Drenferalis

Members

View Profile See their activity

Posts
9
Joined
October 8, 2010
Last visited
June 2, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Drenferalis

Possible Browser Hi-Jack and other signs of malware.

Drenferalis replied to Drenferalis's topic in Resolved Malware Removal Logs

Metasploit has multiple PUP's that are used for network security testing. So yes, you just did.
- May 29, 2013
- 14 replies
Possible Browser Hi-Jack and other signs of malware.

Drenferalis replied to Drenferalis's topic in Resolved Malware Removal Logs

Im sorry but I am not removing metasploit. I had said that in the first post. Close this thread.
- May 28, 2013
- 14 replies
Possible Browser Hi-Jack and other signs of malware.

Drenferalis replied to Drenferalis's topic in Resolved Malware Removal Logs

Log: ComboFix 13-05-28.02 - Dren 05/28/2013 7:00.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3069.1084 [GMT -7:00] Running from: c:\users\Dren\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Dren\2416.rar c:\users\Dren\AppData\Local\Temp\7zS3D2C\HPSLPSVC64.DLL c:\users\Dren\AppData\Roaming\Love c:\users\Dren\AppData\Roaming\Love\mari0\options.txt c:\users\Dren\glide3x.dll c:\users\Dren\mupen64.exe c:\windows\apppatch\AppLoc.exe c:\windows\apppatch\AppLocA.exe c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\apppatch\unins000.dat c:\windows\apppatch\unins000.exe c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf -------\Service_pcCMService -------\Service_HPSLPSVC . . ((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 ))))))))))))))))))))))))))))))) . . 2013-05-28 13:32 . 2013-05-28 13:32 -------- d-----w- c:\windows\ERUNT 2013-05-28 13:32 . 2013-05-28 13:32 -------- d-----w- C:\JRT 2013-05-28 11:40 . 2013-05-28 11:40 -------- d-----w- c:\users\Dren\AppData\Local\Desura 2013-05-23 23:22 . 2013-05-24 00:20 -------- d-----w- c:\users\Dren\KAG-Beta 2013-05-15 22:55 . 2013-05-15 22:55 -------- d-----w- c:\users\Dren\AppData\Roaming\Carbon 2013-05-15 00:26 . 2013-05-15 00:26 -------- d-----w- c:\users\Dren\AppData\Local\Introversion 2013-05-15 00:19 . 2013-05-15 00:20 -------- d-----w- c:\users\Dren\.jxbattle 2013-05-13 01:16 . 2013-05-13 01:16 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP 2013-05-13 01:15 . 2013-05-13 01:15 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-05-09 22:45 . 2013-05-28 14:23 -------- d-----w- c:\users\Dren\AppData\Local\Spotify 2013-05-09 22:45 . 2013-05-28 14:24 -------- d-----w- c:\users\Dren\AppData\Roaming\Spotify 2013-05-07 16:49 . 2013-05-22 00:13 -------- d-----w- c:\program files (x86)\LOLReplay 2013-05-05 15:12 . 2013-05-05 15:12 -------- d-----w- c:\users\Dren\AppData\Roaming\Transformice 2013-05-05 15:11 . 2013-05-05 15:11 -------- d-----w- c:\program files (x86)\Transformice 2013-04-29 08:13 . 2013-04-29 08:13 -------- d-----w- c:\program files (x86)\ESET 2013-04-29 06:57 . 2013-04-29 06:57 -------- d-----w- c:\users\Dren\AppData\Roaming\PDAppFlex . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-21 12:28 . 2012-07-23 15:23 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-05-13 11:41 . 2013-01-09 13:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17CAE1E4-5112-421F-8B30-77F3AE38E47E}\offreg.dll 2013-04-17 05:34 . 2013-04-01 19:57 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2013-04-17 05:34 . 2013-04-01 19:57 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2013-04-17 05:34 . 2013-04-01 19:57 123480 ----a-w- c:\windows\system32\OpenAL32.dll 2013-04-17 05:34 . 2013-04-01 19:57 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2013-04-13 00:14 . 2012-07-11 07:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-13 00:14 . 2012-07-11 07:07 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-04 21:50 . 2012-07-11 07:18 25928 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RockMelt Update"="c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-07-02 136336] "puush"="c:\program files (x86)\puush\puush.exe" [2013-05-15 567368] "NoIPDUCv4"="c:\program files (x86)\No-IP\DUC40.exe" [2013-01-09 270336] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024] "Desura"="c:\program files (x86)\Desura\desura.exe" [2013-04-17 2529096] "Spotify"="c:\users\Dren\AppData\Roaming\Spotify\Spotify.exe" [2013-05-09 4573184] "Spotify Web Helper"="c:\users\Dren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-09 1105408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-29 642728] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992] "RaidCall"="c:\program files (x86)\RaidCall\raidcall.exe" [2013-04-01 3423928] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] . c:\users\Dren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-31 576000] Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2013-3-8 4142448] WinLaunch.exe - Shortcut.lnk - c:\users\Dren\Documents\StarCraft II\Accounts\55366726\1-S2-1-1242182\Banks\WinLaunch\WinLaunch.exe [2013-3-5 1850880] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2013-5-21 526336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-01-11 8704] R2 Icecast 2.3.2-kh31.2;Icecast 2.3.2-kh31.2 Streaming Media Server;c:\program files (x86)\Icecast KH\icecast.exe [2012-01-08 5208899] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384] R3 ampa;ampa;c:\windows\system32\ampa.sys [2011-12-26 15288] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 36328] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-11 49152] R3 dpclat_driver;dpclat_driver;c:\windows\system32\drivers\dpclat_driver.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-07-02 25640] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-07-02 30528] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-10-12 13728] R3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\DRIVERS\libusb0.sys [2012-10-31 32768] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416] R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2012-10-04 51776] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 19936] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 13280] R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2012-11-04 8192] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 125416] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-25 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-25 159208] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-05-25 126952] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-10-03 743320] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-10-12 81312] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-10-12 15776] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-14 14544] R3 X6va001;X6va001;c:\users\Dren\AppData\Local\Temp\0012B46.tmp [x] R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x] S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2010-06-29 11832] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-11-30 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-11-30 141920] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-21 45856] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304] S2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL -D C:/METASP~1/POSTGR~1/data [x] S2 metasploitProSvc;Metasploit Pro Service;c:\metasp~1\ruby\bin\ruby.exe [2012-04-16 70239] S2 metasploitThin;Metasploit Thin Service;c:\metasp~1\ruby\bin\ruby.exe [2012-04-16 70239] S2 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe [2013-01-09 11264] S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-12-10 460288] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-10 383264] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-12-14 3467768] S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-21 1015984] S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-11-14 619904] S3 ALSysIO;ALSysIO;c:\users\Dren\AppData\Local\Temp\ALSysIO64.sys [x] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544] S3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2013-04-17 131912] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352] S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-15 47232] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000Core.job - c:\users\Dren\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 23:37] . