Jump to content

Infected with Stolen.Data for the second time


Recommended Posts

.DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 1.6.0_33
Run by Jeremy at 2:26:18 on 2013-06-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6057.3213 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <local>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge] <no file>
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.



TCP: NameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{FF1B28AD-68A0-41A8-9CB9-D47A0A08BBC4} : DHCPNameServer = 208.59.247.45 208.59.247.46
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe



x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-12 06:27; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-05-29 15:34; {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}; C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - ExtSQL: 2013-06-20 19:58; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: !HIDDEN! 2012-10-08 22:35; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-20 55856]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-3 283200]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-29 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-13 342528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-20 539240]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\System32\drivers\CM10664.sys [2009-9-30 1307648]
R3 VSTWinDriver6;VSTWinDriver6;C:\Windows\System32\drivers\VSTwindrvr6.sys [2008-7-3 252928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;"C:\Program Files (x86)\Skype\Updater\Updater.exe" --> C:\Program Files (x86)\Skype\Updater\Updater.exe [?]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2012-8-21 29288]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-6-9 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-25 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-3 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
S4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
S4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-6-8 3574624]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S4 wlcrasvc;Windows Live Mesh remote connections service;"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" --> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [?]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-06-27 01:32:47    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E095F88-CF4F-4A43-92DD-69C55B4BBA76}\mpengine.dll
2013-06-26 01:32:03    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB4403D8-2EFD-4757-8C17-A5344D551C5A}\mpengine.dll
2013-06-26 01:32:03    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 10:08:41    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E418CD3D-261E-4128-AC4B-BCA91AF07D5B}\gapaengine.dll
2013-06-20 19:33:57    --------    d-----w-    C:\Program Files (x86)\Tube Increaser
2013-06-20 19:27:29    --------    d-----w-    C:\ProgramData\StarApp
2013-06-20 19:25:37    --------    d-----w-    C:\ProgramData\InstallMate
2013-06-18 14:58:44    --------    d-----w-    C:\ProgramData\Sincell
2013-06-15 11:17:31    --------    d-----w-    C:\Users\Jeremy\TruePianos Settings
2013-06-15 11:16:20    --------    d-----w-    C:\Users\Jeremy\AppData\Roaming\Overloud
2013-06-15 11:15:16    --------    d-----w-    C:\Users\Jeremy\AppData\Roaming\Cakewalk
2013-06-14 09:54:33    --------    d-----w-    C:\Cakewalk Projects
2013-06-14 09:49:11    487424    ----a-w-    C:\Windows\SysWow64\msvcp70.dll
2013-06-14 09:49:11    344064    ----a-w-    C:\Windows\SysWow64\msvcr70.dll
2013-06-14 09:29:19    --------    d-----w-    C:\Cakewalk Content
2013-06-14 09:27:40    --------    d-----w-    C:\Program Files (x86)\Cakewalk
2013-06-14 09:26:31    --------    d-----w-    C:\ProgramData\Overloud
2013-06-14 09:26:31    --------    d-----w-    C:\ProgramData\Cakewalk
2013-06-14 09:26:31    --------    d-----w-    C:\Program Files\Cakewalk
2013-06-12 16:44:31    --------    d-----w-    C:\Program Files (x86)\Share YouTube Videos
2013-06-12 04:46:20    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-10 00:13:24    --------    d-----w-    C:\Program Files\Common Files\Propellerhead Software
2013-06-10 00:13:24    --------    d-----w-    C:\Program Files (x86)\Common Files\Propellerhead Software
2013-06-10 00:13:23    --------    d-----w-    C:\Program Files\VSTPlugIns
2013-06-10 00:13:22    7744    ----a-w-    C:\Windows\SysWow64\HookDll.dll
2013-06-10 00:13:16    --------    d-----w-    C:\Program Files (x86)\Waves
2013-06-09 23:21:33    --------    d-----w-    C:\Program Files (x86)\Common Files\VST3
2013-06-09 23:21:32    --------    d-----w-    C:\Program Files (x86)\VstPlugins
2013-06-09 23:21:29    --------    d-----w-    C:\Program Files\Common Files\VST3
2013-06-09 23:18:30    308528    ----a-w-    C:\Windows\SysWow64\setup.ocx
2013-06-09 09:03:07    --------    d-----w-    C:\ProgramData\VS Revo Group
2013-06-09 09:03:06    31800    ----a-w-    C:\Windows\System32\drivers\revoflt.sys
2013-06-09 09:03:05    --------    d-----w-    C:\Program Files\VS Revo Group
2013-06-09 07:57:58    --------    d-----w-    C:\Users\Jeremy\AppData\Local\VS Revo Group
2013-06-08 12:11:52    --------    d-----w-    C:\Program Files (x86)\TeamViewer
2013-06-08 11:55:12    --------    d-----w-    C:\Users\Jeremy\AppData\Roaming\OfficeRecovery
2013-06-07 08:50:02    --------    d-----w-    C:\Program Files (x86)\Common Files\Digidesign
