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-03-22 08:03 . 2013-03-22 08:03 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-22 08:03 . 2013-03-22 08:03 53760 ----a-w- c:\windows\system32\jsproxy.dll 2013-03-22 08:03 . 2013-03-22 08:03 526848 ----a-w- c:\windows\system32\ieui.dll 2013-03-22 08:03 . 2013-03-22 08:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-22 08:03 . 2013-03-22 08:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-22 08:03 . 2013-03-22 08:03 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-03-22 08:03 . 2013-03-22 08:03 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-22 08:03 . 2013-03-22 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-22 08:03 . 2013-03-22 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-22 08:03 . 2013-03-22 08:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-22 08:03 . 2013-03-22 08:03 441856 ----a-w- c:\windows\system32\html.iec 2013-03-22 08:03 . 2013-03-22 08:03 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-03-22 08:03 . 2013-03-22 08:03 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-03-22 08:03 . 2013-03-22 08:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-22 08:03 . 2013-03-22 08:03 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-22 08:03 . 2013-03-22 08:03 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-03-22 08:03 . 2013-03-22 08:03 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-22 08:03 . 2013-03-22 08:03 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-22 08:03 . 2013-03-22 08:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-22 08:03 . 2013-03-22 08:03 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-03-22 08:03 . 2013-03-22 08:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-03-22 08:03 . 2013-03-22 08:03 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-03-22 08:03 . 2013-03-22 08:03 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-22 08:03 . 2013-03-22 08:03 235008 ----a-w- c:\windows\system32\url.dll 2013-03-22 08:03 . 2013-03-22 08:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-22 08:03 . 2013-03-22 08:03 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-22 08:03 . 2013-03-22 08:03 2240512 ----a-w- c:\windows\system32\wininet.dll 2013-03-22 08:03 . 2013-03-22 08:03 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-22 08:03 . 2013-03-22 08:03 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-22 08:03 . 2013-03-22 08:03 19221504 ----a-w- c:\windows\system32\mshtml.dll 2013-03-22 08:03 . 2013-03-22 08:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-22 08:03 . 2013-03-22 08:03 1766912 ----a-w- c:\windows\SysWow64\wininet.dll 2013-03-22 08:03 . 2013-03-22 08:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-22 08:03 . 2013-03-22 08:03 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-22 08:03 . 2013-03-22 08:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-22 08:03 . 2013-03-22 08:03 15407616 ----a-w- c:\windows\system32\ieframe.dll 2013-03-22 08:03 . 2013-03-22 08:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-22 08:03 . 2013-03-22 08:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-22 08:03 . 2013-03-22 08:03 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-22 08:03 . 2013-03-22 08:03 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-22 08:03 . 2013-03-22 08:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-22 08:03 . 2013-03-22 08:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-22 08:03 . 2013-03-22 08:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-22 08:03 . 2013-03-22 08:03 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-22 08:03 . 2013-03-22 08:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-22 08:03 . 2013-03-22 08:03 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-03-22 08:03 . 2013-03-22 08:03 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-03-22 08:03 . 2013-03-22 08:03 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-22 08:03 . 2013-03-22 08:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-22 08:03 . 2013-03-22 08:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-22 08:03 . 2013-03-22 08:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-22 08:03 . 2013-03-22 08:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-22 08:03 . 2013-03-22 08:03 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-03-22 08:03 . 2013-03-22 08:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-22 08:03 . 2013-03-22 08:03 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-22 08:02 . 2013-03-22 08:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-03-22 08:02 . 2013-03-22 08:02 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-03-22 08:02 . 2013-03-22 08:02 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-03-22 08:02 . 2013-03-22 08:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-03-22 08:02 . 2013-03-22 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-03-22 08:02 . 2013-03-22 08:02 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-03-22 08:02 . 2013-03-22 08:02 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-03-22 08:02 . 2013-03-22 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-03-22 08:02 . 2013-03-22 08:02 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-03-22 08:02 . 2013-03-22 08:02 293376 ----a-w- c:\windows\SysWow64\dxgi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-10 3093624] "Facebook Update"="c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-02-19 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-11 2018032] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536] "USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-19 496560] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-12-18 3058304] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-11 548528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-12-18 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-18 79360] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-19 1255736] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-27 378472] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-26 75264] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-26 173568] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-26 81408] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-27 21:24 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899758135-2406719762-2881501792-1000Core.job - c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-19 01:42] . 2013-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899758135-2406719762-2881501792-1000UA.job - c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-19 01:42] . 2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31 04:33] . 2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31 04:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-07 11788392] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 10.0.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-27 23:28:40 ComboFix-quarantined-files.txt 2013-04-28 04:28 ComboFix2.txt 2013-04-28 03:47 . Pre-Run: 396,442,484,736 bytes free Post-Run: 396,442,611,712 bytes free . - - End Of File - - 1B17A712920ADFBD2A6B4E393C51BE95
Infected with new malware