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000UA.job - c:\users\Dren\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 23:37] . 2013-05-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000Core.job - c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-02 03:58] . 2013-05-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000UA.job - c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-02 03:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local> IE: Assign &hot key - c:\program files (x86)\Hot Keyboard Pro\IEScript.htm IE: Sothink Flash Downloader For IE - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: Interfaces\{6BC27F81-8C6D-40A6-9ED6-F3668D92C97A}: NameServer = 192.168.1.1,8.8.8.8 FF - ProfilePath - c:\users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2012-10-15 17:28; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) AddRemove-InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996} - c:\program files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\Setup.exe AddRemove-PunkBusterSvc - d:\steam\STEAMAPPS\COMMON\APB RELOADED\Binaries\pbsvc_apb.exe AddRemove-SAM3 - c:\program files (x86)\SpacialAudio\SAMBC\uninstall.exe AddRemove-Steam App 4000 - d:\steam\steam.exe AddRemove-Terraria 1.1.2 - c:\program files (x86)\Terraria\Uninstall.exe AddRemove-{32E4F0D2-C135-475E-A841-1D59A0D22989} - c:\program files (x86)\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe AddRemove-{3E4B349F-10B5-4586-9D99-489A90A8B228} - c:\program files (x86)\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe AddRemove-{A9E27FF5-6294-46A8-B8FD-77B1DECA3021} - c:\program files (x86)\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe AddRemove-UnityWebPlayer - c:\users\Dren\AppData\Local\Unity\WebPlayer\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL] "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL] "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001] "ImagePath"="\??\c:\users\Dren\AppData\Local\Temp\0012B46.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-473418988-2063491909-1134391171-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F25DD3A-D4AD-8782-9C6B-5F23F155A9CE}*] "haacifpoboljloil"=hex:6a,61,67,6f,6a,69,62,64,70,6e,69,63,61,66,64,63,69,6b, 6a,6a,00,00 "iagaobdmlncnbaopba"=hex:63,61,66,6f,61,68,00,00 "iakbmpdpeccngiojeo"=hex:6a,61,62,6f,63,6c,6e,62,69,62,68,6b,64,67,66,6f,6f,69, 63,6e,00,00 "dbgofpnhjnbonbebdbehpglleahbndfljoaiagoo"=hex:68,61,6a,64,67,65,6d,70,70,70, 61,61,6b,66,68,66,00,00 "jbgofpnhjnbonbebdbehciibpcdcabgbpnjenhlhcahemgimfnpp"=hex:68,61,6a,64,67,65, 6d,70,70,70,61,61,6b,66,68,66,00,00 "dbgofpnhjnbonbebdbehehmnajjknjekhlclcjhm"=hex:62,61,61,61,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files\Tablet\Pen\WacomHost.exe c:\program files (x86)\FileZilla Server\FileZilla Server.exe c:\metasp~1\POSTGR~1\bin\pg_ctl.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe . ************************************************************************** . Completion time: 2013-05-28 07:58:02 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-28 14:57 . Pre-Run: 1,468,598,202,368 bytes free Post-Run: 1,467,949,928,448 bytes free . - - End Of File - - 7819305F5FF7F476DF9ECF84D3E2E6D0 ComboFix 13-05-28.02 - Dren 05/28/2013 7:00.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3069.1084 [GMT -7:00] Running from: c:\users\Dren\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Dren\2416.rar c:\users\Dren\AppData\Local\Temp\7zS3D2C\HPSLPSVC64.DLL c:\users\Dren\AppData\Roaming\Love c:\users\Dren\AppData\Roaming\Love\mari0\options.txt c:\users\Dren\glide3x.dll c:\users\Dren\mupen64.exe c:\windows\apppatch\AppLoc.exe c:\windows\apppatch\AppLocA.exe c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\apppatch\unins000.dat c:\windows\apppatch\unins000.exe c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf -------\Service_pcCMService -------\Service_HPSLPSVC . . ((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 ))))))))))))))))))))))))))))))) . . 2013-05-28 13:32 . 2013-05-28 13:32 -------- d-----w- c:\windows\ERUNT 2013-05-28 13:32 . 2013-05-28 13:32 -------- d-----w- C:\JRT 2013-05-28 11:40 . 2013-05-28 11:40 -------- d-----w- c:\users\Dren\AppData\Local\Desura 2013-05-23 23:22 . 2013-05-24 00:20 -------- d-----w- c:\users\Dren\KAG-Beta 2013-05-15 22:55 . 2013-05-15 22:55 -------- d-----w- c:\users\Dren\AppData\Roaming\Carbon 2013-05-15 00:26 . 2013-05-15 00:26 -------- d-----w- c:\users\Dren\AppData\Local\Introversion 2013-05-15 00:19 . 2013-05-15 00:20 -------- d-----w- c:\users\Dren\.jxbattle 2013-05-13 01:16 . 2013-05-13 01:16 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP 2013-05-13 01:15 . 2013-05-13 01:15 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-05-09 22:45 . 2013-05-28 14:23 -------- d-----w- c:\users\Dren\AppData\Local\Spotify 2013-05-09 22:45 . 2013-05-28 14:24 -------- d-----w- c:\users\Dren\AppData\Roaming\Spotify 2013-05-07 16:49 . 2013-05-22 00:13 -------- d-----w- c:\program files (x86)\LOLReplay 2013-05-05 15:12 . 2013-05-05 15:12 -------- d-----w- c:\users\Dren\AppData\Roaming\Transformice 2013-05-05 15:11 . 2013-05-05 15:11 -------- d-----w- c:\program files (x86)\Transformice 2013-04-29 08:13 . 2013-04-29 08:13 -------- d-----w- c:\program files (x86)\ESET 2013-04-29 06:57 . 2013-04-29 06:57 -------- d-----w- c:\users\Dren\AppData\Roaming\PDAppFlex . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-21 12:28 . 2012-07-23 15:23 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-05-13 11:41 . 2013-01-09 13:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17CAE1E4-5112-421F-8B30-77F3AE38E47E}\offreg.dll 2013-04-17 05:34 . 2013-04-01 19:57 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2013-04-17 05:34 . 2013-04-01 19:57 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2013-04-17 05:34 . 2013-04-01 19:57 123480 ----a-w- c:\windows\system32\OpenAL32.dll 2013-04-17 05:34 . 2013-04-01 19:57 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2013-04-13 00:14 . 2012-07-11 07:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-13 00:14 . 2012-07-11 07:07 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-04 21:50 . 