2013-06-06 20:10:59    1431552    ----a-w-    C:\Windows\SysWow64\ReWire.dll
2013-06-05 09:19:04    401462    ----a-w-    C:\Windows\SysWow64\temp.003
2013-06-05 09:19:04    266293    ----a-w-    C:\Windows\SysWow64\temp.002
2013-06-05 08:38:01    --------    d-----w-    C:\Users\Jeremy\AppData\Roaming\Waves Audio
2013-06-05 08:29:22    2181120    ----a-w-    C:\Windows\System32\ReWire.dll
2013-06-04 12:30:02    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2013-06-04 11:47:44    --------    d-----w-    C:\ProgramData\Ashampoo
2013-06-04 10:47:34    --------    d-----w-    C:\Program Files (x86)\Max Uninstaller
2013-06-03 11:46:27    --------    d-----w-    C:\Program Files\Perfect Uninstaller
2013-05-30 19:51:02    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-30 19:51:02    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-30 19:51:02    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-30 19:51:02    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-30 19:51:02    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-30 19:51:02    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-30 19:51:02    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-30 19:51:02    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-30 19:51:02    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-30 19:51:02    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-29 19:34:16    --------    d-----w-    C:\Users\Jeremy\AppData\Roaming\BitComet
2013-05-29 19:34:15    --------    d-----w-    C:\Program Files (x86)\BitComet
.
==================== Find3M  ====================
.
2013-06-15 11:14:53    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 11:14:53    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-03 13:13:06    16    ----a-w-    C:\Windows\SysWow64\msvcsv60.dll
2013-04-03 13:13:06    16    ----a-w-    C:\Users\Jeremy\AppData\Roaming\msregsvv.dll
2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
.
============= FINISH:  2:26:52.82 ===============
 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/2/2012 9:17:09 PM
System Uptime: 6/24/2013 9:20:47 PM (53 hours ago)
.
Motherboard: Dell Inc. |  | 0GDG8Y       
Processor: Intel® Core i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 352.113 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 209.543 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 60.814 GiB free.
F: is FIXED (NTFS) - 2795 GiB total, 1191.757 GiB free.
G: is Removable
O: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP338: 6/26/2013 9:32:06 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
AAMS Auto Audio Mastering System V2.5
Adobe AIR
Adobe Audition 1.5
Adobe Audition 3.0
Adobe Audition 3.0 Vista Compatibility
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Premiere Elements 10
Adobe Premiere Elements 10 Content
Adobe Premiere Elements 10 Content 1
Adobe Premiere Elements 10 Content 2
Adobe Premiere Elements 10 Content 3
Adobe Premiere Elements 10 HD Content 1
Adobe Premiere Elements 10 HD Content 2
Adobe Premiere Elements 10 HD Content 3
Adobe Reader X (10.1.7)
AIM for Windows
AIPL WarmTone DX v2.2
Antares Autotune VST v5.09
Antares Microphone Modeler - ZONE
Apple Application Support
Apple Software Update
ASIO4ALL
Audacity 2.0.3
BitComet 1.36
Blaine's Alias Title
Blaine's Bloom/Negative Effects
Blaine's Cartoonify Effects
Blaine's Color Fade Effects
Blaine's Contrast Effects
Blaine's Custom Dreamy Look Title
Blaine's Custom Speed Effects
Blaine's Film Looks Effects
Blaine's Letterbox Effects
Blaine's Pixelate Effects
Blaine's TV Signal Effects
CameraHelperMsi
Canon PowerShot ELPH 110 HS_IXUS 125 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Canon Utilities PhotoStitch
CDBurnerXP
ClickFix Lite for Adobe Audition version 3.04 (remove only)
Conexant HD Audio
ContaCam
D3DX10
DAEMON Tools Lite
Dell Edoc Viewer
Dropbox
Elements 10 Organizer
erLT
EULAlyzer 2.2
Facebook Video Calling 1.2.0.159
FastStone Capture 6.8
FileZilla Client 3.7.0.2
foobar2000 v1.1.10
Free MIDI to MP3 Converter 1.0
FreeUndelete 2.1.36867.1
GEAR driver installer for AMD64 and Intel EM64T
GetDataBack for NTFS
Google Chrome
Google Update Helper
HandBrake 0.9.5
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
IrfanView (remove only)
Java Auto Updater
Java 6 Update 27 (64-bit)
Java 6 Update 33
JDownloader 0.9
Junk Mail filter update
K-Lite Codec Pack 8.2.0 (Standard)
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MixMeister Studio 7.2.2
Movie Maker 6.0 for Windows 7 (64-bit)
Moyea FLV to Video Converter Pro version 1.29.2.11
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network64
OCR Software by I.R.I.S. 13.0
OLYMPUS Master 2
PDF Settings CS5
PlayReady PC Runtime x86
PRE10STI64Installer
QuickTime
Rapture 1.2.2
Revo Uninstaller Pro 3.0.5
Sandboxie 3.76 (64-bit)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Share YouTube Videos version 1
Simple Search-Replace
Skype™ 6.1
SmartSound Common Data
SmartSound Premiere Elements 10 x64 Plugin
SmartSound Sonicfire Pro 5
SONAR X2 Producer x64
SpywareBlaster 5.0
SUPERAntiSpyware
TeamViewer 8
Tube Increaser version 5.0.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.6
Waves Complete V9r1
Waves Mercury Bundle
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series x64 Edition
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/26/2013 12:35:08 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/24/2013 9:20:55 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
 

