Arts7
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Arts7
-
-
things seem alright. does my computer appear to be clean on your end?
-
ComboFix 13-04-27.04 - Sean 04/27/2013 23:24:20.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5557 [GMT -5:00]
Running from: c:\users\Sean\Downloads\ComboFix.exe
Command switches used :: c:\users\Sean\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))
.
.
2013-04-28 04:27 . 2013-04-28 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-28 00:15 . 2013-04-28 00:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-28 00:15 . 2013-04-28 00:15 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-28 00:15 . 2013-04-28 00:15 -------- d-----w- c:\program files (x86)\Java
2013-04-27 23:37 . 2013-04-27 23:37 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BD31B31-9F07-4B74-80FE-BB5F6EDE7F15}\offreg.dll
2013-04-27 22:53 . 2013-04-07 01:16 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
2013-04-27 22:53 . 2013-04-07 01:16 117507 ----a-w- c:\windows\SysWow64\msinet.ocx
2013-04-27 22:53 . 2013-04-07 01:16 109248 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX
2013-04-27 21:13 . 2013-04-17 11:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BD31B31-9F07-4B74-80FE-BB5F6EDE7F15}\mpengine.dll
2013-04-27 09:50 . 2013-04-27 11:21 -------- d-----w- C:\Simba
2013-04-27 09:42 . 2013-04-27 09:42 -------- d-----w- c:\users\Sean\AppData\Roaming\.tribot
2013-04-25 16:39 . 2013-04-25 16:39 -------- d-----w- c:\windows\Sun
2013-04-25 16:36 . 2013-04-25 16:39 -------- d-----w- c:\programdata\SwiftKit
2013-04-25 16:36 . 2013-04-28 03:51 -------- d-----w- c:\program files (x86)\SwiftKit
2013-04-24 21:37 . 2013-04-24 21:37 -------- d-----w- C:\found.000
2013-04-22 01:04 . 2013-04-22 01:04 -------- d-----w- c:\users\Sean\jagexcache1
2013-04-21 01:22 . 2013-04-27 11:27 -------- d-----w- c:\program files (x86)\Common Files\WuShu_0.0.1.034
2013-04-21 01:22 . 2013-04-27 11:27 -------- d-----w- c:\program files (x86)\Common Files\AgeofWushu_download
2013-04-07 01:16 . 2013-04-07 01:16 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-04-07 01:16 . 2013-04-07 01:16 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2013-04-07 01:16 . 2013-04-07 01:16 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-28 00:15 . 2013-01-06 01:34 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-28 00:15 . 2013-01-06 01:34 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-27 22:42 . 2012-12-18 19:42 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-03-22 08:03 . 2013-03-22 08:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-22 08:03 . 2013-03-22 08:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 08:03 . 2013-03-22 08:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-22 08:03 . 2013-03-22 08:03 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-03-22 08:03 . 2013-03-22 08:03 855552 ----a-w- c:\windows\system32\jscript.dll
2013-03-22 08:03 . 2013-03-22 08:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-22 08:03 . 2013-03-22 08:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-22 08:03 . 2013-03-22 08:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-22 08:03 . 2013-03-22 08:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 08:03 . 2013-03-22 08:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 08:03 . 2013-03-22 08:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-22 08:03 . 2013-03-22 08:03 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-03-22 08:03 . 2013-03-22 08:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-22 08:03 . 2013-03-22 08:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-22 08:03 . 2013-03-22 08:03 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-03-22 08:03 . 2013-03-22 08:03 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-03-22 08:03 . 2013-03-22 08:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-22 08:03 . 2013-03-22 08:03 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-03-22 08:03 . 2013-03-22 08:03 526848 ----a-w- c:\windows\system32\ieui.dll
2013-03-22 08:03 . 2013-03-22 08:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-22 08:03 . 2013-03-22 08:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-22 08:03 . 2013-03-22 08:03 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-03-22 08:03 . 2013-03-22 08:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-22 08:03 . 2013-03-22 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-22 08:03 . 2013-03-22 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-22 08:03 . 2013-03-22 08:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-22 08:03 . 2013-03-22 08:03 441856 ----a-w- c:\windows\system32\html.iec
2013-03-22 08:03 . 2013-03-22 08:03 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-03-22 08:03 . 2013-03-22 08:03 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-03-22 08:03 . 2013-03-22 08:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-22 08:03 . 2013-03-22 08:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-22 08:03 . 2013-03-22 08:03 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-03-22 08:03 . 2013-03-22 08:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-22 08:03 . 2013-03-22 08:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-22 08:03 . 2013-03-22 08:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-22 08:03 . 2013-03-22 08:03 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-22 08:03 . 2013-03-22 08:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-22 08:03 . 2013-03-22 08:03 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-03-22 08:03 . 2013-03-22 08:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-22 08:03 . 2013-03-22 08:03 235008 ----a-w- c:\windows\system32\url.dll