2012-07-11 07:18 25928 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RockMelt Update"="c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-07-02 136336] "puush"="c:\program files (x86)\puush\puush.exe" [2013-05-15 567368] "NoIPDUCv4"="c:\program files (x86)\No-IP\DUC40.exe" [2013-01-09 270336] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024] "Desura"="c:\program files (x86)\Desura\desura.exe" [2013-04-17 2529096] "Spotify"="c:\users\Dren\AppData\Roaming\Spotify\Spotify.exe" [2013-05-09 4573184] "Spotify Web Helper"="c:\users\Dren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-09 1105408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-29 642728] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992] "RaidCall"="c:\program files (x86)\RaidCall\raidcall.exe" [2013-04-01 3423928] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] . c:\users\Dren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-31 576000] Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2013-3-8 4142448] WinLaunch.exe - Shortcut.lnk - c:\users\Dren\Documents\StarCraft II\Accounts\55366726\1-S2-1-1242182\Banks\WinLaunch\WinLaunch.exe [2013-3-5 1850880] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2013-5-21 526336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-01-11 8704] R2 Icecast 2.3.2-kh31.2;Icecast 2.3.2-kh31.2 Streaming Media Server;c:\program files (x86)\Icecast KH\icecast.exe [2012-01-08 5208899] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384] R3 ampa;ampa;c:\windows\system32\ampa.sys [2011-12-26 15288] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 36328] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-11 49152] R3 dpclat_driver;dpclat_driver;c:\windows\system32\drivers\dpclat_driver.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-07-02 25640] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-07-02 30528] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-10-12 13728] R3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\DRIVERS\libusb0.sys [2012-10-31 32768] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416] R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2012-10-04 51776] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 19936] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 13280] R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2012-11-04 8192] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 125416] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-25 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-25 159208] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-05-25 126952] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-10-03 743320] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-10-12 81312] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-10-12 15776] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-14 14544] R3 X6va001;X6va001;c:\users\Dren\AppData\Local\Temp\0012B46.tmp [x] R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x] S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2010-06-29 11832] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-11-30 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-11-30 141920] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-21 45856] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304] S2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL -D C:/METASP~1/POSTGR~1/data [x] S2 metasploitProSvc;Metasploit Pro Service;c:\metasp~1\ruby\bin\ruby.exe [2012-04-16 70239] S2 metasploitThin;Metasploit Thin Service;c:\metasp~1\ruby\bin\ruby.exe [2012-04-16 70239] S2 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe [2013-01-09 11264] S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-12-10 460288] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-10 383264] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-12-14 3467768] S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-21 1015984] S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-11-14 619904] S3 ALSysIO;ALSysIO;c:\users\Dren\AppData\Local\Temp\ALSysIO64.sys [x] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544] S3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2013-04-17 131912] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352] S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-15 47232] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000Core.job - c:\users\Dren\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 23:37] . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000UA.job - c:\users\Dren\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 23:37] . 2013-05-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000Core.job - c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-02 03:58] . 2013-05-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000UA.job - c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-02 03:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local> IE: Assign &hot key - c:\program files (x86)\Hot Keyboard Pro\IEScript.htm IE: Sothink Flash Downloader For IE - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: Interfaces\{6BC27F81-8C6D-40A6-9ED6-F3668D92C97A}: NameServer = 192.168.1.1,8.8.8.8 FF - ProfilePath - c:\users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2012-10-15 17:28; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) AddRemove-InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996} - c:\program files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\Setup.exe AddRemove-PunkBusterSvc - d:\steam\STEAMAPPS\COMMON\APB RELOADED\Binaries\pbsvc_apb.exe AddRemove-SAM3 - c:\program files (x86)\SpacialAudio\SAMBC\uninstall.exe AddRemove-Steam App 4000 - d:\steam\steam.exe AddRemove-Terraria 1.1.2 - c:\program files (x86)\Terraria\Uninstall.exe AddRemove-{32E4F0D2-C135-475E-A841-1D59A0D22989} - c:\program files (x86)\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe AddRemove-{3E4B349F-10B5-4586-9D99-489A90A8B228} - c:\program files (x86)\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe AddRemove-{A9E27FF5-6294-46A8-B8FD-77B1DECA3021} - c:\program files (x86)\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe AddRemove-UnityWebPlayer - c:\users\Dren\AppData\Local\Unity\WebPlayer\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL] "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL] "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001] "ImagePath"="\??\c:\users\Dren\AppData\Local\Temp\0012B46.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-473418988-2063491909-1134391171-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F25DD3A-D4AD-8782-9C6B-5F23F155A9CE}*] "haacifpoboljloil"=hex:6a,61,67,6f,6a,69,62,64,70,6e,69,63,61,66,64,63,69,6b, 6a,6a,00,00 "iagaobdmlncnbaopba"=hex:63,61,66,6f,61,68,00,00 "iakbmpdpeccngiojeo"=hex:6a,61,62,6f,63,6c,6e,62,69,62,68,6b,64,67,66,6f,6f,69, 63,6e,00,00 "dbgofpnhjnbonbebdbehpglleahbndfljoaiagoo"=hex:68,61,6a,64,67,65,6d,70,70,70, 61,61,6b,66,68,66,00,00 "jbgofpnhjnbonbebdbehciibpcdcabgbpnjenhlhcahemgimfnpp"=hex:68,61,6a,64,67,65, 6d,70,70,70,61,61,6b,66,68,66,00,00 "dbgofpnhjnbonbebdbehehmnajjknjekhlclcjhm"=hex:62,61,61,61,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files\Tablet\Pen\WacomHost.exe c:\program files (x86)\FileZilla Server\FileZilla Server.exe c:\metasp~1\POSTGR~1\bin\pg_ctl.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\metasp~1\POSTGR~1\bin\postgres.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe . ************************************************************************** . Completion time: 2013-05-28 07:58:02 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-28 14:57 . Pre-Run: 1,468,598,202,368 bytes free Post-Run: 1,467,949,928,448 bytes free . - - End Of File - - 7819305F5FF7F476DF9ECF84D3E2E6D0 Computer is much faster now.
- May 28, 2013
- 14 replies
Possible Browser Hi-Jack and other signs of malware.