mbam-log-2013-06-27 (01-36-53).txt

Link to post
Share on other sites

Hello jaiz! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: BitComet 1.36

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • ComboFix log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jeremy on Thu 06/27/2013 at 10:48:23.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Jeremy\AppData\Roaming\mozilla\firefox\profiles\blj3egdu.default\prefs.js

user_pref("extensions.alexa.searchconf", "{\n  \"google\" : {\n    \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n    \"rankometer\" :  {\n  



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/27/2013 at 10:50:47.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v2.303 - Logfile created 06/27/2013 at 10:44:59
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jeremy - JEREMY-PC
# Boot Mode : Normal
# Running from : C:\Users\Jeremy\Desktop\Stolen.Data\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1088 octets] - [27/06/2013 10:44:26]
AdwCleaner[s1].txt - [1022 octets] - [27/06/2013 10:44:59]

########## EOF - C:\AdwCleaner[s1].txt - [1082 octets] ##########



I have a question. I was asked to remove my torrent client before.What is the reasoning behind it because I use it frequently. Is it ok to re-install it after this whole precess is finished?

Link to post
Share on other sites

ComboFix 13-06-27.01 - Jeremy 06/27/2013  11:14:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6057.4329 [GMT -4:00]
Running from: c:\users\Jeremy\Desktop\Stolen.Data\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jeremy\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Jeremy\AppData\Roaming\Microsoft\bass.dll
c:\users\Jeremy\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Jeremy\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Jeremy\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Jeremy\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Jeremy\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Jeremy\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Jeremy\AppData\Roaming\msregsvv.dll
c:\windows\system\fltr106.dll
c:\windows\SysWow64\hookdll.dll
c:\windows\SysWow64\msvcsv60.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-27 to 2013-06-27  )))))))))))))))))))))))))))))))
.
.
2013-06-27 15:19 . 2013-06-27 15:19    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-27 07:48 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3B81C6B-A645-4129-BE45-F1AD6D26A1EB}\mpengine.dll
2013-06-26 01:32 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 10:08 . 2013-06-21 10:08    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E418CD3D-261E-4128-AC4B-BCA91AF07D5B}\gapaengine.dll
2013-06-20 19:33 . 2013-06-20 20:31    --------    d-----w-    c:\program files (x86)\Tube Increaser
2013-06-20 19:27 . 2013-06-20 19:27    --------    d-----w-    c:\programdata\StarApp
2013-06-18 14:58 . 2013-06-18 14:58    --------    d-----w-    c:\programdata\Sincell
2013-06-15 11:17 . 2013-06-15 11:17    --------    d-----w-    c:\users\Jeremy\TruePianos Settings
2013-06-15 11:16 . 2013-06-15 11:16    --------    d-----w-    c:\users\Jeremy\AppData\Roaming\Overloud
2013-06-15 11:15 . 2013-06-15 11:16    --------    d-----w-    c:\users\Jeremy\AppData\Roaming\Cakewalk
2013-06-14 09:54 . 2013-06-15 11:17    --------    d-----w-    C:\Cakewalk Projects
2013-06-14 09:49 . 2012-06-20 21:38    487424    ----a-w-    c:\windows\SysWow64\msvcp70.dll
2013-06-14 09:49 . 2012-06-20 21:38    344064    ----a-w-    c:\windows\SysWow64\msvcr70.dll
2013-06-14 09:29 . 2013-06-14 09:32    --------    d-----w-    C:\Cakewalk Content
2013-06-14 09:27 . 2013-06-14 09:27    --------    d-----w-    c:\program files (x86)\Cakewalk
2013-06-14 09:26 . 2013-06-14 10:11    --------    d-----w-    c:\programdata\Cakewalk
2013-06-14 09:26 . 2013-06-14 10:11    --------    d-----w-    c:\program files\Cakewalk
2013-06-14 09:26 . 2013-06-14 09:26    --------    d-----w-    c:\programdata\Overloud
2013-06-12 16:44 . 2013-06-12 16:44    --------    d-----w-    c:\program files (x86)\Share YouTube Videos
2013-06-12 04:46 . 2013-05-08 06:39    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-10 00:13 . 2013-06-10 00:13    --------    d-----w-    c:\program files\Common Files\Propellerhead Software
2013-06-10 00:13 . 2013-06-10 00:13    --------    d-----w-    c:\program files (x86)\Common Files\Propellerhead Software
2013-06-10 00:13 . 2013-06-10 00:13    --------    d-----w-    c:\program files\VSTPlugIns
2013-06-10 00:13 . 2013-06-10 00:28    --------    d-----w-    c:\program files (x86)\Waves
2013-06-09 23:21 . 2013-06-09 23:55    --------    d-----w-    c:\program files (x86)\Common Files\VST3