2013-03-22 08:03 . 2013-03-22 08:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-22 08:03 . 2013-03-22 08:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-22 08:03 . 2013-03-22 08:03 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-03-22 08:03 . 2013-03-22 08:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-22 08:03 . 2013-03-22 08:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-22 08:03 . 2013-03-22 08:03 19221504 ----a-w- c:\windows\system32\mshtml.dll
2013-03-22 08:03 . 2013-03-22 08:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-22 08:03 . 2013-03-22 08:03 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-03-22 08:03 . 2013-03-22 08:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-22 08:03 . 2013-03-22 08:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-22 08:03 . 2013-03-22 08:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-22 08:03 . 2013-03-22 08:03 15407616 ----a-w- c:\windows\system32\ieframe.dll
2013-03-22 08:03 . 2013-03-22 08:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-22 08:03 . 2013-03-22 08:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-22 08:03 . 2013-03-22 08:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-22 08:03 . 2013-03-22 08:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-22 08:03 . 2013-03-22 08:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-22 08:03 . 2013-03-22 08:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-22 08:03 . 2013-03-22 08:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-22 08:03 . 2013-03-22 08:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-22 08:03 . 2013-03-22 08:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-22 08:03 . 2013-03-22 08:03 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-03-22 08:03 . 2013-03-22 08:03 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-03-22 08:03 . 2013-03-22 08:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-22 08:03 . 2013-03-22 08:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-22 08:03 . 2013-03-22 08:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-22 08:03 . 2013-03-22 08:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-22 08:03 . 2013-03-22 08:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 08:03 . 2013-03-22 08:03 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-03-22 08:03 . 2013-03-22 08:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 08:03 . 2013-03-22 08:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-22 08:02 . 2013-03-22 08:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-22 08:02 . 2013-03-22 08:02 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-22 08:02 . 2013-03-22 08:02 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-22 08:02 . 2013-03-22 08:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-22 08:02 . 2013-03-22 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-22 08:02 . 2013-03-22 08:02 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-22 08:02 . 2013-03-22 08:02 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-22 08:02 . 2013-03-22 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-22 08:02 . 2013-03-22 08:02 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-22 08:02 . 2013-03-22 08:02 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-10 3093624]
"Facebook Update"="c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-02-19 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-11 2018032]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-19 496560]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-12-18 3058304]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-11 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-12-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-18 79360]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-19 1255736]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-27 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-26 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-26 173568]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-26 81408]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-27 21:24 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899758135-2406719762-2881501792-1000Core.job
- c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-19 01:42]
.
2013-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899758135-2406719762-2881501792-1000UA.job
- c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-19 01:42]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31 04:33]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31 04:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-07 11788392]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-27 23:28:40
ComboFix-quarantined-files.txt 2013-04-28 04:28
ComboFix2.txt 2013-04-28 03:47
.
Pre-Run: 396,442,484,736 bytes free
Post-Run: 396,442,611,712 bytes free
.
- - End Of File - - 1B17A712920ADFBD2A6B4E393C51BE95
-
I haven't gotten another redirect, but this has been a very persistent virus so I'll keep you posted.
Also, Mbam was still on when I ran combofix, I hope it didn't interfere. I didn't notice anything go wrong.
-
ComboFix 13-04-27.04 - Sean 04/27/2013 22:42:00.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5687 [GMT -5:00]
Running from: c:\users\Sean\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\AsPatch10430001.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))
.
.