Drenferalis replied to Drenferalis's topic in Resolved Malware Removal Logs

Access was denied on one of the avg directories during reboot on adw.
- May 28, 2013
- 14 replies
Possible Browser Hi-Jack and other signs of malware.

Drenferalis replied to Drenferalis's topic in Resolved Malware Removal Logs

Lost my keyboard on adw cleaner. using on screen keyboard. adw: # AdwCleaner v2.301 - Logfile created 05/28/2013 at 06:21:08 # Updated 16/05/2013 by Xplode # Operating system : Windows 7 Ultimate (64 bits) # User : Dren - VIRUS # Boot Mode : Normal # Running from : C:\Users\Dren\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\AVG Secure Search Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search Deleted on reboot : C:\Program Files (x86)\InfoAtoms Deleted on reboot : C:\ProgramData\AVG Secure Search Deleted on reboot : C:\ProgramData\Babylon Deleted on reboot : C:\Users\Dren\AppData\Local\AVG Secure Search Deleted on reboot : C:\Users\Dren\AppData\Local\PackageAware Deleted on reboot : C:\Users\Dren\AppData\LocalLow\AVG Secure Search Deleted on reboot : C:\Users\Dren\AppData\LocalLow\Claro LTD Deleted on reboot : C:\Users\Dren\AppData\Roaming\Babylon Deleted on reboot : C:\Users\Dren\Save File Deleted : C:\END File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js ***** [Registry] ***** Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\InfoAtoms Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={4DA75312-B72A-4E3A-8D72-F9836268232E}&mid=98c18df4cae947d099a481ac0fbf2ddd-10006b474ed346a36e59a740082962451f7bb100〈=en&ds=pp016&pr=sa&d=2012-07-23 08:23:34&v=12.2.5.32&sap=hp --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\prefs.js C:\Users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultenginename", "Claro Search"); Deleted : user_pref("browser.search.order.1", "Claro Search"); Deleted : user_pref("browser.search.selectedEngine", "Claro Search"); Deleted : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=HP[...] Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home"); Deleted : user_pref("extensions.claro.admin", false); Deleted : user_pref("extensions.claro.aflt", "babsst"); Deleted : user_pref("extensions.claro.dfltLng", "en"); Deleted : user_pref("extensions.claro.excTlbr", false); Deleted : user_pref("extensions.claro.id", "129be6e700000000000000fffda253d2"); Deleted : user_pref("extensions.claro.instlDay", "15629"); Deleted : user_pref("extensions.claro.instlRef", "sst"); Deleted : user_pref("extensions.claro.prdct", "claro"); Deleted : user_pref("extensions.claro.prtnrId", "claro"); Deleted : user_pref("extensions.claro.tlbrId", "claro"); Deleted : user_pref("extensions.claro.vrsn", "1.6.4.1"); Deleted : user_pref("extensions.claro.vrsni", "1.6.4.1"); Deleted : user_pref("extensions.claro_i.smplGrp", "none"); Deleted : user_pref("extensions.claro_i.vrsnTs", "1.6.4.117:27:22"); Deleted : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=KW_ss&mntrId=12[...] -\\ Google Chrome v27.0.1453.94 File : C:\Users\Dren\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [10873 octets] - [28/05/2013 06:14:18] AdwCleaner[s1].txt - [10814 octets] - [28/05/2013 06:21:08] ########## EOF - C:\AdwCleaner[s1].txt - [10875 octets] ########## jrt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Ultimate x64 Ran by Dren on Tue 05/28/2013 at 6:32:52.63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 05/28/2013 at 6:37:05.51 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- May 28, 2013
- 14 replies
Possible Browser Hi-Jack and other signs of malware.