2013-06-09 23:21 . 2013-06-10 00:25    --------    d-----w-    c:\program files (x86)\VstPlugins
2013-06-09 23:21 . 2013-06-09 23:55    --------    d-----w-    c:\program files\Common Files\VST3
2013-06-09 23:18 . 2008-05-10 05:27    308528    ----a-w-    c:\windows\SysWow64\setup.ocx
2013-06-09 09:03 . 2013-06-09 09:03    --------    d-----w-    c:\programdata\VS Revo Group
2013-06-09 09:03 . 2009-12-30 15:21    31800    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2013-06-09 09:03 . 2013-06-09 09:03    --------    d-----w-    c:\program files\VS Revo Group
2013-06-09 07:57 . 2013-06-09 07:57    --------    d-----w-    c:\users\Jeremy\AppData\Local\VS Revo Group
2013-06-08 12:11 . 2013-06-08 12:11    --------    d-----w-    c:\program files (x86)\TeamViewer
2013-06-08 11:55 . 2013-06-08 11:55    --------    d-----w-    c:\users\Jeremy\AppData\Roaming\OfficeRecovery
2013-06-07 08:50 . 2013-06-07 08:50    --------    d-----w-    c:\program files (x86)\Common Files\Digidesign
2013-06-06 20:10 . 2011-07-01 15:30    1431552    ----a-w-    c:\windows\SysWow64\ReWire.dll
2013-06-05 09:19 . 2000-08-02 15:10    401462    ----a-w-    c:\windows\SysWow64\temp.003
2013-06-05 09:19 . 2000-08-02 15:10    266293    ----a-w-    c:\windows\SysWow64\temp.002
2013-06-05 08:38 . 2013-06-10 00:12    --------    d-----w-    c:\users\Jeremy\AppData\Roaming\Waves Audio
2013-06-05 08:29 . 2011-07-01 15:31    2181120    ----a-w-    c:\windows\system32\ReWire.dll
2013-06-05 08:28 . 2013-06-06 13:34    --------    d-----w-    c:\users\Public\Waves Audio
2013-06-04 12:30 . 2013-06-09 07:12    --------    d-----w-    c:\program files (x86)\VS Revo Group
2013-06-04 11:47 . 2013-06-04 11:47    --------    d-----w-    c:\programdata\Ashampoo
2013-06-04 10:47 . 2013-06-04 11:51    --------    d-----w-    c:\program files (x86)\Max Uninstaller
2013-06-03 11:46 . 2013-06-04 01:34    --------    d-----w-    c:\program files\Perfect Uninstaller
2013-05-30 19:51 . 2013-05-30 19:51    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-30 19:51 . 2013-05-30 19:51    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-30 19:51 . 2013-05-30 19:51    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-30 19:51 . 2013-05-30 19:51    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-30 19:51 . 2013-05-30 19:51    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-30 19:51 . 2013-05-30 19:51    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-30 19:51 . 2013-05-30 19:51    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-30 19:51 . 2013-05-30 19:51    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-30 19:51 . 2013-05-30 19:51    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-30 19:51 . 2013-05-30 19:51    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-29 19:34 . 2013-06-23 09:37    --------    d-----w-    c:\users\Jeremy\AppData\Roaming\BitComet
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-15 11:14 . 2013-05-10 08:20    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 11:14 . 2013-05-10 08:20    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 11:02 . 2012-02-03 08:13    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-05-21 17:57 . 2012-02-10 11:27    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-14 00:31 . 2012-07-17 19:37    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-01 07:59 . 2013-05-01 07:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 11:18    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 11:18    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 11:18    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 11:18    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 11:18    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 11:18    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 06:08    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-11 01:13 . 2013-04-11 01:13    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-04-11 01:13 . 2013-04-11 01:13    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-04-11 01:13 . 2013-04-11 01:13    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-04-11 01:13 . 2013-04-11 01:13    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-04-11 01:13 . 2013-04-11 01:13    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-04-11 01:13 . 2013-04-11 01:13    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-04-11 01:13 . 2013-04-11 01:13    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-11 01:13 . 2013-04-11 01:13    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-11 01:13 . 2013-04-11 01:13    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-04-11 01:13 . 2013-04-11 01:13    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-04-11 01:13 . 