2013-04-28 03:45 . 2013-04-28 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-28 00:15 . 2013-04-28 00:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-28 00:15 . 2013-04-28 00:15 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-28 00:15 . 2013-04-28 00:15 -------- d-----w- c:\program files (x86)\Java
2013-04-27 23:37 . 2013-04-27 23:37 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BD31B31-9F07-4B74-80FE-BB5F6EDE7F15}\offreg.dll
2013-04-27 22:53 . 2013-04-07 01:16 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
2013-04-27 22:53 . 2013-04-07 01:16 117507 ----a-w- c:\windows\SysWow64\msinet.ocx
2013-04-27 22:53 . 2013-04-07 01:16 109248 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX
2013-04-27 21:13 . 2013-04-17 11:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BD31B31-9F07-4B74-80FE-BB5F6EDE7F15}\mpengine.dll
2013-04-27 09:50 . 2013-04-27 11:21 -------- d-----w- C:\Simba
2013-04-27 09:42 . 2013-04-27 09:42 -------- d-----w- c:\users\Sean\AppData\Roaming\.tribot
2013-04-25 16:39 . 2013-04-25 16:39 -------- d-----w- c:\windows\Sun
2013-04-25 16:36 . 2013-04-25 16:39 -------- d-----w- c:\programdata\SwiftKit
2013-04-25 16:36 . 2013-04-28 03:35 -------- d-----w- c:\program files (x86)\SwiftKit
2013-04-24 21:37 . 2013-04-24 21:37 -------- d-----w- C:\found.000
2013-04-22 01:04 . 2013-04-22 01:04 -------- d-----w- c:\users\Sean\jagexcache1
2013-04-21 01:22 . 2013-04-27 11:27 -------- d-----w- c:\program files (x86)\Common Files\WuShu_0.0.1.034
2013-04-21 01:22 . 2013-04-27 11:27 -------- d-----w- c:\program files (x86)\Common Files\AgeofWushu_download
2013-04-07 01:16 . 2013-04-07 01:16 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-04-07 01:16 . 2013-04-07 01:16 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2013-04-07 01:16 . 2013-04-07 01:16 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-28 00:15 . 2013-01-06 01:34 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-28 00:15 . 2013-01-06 01:34 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-27 22:42 . 2012-12-18 19:42 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-03-22 08:03 . 2013-03-22 08:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-22 08:03 . 2013-03-22 08:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 08:03 . 2013-03-22 08:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-22 08:03 . 2013-03-22 08:03 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-03-22 08:03 . 2013-03-22 08:03 855552 ----a-w- c:\windows\system32\jscript.dll
2013-03-22 08:03 . 2013-03-22 08:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-22 08:03 . 2013-03-22 08:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-22 08:03 . 2013-03-22 08:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-22 08:03 . 2013-03-22 08:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 08:03 . 2013-03-22 08:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 08:03 . 2013-03-22 08:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-22 08:03 . 2013-03-22 08:03 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-03-22 08:03 . 2013-03-22 08:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-22 08:03 . 2013-03-22 08:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-22 08:03 . 2013-03-22 08:03 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-03-22 08:03 . 2013-03-22 08:03 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-03-22 08:03 . 2013-03-22 08:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-22 08:03 . 2013-03-22 08:03 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-03-22 08:03 . 2013-03-22 08:03 526848 ----a-w- c:\windows\system32\ieui.dll
2013-03-22 08:03 . 2013-03-22 08:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-22 08:03 . 2013-03-22 08:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-22 08:03 . 2013-03-22 08:03 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-03-22 08:03 . 2013-03-22 08:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-22 08:03 . 2013-03-22 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-22 08:03 . 2013-03-22 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-22 08:03 . 2013-03-22 08:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-22 08:03 . 2013-03-22 08:03 441856 ----a-w- c:\windows\system32\html.iec
2013-03-22 08:03 . 2013-03-22 08:03 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-03-22 08:03 . 2013-03-22 08:03 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-03-22 08:03 . 2013-03-22 08:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-22 08:03 . 2013-03-22 08:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-22 08:03 . 2013-03-22 08:03 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-03-22 08:03 . 2013-03-22 08:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-22 08:03 . 2013-03-22 08:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-22 08:03 . 2013-03-22 08:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-22 08:03 . 2013-03-22 08:03 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-22 08:03 . 2013-03-22 08:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-22 08:03 . 2013-03-22 08:03 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-03-22 08:03 . 2013-03-22 08:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-22 08:03 . 2013-03-22 08:03 235008 ----a-w- c:\windows\system32\url.dll
2013-03-22 08:03 . 2013-03-22 08:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-22 08:03 . 2013-03-22 08:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-22 08:03 . 2013-03-22 08:03 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-03-22 08:03 . 2013-03-22 08:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-22 08:03 . 2013-03-22 08:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-22 08:03 . 2013-03-22 08:03 19221504 ----a-w- c:\windows\system32\mshtml.dll
2013-03-22 08:03 . 2013-03-22 08:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-22 08:03 . 2013-03-22 08:03 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-03-22 08:03 . 2013-03-22 08:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-22 08:03 . 2013-03-22 08:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-22 08:03 . 2013-03-22 08:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-22 08:03 . 2013-03-22 08:03 15407616 ----a-w- c:\windows\system32\ieframe.dll