Drenferalis replied to Drenferalis's topic in Resolved Malware Removal Logs

And heres this one: # AdwCleaner v2.301 - Logfile created 05/28/2013 at 06:14:18 # Updated 16/05/2013 by Xplode # Operating system : Windows 7 Ultimate (64 bits) # User : Dren - VIRUS # Boot Mode : Normal # Running from : C:\Users\Dren\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\user.js Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\Program Files (x86)\InfoAtoms Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\Babylon Folder Found : C:\Users\Dren\AppData\Local\AVG Secure Search Folder Found : C:\Users\Dren\AppData\Local\PackageAware Folder Found : C:\Users\Dren\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\Dren\AppData\LocalLow\Claro LTD Folder Found : C:\Users\Dren\AppData\Roaming\Babylon Folder Found : C:\Users\Dren\Save ***** [Registry] ***** Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Freeze.com Key Found : HKLM\Software\InfoAtoms Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F} Key Found : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54} Key Found : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4} Key Found : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C} Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Found : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD} Key Found : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2} Key Found : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8} Key Found : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478} Key Found : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKU\S-1-5-21-473418988-2063491909-1134391171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-473418988-2063491909-1134391171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={4DA75312-B72A-4E3A-8D72-F9836268232E}&mid=98c18df4cae947d099a481ac0fbf2ddd-10006b474ed346a36e59a740082962451f7bb100〈=en&ds=pp016&pr=sa&d=2012-07-23 08:23:34&v=12.2.5.32&sap=hp -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\prefs.js Found : user_pref("browser.search.defaultenginename", "Claro Search"); Found : user_pref("browser.search.order.1", "Claro Search"); Found : user_pref("browser.search.selectedEngine", "Claro Search"); Found : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=HP[...] Found : user_pref("extensions.BabylonToolbar_i.newTab", true); Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home"); Found : user_pref("extensions.claro.admin", false); Found : user_pref("extensions.claro.aflt", "babsst"); Found : user_pref("extensions.claro.dfltLng", "en"); Found : user_pref("extensions.claro.excTlbr", false); Found : user_pref("extensions.claro.id", "129be6e700000000000000fffda253d2"); Found : user_pref("extensions.claro.instlDay", "15629"); Found : user_pref("extensions.claro.instlRef", "sst"); Found : user_pref("extensions.claro.prdct", "claro"); Found : user_pref("extensions.claro.prtnrId", "claro"); Found : user_pref("extensions.claro.tlbrId", "claro"); Found : user_pref("extensions.claro.vrsn", "1.6.4.1"); Found : user_pref("extensions.claro.vrsni", "1.6.4.1"); Found : user_pref("extensions.claro_i.smplGrp", "none"); Found : user_pref("extensions.claro_i.vrsnTs", "1.6.4.117:27:22"); Found : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=KW_ss&mntrId=12[...] -\\ Google Chrome v27.0.1453.94 File : C:\Users\Dren\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [10784 octets] - [28/05/2013 06:14:18] ########## EOF - C:\AdwCleaner[R1].txt - [10845 octets] ########## Im okay with removing all of that.
- May 28, 2013
- 14 replies
Possible Browser Hi-Jack and other signs of malware.

Drenferalis replied to Drenferalis's topic in Resolved Malware Removal Logs

Here ya go: RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Dren [Admin rights] Mode : Scan -- Date : 05/28/2013 05:57:41 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Dren\AppData\Local\Temp\IHU233F.tmp.exe [x] -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST2000DM001-1CH164 ATA Device +++++ --- User --- [MBR] 45a22eecc7022c929bf83a8fcc1bc4e7 [bSP] a4e1d192deac48b1c8b817d3f17352bc : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907628 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05282013_02d0557.txt >> RKreport[1]_S_05282013_02d0557.txt
- May 28, 2013
- 14 replies
Possible Browser Hi-Jack and other signs of malware.