2013-04-11 01:13    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-04-11 01:13 . 2013-04-11 01:13    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-04-11 01:13 . 2013-04-11 01:13    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-04-11 01:13 . 2013-04-11 01:13    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-04-11 01:13 . 2013-04-11 01:13    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-04-11 01:13 . 2013-04-11 01:13    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-04-11 01:13 . 2013-04-11 01:13    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-04-11 01:13 . 2013-04-11 01:13    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-04-11 01:13 . 2013-04-11 01:13    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-04-11 01:13 . 2013-04-11 01:13    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-04-11 01:13 . 2013-04-11 01:13    441856    ----a-w-    c:\windows\system32\html.iec
2013-04-11 01:13 . 2013-04-11 01:13    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-04-11 01:13 . 2013-04-11 01:13    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-11 01:13 . 2013-04-11 01:13    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-04-11 01:13 . 2013-04-11 01:13    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-04-11 01:13 . 2013-04-11 01:13    235008    ----a-w-    c:\windows\system32\url.dll
2013-04-11 01:13 . 2013-04-11 01:13    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-04-11 01:13 . 2013-04-11 01:13    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-04-11 01:13 . 2013-04-11 01:13    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-04-11 01:13 . 2013-04-11 01:13    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-11 01:13 . 2013-04-11 01:13    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-04-11 01:13 . 2013-04-11 01:13    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-04-11 01:13 . 2013-04-11 01:13    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-04-11 01:13 . 2013-04-11 01:13    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-04-11 01:13 . 2013-04-11 01:13    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-04-11 01:13 . 2013-04-11 01:13    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-04-11 01:13 . 2013-04-11 01:13    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-04-11 01:13 . 2013-04-11 01:13    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-04-11 01:13 . 2013-04-11 01:13    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-04-11 01:13 . 2013-04-11 01:13    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-04-11 01:13 . 2013-04-11 01:13    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-04-11 01:13 . 2013-04-11 01:13    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-11 01:13 . 2013-04-11 01:13    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-04-11 01:13 . 2013-04-11 01:13    149504    ----a-w-    c:\windows\system32\occache.dll
2013-04-11 01:13 . 2013-04-11 01:13    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-04-11 01:13 . 2013-04-11 01:13    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-04-11 01:13 . 2013-04-11 01:13    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-04-11 01:13 . 2013-04-11 01:13    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-04-11 01:13 . 2013-04-11 01:13    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-04-10 06:01 . 2013-05-15 11:18    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 11:18    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 11:18    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-04-02 14:09 . 2013-04-02 14:09    4550656    ----a-w-    c:\windows\SysWow64\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-07 03:55    220632    ----a-w-    c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-07 03:55    220632    ----a-w-    c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-07 03:55    220632    ----a-w-    c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys;c:\windows\SYSNATIVE\drivers\VSTwindrvr6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-18 19:08    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-10 11:14]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06 00:50]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06 00:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-07 03:55    244696    ----a-w-    c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-07 03:55    244696    ----a-w-    c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-07 03:55    244696    ----a-w-    c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 107.6.133.8,23.23.180.210
FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google