Arts7 replied to Arts7's topic in Resolved Malware Removal Logs

I haven't gotten another redirect, but this has been a very persistent virus so I'll keep you posted. Also, Mbam was still on when I ran combofix, I hope it didn't interfere. I didn't notice anything go wrong.
Infected with new malware

Arts7 replied to Arts7's topic in Resolved Malware Removal Logs

ComboFix 13-04-27.04 - Sean 04/27/2013 22:42:00.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5687 [GMT -5:00] Running from: c:\users\Sean\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\windows\AsPatch10430001.exe . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 ))))))))))))))))))))))))))))))) . . 2013-04-28 03:45 . 2013-04-28 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-28 00:15 . 2013-04-28 00:15 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-28 00:15 . 2013-04-28 00:15 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-28 00:15 . 2013-04-28 00:15 -------- d-----w- c:\program files (x86)\Java 2013-04-27 23:37 . 2013-04-27 23:37 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BD31B31-9F07-4B74-80FE-BB5F6EDE7F15}\offreg.dll 2013-04-27 22:53 . 2013-04-07 01:16 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX 2013-04-27 22:53 . 2013-04-07 01:16 117507 ----a-w- c:\windows\SysWow64\msinet.ocx 2013-04-27 22:53 . 2013-04-07 01:16 109248 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX 2013-04-27 21:13 . 2013-04-17 11:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BD31B31-9F07-4B74-80FE-BB5F6EDE7F15}\mpengine.dll 2013-04-27 09:50 . 2013-04-27 11:21 -------- d-----w- C:\Simba 2013-04-27 09:42 . 2013-04-27 09:42 -------- d-----w- c:\users\Sean\AppData\Roaming\.tribot 2013-04-25 16:39 . 2013-04-25 16:39 -------- d-----w- c:\windows\Sun 2013-04-25 16:36 . 2013-04-25 16:39 -------- d-----w- c:\programdata\SwiftKit 2013-04-25 16:36 . 2013-04-28 03:35 -------- d-----w- c:\program files (x86)\SwiftKit 2013-04-24 21:37 . 2013-04-24 21:37 -------- d-----w- C:\found.000 2013-04-22 01:04 . 2013-04-22 01:04 -------- d-----w- c:\users\Sean\jagexcache1 2013-04-21 01:22 . 2013-04-27 11:27 -------- d-----w- c:\program files (x86)\Common Files\WuShu_0.0.1.034 2013-04-21 01:22 . 2013-04-27 11:27 -------- d-----w- c:\program files (x86)\Common Files\AgeofWushu_download 2013-04-07 01:16 . 2013-04-07 01:16 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll 2013-04-07 01:16 . 2013-04-07 01:16 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx 2013-04-07 01:16 . 2013-04-07 01:16 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-28 00:15 . 2013-01-06 01:34 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-04-28 00:15 . 2013-01-06 01:34 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-27 22:42 . 2012-12-18 19:42 45056 ----a-w- c:\windows\system32\acovcnt.exe 2013-03-22 08:03 . 2013-03-22 08:03 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-22 08:03 . 2013-03-22 08:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-22 08:03 . 2013-03-22 08:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-22 08:03 . 2013-03-22 08:03 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-03-22 08:03 . 2013-03-22 08:03 855552 ----a-w- c:\windows\system32\jscript.dll 2013-03-22 08:03 . 2013-03-22 08:03 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-22 08:03 . 2013-03-22 08:03 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-22 08:03 . 2013-03-22 08:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-22 08:03 . 2013-03-22 08:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-22 08:03 . 2013-03-22 08:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-22 08:03 . 2013-03-22 08:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-03-22 08:03 . 2013-03-22 08:03 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-03-22 08:03 . 2013-03-22 08:03 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-22 08:03 . 2013-03-22 08:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-22 08:03 . 2013-03-22 08:03 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-03-22 08:03 . 2013-03-22 08:03 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-03-22 08:03 . 2013-03-22 08:03 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-22 08:03 . 2013-03-22 08:03 53760 ----a-w- c:\windows\system32\jsproxy.dll 2013-03-22 08:03 . 2013-03-22 08:03 526848 ----a-w- c:\windows\system32\ieui.dll 2013-03-22 08:03 . 2013-03-22 08:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-22 08:03 . 2013-03-22 08:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-22 08:03 . 2013-03-22 08:03 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-03-22 08:03 . 2013-03-22 08:03 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-22 08:03 . 2013-03-22 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-22 08:03 . 2013-03-22 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-22 08:03 . 2013-03-22 08:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-22 08:03 . 2013-03-22 08:03 441856 ----a-w- c:\windows\system32\html.iec 2013-03-22 08:03 . 2013-03-22 08:03 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-03-22 08:03 . 2013-03-22 08:03 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-03-22 08:03 . 2013-03-22 08:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-22 08:03 . 2013-03-22 08:03 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-22 08:03 . 2013-03-22 08:03 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-03-22 08:03 . 2013-03-22 08:03 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-22 08:03 . 2013-03-22 08:03 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-22 08:03 . 2013-03-22 08:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-22 08:03 . 