Drenferalis posted a topic in Resolved Malware Removal Logs

Browser is Google Chrome latest version. Version 27.0.1453.94 m Even about://chrome takes anywhere from 5 to 30 seconds to load. I have been trying to find a bottleneck in my system and the only bottleneck I get is the occasional Hard Disk I/O when doing multiple things at once. Other than that everything is sluggish. Computer is set to automatically defragment weekly. Computer is rebooted weekly. (Speeds go up for about 2 hours after reboot then suddenly drop, browser always has issues though. I do have metasploit as I am a network administrator for a private server farm. I understand metasploit has malware and DO NOT wish for it to be removed. TDSSKiller has returned no problems other than unsigned drivers for things such as WAMP and Icecast. My computer is also running in Test Mode for PS3 controller driver support and other kernel debugging uses. I do not use IE and never will. DDS Log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 Run by Dren at 4:59:50 on 2013-05-28 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3069.876 [GMT -7:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Tablet\Pen\WTabletServiceCon.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\explorer.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files\Tablet\Pen\WacomHost.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Core Temp\Core Temp.exe C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Users\Dren\AppData\Local\Audiogalaxy\Audiogalaxy.exe C:\Program Files (x86)\No-IP\DUC40.exe C:\Users\Dren\AppData\Roaming\Spotify\spotify.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Icecast KH\icecast.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\Dren\Documents\StarCraft II\Accounts\55366726\1-S2-1-1242182\Banks\WinLaunch\WinLaunch.exe C:\METASP~1\POSTGR~1\bin\pg_ctl.exe C:\METASP~1\ruby\bin\ruby.exe C:\METASP~1\POSTGR~1\bin\postgres.exe C:\METASP~1\ruby\bin\ruby.exe C:\Program Files (x86)\No-IP\ducservice.exe C:\METASP~1\POSTGR~1\bin\postgres.exe C:\Program Files (x86)\Common Files\Motive\pcCMService.exe C:\Program Files\Common Files\Motive\pcCMService.exe C:\METASP~1\POSTGR~1\bin\postgres.exe C:\METASP~1\POSTGR~1\bin\postgres.exe C:\METASP~1\POSTGR~1\bin\postgres.exe C:\METASP~1\POSTGR~1\bin\postgres.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\SysWOW64\cmd.exe C:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe C:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\METASP~1\POSTGR~1\bin\postgres.exe C:\METASP~1\POSTGR~1\bin\postgres.exe C:\METASP~1\POSTGR~1\bin\postgres.exe C:\METASP~1\POSTGR~1\bin\postgres.exe C:\!Games\Steam\steam.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\taskhost.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Users\Dren\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\LOLReplay\LOLRecorder.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\splwow64.exe C:\Program Files (x86)\puush\puush.exe C:\Windows\system32\taskmgr.exe C:\Program Files\CCleaner\CCleaner64.exe C:\Windows\System32\perfmon.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Desura\desura.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Desura\desura_service.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://isearch.avg.com/?cid={4DA75312-B72A-4E3A-8D72-F9836268232E}&mid=98c18df4cae947d099a481ac0fbf2ddd-10006b474ed346a36e59a740082962451f7bb100〈=en&ds=pp016&pr=sa&d=2012-07-23 08:23:34&v=12.2.5.32&sap=hp uProxyOverride = localhost; 127.0.0.1; <local> uWinlogon: Shell = expstart.exe mWinlogon: Userinit = userinit.exe, BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll uRun: [RockMelt Update] "C:\Users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c uRun: [puush] C:\Program Files (x86)\puush\puush.exe uRun: [Audiogalaxy] "C:\Users\Dren\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup uRun: [NoIPDUCv4] "C:\Program Files (x86)\No-IP\DUC40.exe" /minimize uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart uRun: [AdobeBridge] <no file> mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe" mRun: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\Dren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\Users\Dren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe StartupFolder: C:\Users\Dren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WINLAU~1.LNK - C:\Users\Dren\Documents\StarCraft II\Accounts\55366726\1-S2-1-1242182\Banks\WinLaunch\WinLaunch.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableInstallerDetection = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableSecureUIAPaths = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Assign &hot key - C:\Program Files (x86)\Hot Keyboard Pro\IEScript.htm IE: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: Interfaces\{6BC27F81-8C6D-40A6-9ED6-F3668D92C97A} : NameServer = 192.168.1.1,8.8.8.8 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll SSODL: WebCheck - <orphaned> x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\ FF - prefs.js: browser.search.selectedEngine - Claro Search FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=HP_ss&mntrId=129be6e700000000000000fffda253d2 FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=KW_ss&mntrId=129be6e700000000000000fffda253d2&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Dren\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\Dren\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll FF - plugin: C:\Users\Dren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: !HIDDEN! 