2013-03-22 08:03 . 2013-03-22 08:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-22 08:03 . 2013-03-22 08:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-22 08:03 . 2013-03-22 08:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-22 08:03 . 2013-03-22 08:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-22 08:03 . 2013-03-22 08:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-22 08:03 . 2013-03-22 08:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-22 08:03 . 2013-03-22 08:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-22 08:03 . 2013-03-22 08:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-22 08:03 . 2013-03-22 08:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-22 08:03 . 2013-03-22 08:03 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-03-22 08:03 . 2013-03-22 08:03 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-03-22 08:03 . 2013-03-22 08:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-22 08:03 . 2013-03-22 08:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-22 08:03 . 2013-03-22 08:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-22 08:03 . 2013-03-22 08:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-22 08:03 . 2013-03-22 08:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 08:03 . 2013-03-22 08:03 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-03-22 08:03 . 2013-03-22 08:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 08:03 . 2013-03-22 08:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-22 08:02 . 2013-03-22 08:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-22 08:02 . 2013-03-22 08:02 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-22 08:02 . 2013-03-22 08:02 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-22 08:02 . 2013-03-22 08:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-22 08:02 . 2013-03-22 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-22 08:02 . 2013-03-22 08:02 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-22 08:02 . 2013-03-22 08:02 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-22 08:02 . 2013-03-22 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-22 08:02 . 2013-03-22 08:02 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 08:02 . 2013-03-22 08:02 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-22 08:02 . 2013-03-22 08:02 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-10 3093624]
"Facebook Update"="c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-02-19 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-11 2018032]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-19 496560]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-12-18 3058304]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-11 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-12-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-18 79360]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-19 1255736]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-27 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-26 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-26 173568]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-26 81408]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-27 21:24 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899758135-2406719762-2881501792-1000Core.job
- c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-19 01:42]
.
2013-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899758135-2406719762-2881501792-1000UA.job
- c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-19 01:42]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31 04:33]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31 04:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-07 11788392]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-27 22:47:14
ComboFix-quarantined-files.txt 2013-04-28 03:47
.
Pre-Run: 396,444,622,848 bytes free
Post-Run: 396,399,058,944 bytes free
.
- - End Of File - - A09DEC2697AD3DDB10FF8A1B42187274
-
The redirect has occured only once after completing all of these scans. So it's still there, but not consistently. Could you identify if this is a Keylogger, or the purpose of this malware?
-
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sean [Admin rights]
Mode : Remove -- Date : 04/27/2013 17:47:48
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Best Buy pc app (C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) [x] -> DELETED
[TASK][sUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe -e [7] -> DELETED
[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500423AS +++++
--- User ---
[MBR] 4b5baa74eadbb2ac52efb98c937b3f80
[bSP] 177507aede73c8eab31fee7866ebab1f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 451338 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST9500423AS +++++
--- User ---
[MBR] 03e62ab70b2e6e8b8d9505a7d4c35b9e
[bSP] e6c2cebec9d5914c6fe029aa4b621d92 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_04272013_02d1747.txt >>
RKreport[1]_S_04272013_02d1746.txt ; RKreport[2]_D_04272013_02d1747.txt
-
# AdwCleaner v2.202 - Logfile created 04/27/2013 at 17:40:28
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sean - SEAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Sean\Downloads\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\PricePeep
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
***** [internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Registry is clean.
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4587 octets] - [27/04/2013 17:39:12]
AdwCleaner[R2].txt - [4647 octets] - [27/04/2013 17:40:20]
AdwCleaner[s1].txt - [4680 octets] - [27/04/2013 17:40:28]
########## EOF - C:\AdwCleaner[s1].txt - [4740 octets] ##########
-
Security Check
Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
-
Malwarebytes Pro doesn't find anything after a full scan. The virus locks down my access to the internet completely, no matter what browser I use. I closed some unfamiliar tasks that were running and manages to get access to the internet again, but I'm not sure how effective this is. Essentially any website I try to visit brings up "Your access to this page has been locked, complete this survey to unlock the page" or some rubbish along those lines.
Infected with new malware
in Resolved Malware Removal Logs
Posted
I can't find pricepeep or yontoo on my installations, I don't know what they are, and Revo didn't see them either,