2013-03-22 08:03 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-03-22 08:03 . 2013-03-22 08:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-03-22 08:03 . 2013-03-22 08:03 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-03-22 08:03 . 2013-03-22 08:03 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-22 08:03 . 2013-03-22 08:03 235008 ----a-w- c:\windows\system32\url.dll 2013-03-22 08:03 . 2013-03-22 08:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-22 08:03 . 2013-03-22 08:03 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-22 08:03 . 2013-03-22 08:03 2240512 ----a-w- c:\windows\system32\wininet.dll 2013-03-22 08:03 . 2013-03-22 08:03 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-22 08:03 . 2013-03-22 08:03 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-22 08:03 . 2013-03-22 08:03 19221504 ----a-w- c:\windows\system32\mshtml.dll 2013-03-22 08:03 . 2013-03-22 08:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-22 08:03 . 2013-03-22 08:03 1766912 ----a-w- c:\windows\SysWow64\wininet.dll 2013-03-22 08:03 . 2013-03-22 08:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-22 08:03 . 2013-03-22 08:03 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-22 08:03 . 2013-03-22 08:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-22 08:03 . 2013-03-22 08:03 15407616 ----a-w- c:\windows\system32\ieframe.dll 2013-03-22 08:03 . 2013-03-22 08:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-22 08:03 . 2013-03-22 08:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-22 08:03 . 2013-03-22 08:03 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-22 08:03 . 2013-03-22 08:03 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-22 08:03 . 2013-03-22 08:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-22 08:03 . 2013-03-22 08:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-22 08:03 . 2013-03-22 08:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-22 08:03 . 2013-03-22 08:03 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-22 08:03 . 2013-03-22 08:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-22 08:03 . 2013-03-22 08:03 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-03-22 08:03 . 2013-03-22 08:03 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-03-22 08:03 . 2013-03-22 08:03 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-22 08:03 . 2013-03-22 08:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-22 08:03 . 2013-03-22 08:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-22 08:03 . 2013-03-22 08:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-22 08:03 . 2013-03-22 08:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-22 08:03 . 2013-03-22 08:03 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-03-22 08:03 . 2013-03-22 08:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-22 08:03 . 2013-03-22 08:03 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-22 08:02 . 2013-03-22 08:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-03-22 08:02 . 2013-03-22 08:02 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-03-22 08:02 . 2013-03-22 08:02 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-03-22 08:02 . 2013-03-22 08:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-03-22 08:02 . 2013-03-22 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-03-22 08:02 . 2013-03-22 08:02 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-03-22 08:02 . 2013-03-22 08:02 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-03-22 08:02 . 2013-03-22 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-03-22 08:02 . 2013-03-22 08:02 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-22 08:02 . 2013-03-22 08:02 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-03-22 08:02 . 2013-03-22 08:02 293376 ----a-w- c:\windows\SysWow64\dxgi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-10 3093624] "Facebook Update"="c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-02-19 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-11 2018032] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536] "USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-19 496560] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-12-18 3058304] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-11 548528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-12-18 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-18 79360] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-19 1255736] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-27 378472] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-26 75264] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-26 173568] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-26 81408] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-27 21:24 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899758135-2406719762-2881501792-1000Core.job - c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-19 01:42] . 2013-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899758135-2406719762-2881501792-1000UA.job - c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-19 01:42] . 2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31 04:33] . 2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31 04:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-07 11788392] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 10.0.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-27 22:47:14 ComboFix-quarantined-files.txt 2013-04-28 03:47 . Pre-Run: 396,444,622,848 bytes free Post-Run: 396,399,058,944 bytes free . - - End Of File - - A09DEC2697AD3DDB10FF8A1B42187274
Infected with new malware