2012-10-15 17:28; infoatoms@infoatoms.com; C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com . ---- FIREFOX POLICIES ---- FF - user.js: extensions.claro.id - 129be6e700000000000000fffda253d2 FF - user.js: extensions.claro.instlDay - 15629 FF - user.js: extensions.claro.vrsn - 1.6.4.1 FF - user.js: extensions.claro.vrsni - 1.6.4.1 FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.117:27:22 FF - user.js: extensions.claro.prtnrId - claro FF - user.js: extensions.claro.prdct - claro FF - user.js: extensions.claro.aflt - babsst FF - user.js: extensions.claro_i.smplGrp - none FF - user.js: extensions.claro.tlbrId - claro FF - user.js: extensions.claro.instlRef - sst FF - user.js: extensions.claro.dfltLng - en FF - user.js: extensions.claro.excTlbr - false FF - user.js: extensions.claro.admin - false . ============= SERVICES / DRIVERS =============== . R0 amdide64;amdide64;C:\Windows\System32\drivers\amdide64.sys [2010-6-29 11832] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-25 52760] R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-11-30 210016] R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-11-30 141920] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-7-1 21616] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-7-23 45856] R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-7-1 87168] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-1 46136] R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-7-1 188544] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-1 565352] R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-10-7 31232] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-7-1 47232] S3 ampa;ampa;C:\Windows\System32\ampa.sys [2012-11-30 15288] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-12-2 36328] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-7-1 231440] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-7-1 25640] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-7-1 30528] S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-12-17 13728] S3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;C:\Windows\System32\drivers\libusb0.sys [2012-10-31 32768] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-7-16 121416] S3 PsSdk41;PsSdk41;C:\Windows\System32\drivers\pssdk41.sys [2012-10-4 51776] S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-11-29 19936] S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-11-29 13280] S3 RTCore64;RTCore64;C:\Program Files (x86)\RMClock\RTCore64.sys [2012-11-4 8192] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-12-2 125416] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-12-2 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-12-2 159208] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-12-2 126952] S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-12-17 81312] S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-12-17 15776] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544] . =============== Created Last 30 ================ . 2013-05-28 11:40:24 -------- d-----w- C:\Users\Dren\AppData\Local\Desura 2013-05-23 23:22:13 -------- d-----w- C:\Users\Dren\KAG-Beta 2013-05-15 22:55:34 -------- d-----w- C:\Users\Dren\AppData\Roaming\Carbon 2013-05-15 00:26:12 -------- d-----w- C:\Users\Dren\AppData\Local\Introversion 2013-05-15 00:19:57 -------- d-----w- C:\Users\Dren\.jxbattle 2013-05-13 01:16:05 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP 2013-05-13 01:15:16 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-05-09 22:45:36 -------- d-----w- C:\Users\Dren\AppData\Local\Spotify 2013-05-09 22:45:27 -------- d-----w- C:\Users\Dren\AppData\Roaming\Spotify 2013-05-07 16:49:33 -------- d-----w- C:\Program Files (x86)\LOLReplay 2013-05-05 15:12:02 -------- d-----w- C:\Users\Dren\AppData\Roaming\Transformice 2013-05-05 15:11:52 -------- d-----w- C:\Program Files (x86)\Transformice 2013-04-29 08:13:43 -------- d-----w- C:\Program Files (x86)\ESET 2013-04-29 06:57:04 -------- d-----w- C:\Users\Dren\AppData\Roaming\PDAppFlex . ==================== Find3M ==================== . 2013-05-21 12:28:26 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-04-28 05:16:26 1396346733 ----a-w- C:\Users\Dren\Adobe Photoshop CS6 Extended.exe 2013-04-17 05:34:11 466520 ----a-w- C:\Windows\System32\wrap_oal.dll 2013-04-17 05:34:11 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2013-04-17 05:34:11 123480 ----a-w- C:\Windows\System32\OpenAL32.dll 2013-04-17 05:34:11 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2013-04-13 00:14:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-13 00:14:08 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-09 08:47:56 1111744082 ----a-w- C:\Users\Dren\Adobe Flash CS5.5 Professional.exe . ============= FINISH: 5:01:03.63 =============== attach log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 7/1/2012 7:59:08 PM System Uptime: 5/12/2013 9:22:24 PM (368 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-A75M-D2H Processor: AMD A8-3850 APU with Radeon HD Graphics | Socket M2 | 2900/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 1863 GiB total, 1364.987 GiB free. D: is CDROM () E: is CDROM (UDF) F: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96e-e325-11ce-bfc1-08002be10318} Description: Generic Non-PnP Monitor Device ID: DISPLAY\DEFAULT_MONITOR\5&3ABF4E63&0&UID1048833 Manufacturer: (Standard monitor types) Name: Generic Non-PnP Monitor PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&3ABF4E63&0&UID1048833 Service: monitor . ==== System Restore Points =================== . RP142: 5/20/2013 9:14:09 AM - Scheduled Checkpoint RP143: 5/23/2013 4:21:25 PM - Installed King Arthur's Gold Beta . ==== Installed Programs ====================== . .sol Editor 1.1.0.1 010 Editor 4.0.3 7-Zip 9.20 (x64 edition) A Game of Dwarves A Handful Of Audiosurf Addons Aced.com Acronis Migrate Easy Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Flash