Arts7 replied to Arts7's topic in Resolved Malware Removal Logs

The redirect has occured only once after completing all of these scans. So it's still there, but not consistently. Could you identify if this is a Keylogger, or the purpose of this malware?
Infected with new malware

Arts7 replied to Arts7's topic in Resolved Malware Removal Logs

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Sean [Admin rights] Mode : Remove -- Date : 04/27/2013 17:47:48 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Best Buy pc app (C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) [x] -> DELETED [TASK][sUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe -e [7] -> DELETED [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500423AS +++++ --- User --- [MBR] 4b5baa74eadbb2ac52efb98c937b3f80 [bSP] 177507aede73c8eab31fee7866ebab1f : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 451338 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST9500423AS +++++ --- User --- [MBR] 03e62ab70b2e6e8b8d9505a7d4c35b9e [bSP] e6c2cebec9d5914c6fe029aa4b621d92 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04272013_02d1747.txt >> RKreport[1]_S_04272013_02d1746.txt ; RKreport[2]_D_04272013_02d1747.txt
Infected with new malware

Arts7 replied to Arts7's topic in Resolved Malware Removal Logs

# AdwCleaner v2.202 - Logfile created 04/27/2013 at 17:40:28 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Sean - SEAN-PC # Boot Mode : Normal # Running from : C:\Users\Sean\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\PricePeep Folder Deleted : C:\Program Files (x86)\Yontoo Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16521 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [4587 octets] - [27/04/2013 17:39:12] AdwCleaner[R2].txt - [4647 octets] - [27/04/2013 17:40:20] AdwCleaner[s1].txt - [4680 octets] - [27/04/2013 17:40:28] ########## EOF - C:\AdwCleaner[s1].txt - [4740 octets] ##########
Infected with new malware

Arts7 replied to Arts7's topic in Resolved Malware Removal Logs

Security Check Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 10 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
Infected with new malware

Arts7 posted a topic in Resolved Malware Removal Logs

Malwarebytes Pro doesn't find anything after a full scan. The virus locks down my access to the internet completely, no matter what browser I use. I closed some unfamiliar tasks that were running and manages to get access to the internet again, but I'm not sure how effective this is. Essentially any website I try to visit brings up "Your access to this page has been locked, complete this survey to unlock the page" or some rubbish along those lines. attach.txt dds.txt

Sign In

Arts7

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Arts7

Infected with new malware

Infected with new malware

Infected with new malware

Infected with new malware

Infected with new malware

Infected with new malware

Infected with new malware

Infected with new malware

Infected with new malware

Infected with new malware

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information