Professional CS5.5 Adobe Photoshop CS6 Adobe Reader X (10.1.4) Age of Wushu Airfoil AirMech Akamai NetSession Interface AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD Steady Video Plug-In AMD VISION Engine Control Center ANNO 2070 AOMEI Partition Assistant Pro Edition 5.1 (Demo) Arma 2 ArmA 2 Free Uninstall Arma 2: Operation Arrowhead Atlantica Audiogalaxy Audiosurf AutoHotkey 1.1.09.01 AVG Security Toolbar Bamboo Battle for Wesnoth 1.10.4 BattlEye for OA Uninstall BlueBurstServ version 1.5 Bonjour BPM Counter 1.6.0.0 Brick-Force Cannon Brawl Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cheat Engine 6.2 Cities in Motion 2 Cities XL Platinum Claro LTD toolbar Clonk Rage Core Temp 1.0 RC3 CPUID CPU-Z 1.61 CrystalDiskInfo 5.0.5 Dark Souls Prepare to Die Edition DayZ Commander Desura Desura: OpenRA Desura: Project Zomboid DLC Quest Dolby Home Theater v4 Don't Starve Dota 2 DragonNest Dungeon Defenders Dwarfs F2P Dynasty Warriors Online Easy Tune 6 B11.1209.1 EasyBCD 2.2 EVE Online (remove only) EVEREST Home Edition v2.20 FFsplit version Alpha FileZilla Client 3.6.0.2 FileZilla Server Firebird 2.5.0.26074 (Win32) Free Mouse Auto Clicker 3.0 GamersFirst LIVE! Garry's Mod Geometry Wars: Retro Evolved GimpShop 2.8 Google Chrome Half-Life Dedicated Server Update Tool Happy Cloud Client Hawken HF pAppLoc version 1.0 Hi-Rez Studios Games Hot Keyboard Pro 4 HxD Hex Editor version 1.7.7.0 Icecast KH Icecast v2.0.2 ImgBurn InfoAtoms IntelliWare Java 7 Update 17 Java Auto Updater Java 7 Update 5 (64-bit) JavaFX 2.1.1 King Arthur's Gold King Arthur's Gold Beta Knights of Honor Kongregate Client version 1.0.0.0 LAME v3.99.3 (for Windows) Left 4 Dead 2 Lightning Warrior Raidy Livestream Procaster LOLReplay Mabinogi MagicDisc 2.7.106 Malwarebytes Anti-Malware version 1.75.0.1300 Metasploit Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Microsoft Windows Application Compatibility Database Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Miner Wars 2081 MiniTool Drive Copy 5.0 MorphVOX Pro MotioninJoy Gamepad tool 0.7.1001 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSI to redistribute MS VS2005 CRT libraries Need for Speed Underground 2 Need For Speed™ World Nexon Game Manager No-IP DUC Notepad++ NVIDIA 3D Vision Controller Driver 314.07 NVIDIA 3D Vision Driver 314.07 NVIDIA Control Panel 314.07 NVIDIA Graphics Driver 314.07 NVIDIA HD Audio Driver 1.3.23.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.12.12 NVIDIA Update Components ObjectDock Plus 2 “Œ•ûƒXƒJƒCƒAƒŠ[ƒiEŒ¶‘z‹½‹óí•P “Œ•ûƒXƒJƒCƒAƒŠ[ƒiEŒ¶‘z‹½‹óí•P-KURENAI- ON_OFF Charge B11.1102.1 OpenAL OpenOffice.org 3.4.1 PaintTool SAI Ver.1 Pando Media Booster Path of Exile PCGen6000 PCSX2 - Playstation 2 Emulator PDF Settings CS5 PDF Settings CS6 piaip AppLocale PlanetSide 2 Project Zomboid (remove only) PunkBuster Services puush Python 3.3.0 (64-bit) RaidCall Rainmeter Razer Game Booster Realm of the Mad God Realtek Ethernet Controller Driver Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver Renaissance Heroes Renesas Electronics USB 3.0 Host Controller Driver RocketDock 1.3.5 RockMelt SAGA Saints Row The Third SAM Broadcaster v4 SAMSUNG USB Driver for Mobile Phones Sanctum SCAR Divi MDE 3.38.00 Seagate DiscWizard Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Beyond the Sword Sid Meier's Civilization 4 - Warlords SimCity 4 Deluxe Skype Click to Call Skype™ 6.3 Skyrim Heavens by DanteJinx Smashmuck Champions Sonic Adventure 2 © SEGA version 1 SonicStage 4.3 Sothink SWF Decompiler Spotify Starbank StarCraft II Stardock Software StepMania v5.0 beta 1a (remove only) Stronghold 3 Swf To Gif Converter 3.9 SWFWire Inspector Sword 2 System Requirements Lab CYRI TeamSpeak 3 Client TeamViewer 8 TERA Terraria 1.1.2 The Banner Saga: Factions TLB: System Monitor plugin TortoiseSVN 1.7.8.23174 (64 bit) Total Game Control v3.7 Towns Transformice Tribes Ascend Trillian Tropico 4 1.00 True Launch Bar True Launch Bar: Add Or Remove Programs plugin True Launch Bar: Battery Monitor plugin True Launch Bar: Calendar plugin True Launch Bar: Device Manager plugin True Launch Bar: Disable Windows Keys True Launch Bar: Display Mode plugin True Launch Bar: Key State plugin True Launch Bar: Moon Monitor plugin True Launch Bar: Net Monitor plugin True Launch Bar: Select Color plugin True Launch Bar: Slide Show plugin True Launch Bar: Spacer plugin True Launch Bar: Startup Manager plugin True Launch Bar: TLB Clock plugin True Launch Bar: Up Time plugin True Launch Bar: Virtual Desktops plugin True Launch Bar: Wireless Monitor plugin TrueCrypt Tunngle beta Ubisoft Game Launcher Unity Web Player Universal Extractor 1.6.1 Unlocker 1.9.1 Unlocker 1.9.1-x64 ViewSonic Monitor Drivers x64 Virtual DJ Pro Full - Atomix Productions VLC media player 2.0.5 Wajam WampServer 2.2 Warcraft III WebTablet FB Plugin 32 bit WebTablet FB Plugin 64 bit Winamp Winamp Detector Plug-in Windows Installer Clean Up Windows Live ID Sign-in Assistant WinPcap 4.1.2 WinRAR 4.20 (64-bit) Wizard101 Worms Revolution XLink Kai XSplit . ==== End Of File =========================== Thanks
- May 28, 2013
- 14 replies

Sign In

Drenferalis

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Drenferalis

Possible Browser Hi-Jack and other signs of malware.

Possible Browser Hi-Jack and other signs of malware.

Possible Browser Hi-Jack and other signs of malware.

Possible Browser Hi-Jack and other signs of malware.

Possible Browser Hi-Jack and other signs of malware.

Possible Browser Hi-Jack and other signs of malware.

Possible Browser Hi-Jack and other signs of malware.

Possible Browser Hi-Jack and other signs of malware.

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information