FF - ExtSQL: 2013-05-12 06:27; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-06-20 19:58; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: !HIDDEN! 2012-10-08 22:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{D4D7D75D-00A0-CCD9-8303-9D1E2E193749} - c:\progra~3\INSTAL~2\{61B99~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-27  11:21:15
ComboFix-quarantined-files.txt  2013-06-27 15:21
.
Pre-Run: 380,793,851,904 bytes free
Post-Run: 381,171,216,384 bytes free
.
- - End Of File - - 13D3F23FDE5CABC3E6478604ED83E81B
F1BC9A487FAD21118DA4D5B596310BA4
 

Link to post
Share on other sites

Very good! :)

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\$RECYCLE.BIN\S-1-5-21-4055183432-471262313-3685020261-1000\$R3EV2WU.mp4    Win32/InstalleRex.J application    cleaned by deleting - quarantined
C:\Users\Jeremy\Desktop\Market\When Asleep\jingling.exe    Win32/FlowSpirit application    cleaned by deleting - quarantined
C:\Users\Jeremy\Downloads\iLividSetup-r621-n-bc.exe    Win32/Toolbar.SearchSuite application    cleaned by deleting - quarantined
D:\- Jeremy\- Downloads\Attract Woman Now\Bonus Article 2 Sex On The Edge.htm    JS/Tivso.Gen trojan    cleaned by deleting - quarantined
D:\- Jeremy\- Downloads\Attract Woman Now\Chapter 11 How To Create Sexual Chemistry.htm    JS/Tivso.Gen trojan    cleaned by deleting - quarantined
D:\- Jeremy\- Downloads\Attract Woman Now\Chapter 4 What Not To Do In The Company Of Women.htm    JS/Tivso.Gen trojan    cleaned by deleting - quarantined
D:\- Jeremy\- Downloads\Attract Woman Now\Chapter 6 How To Seduce Women.htm    JS/Tivso.Gen trojan    cleaned by deleting - quarantined
D:\- Jeremy\- Programs\- Audio\Adobe Audition 3.0\adobe audition 3.zip    a variant of Win32/Keygen.AF application    deleted - quarantined
D:\- Jeremy\- Programs\- Audio\Adobe Audition 3.0\Adobe Audition v3 Keygen.EXE    a variant of Win32/Keygen.AF application    cleaned by deleting - quarantined
D:\- Jeremy\- Programs\- Audio\AnalogX\vremover.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
D:\- Jeremy\- Programs\- Audio\Winamp\winamp563_full_emusic-7plus_en-us.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
D:\- Jeremy\- Programs\- Website Tools\cure.php    HTML/Iframe.B.Gen virus    deleted - quarantined
D:\- Jeremy\- Programs\- Website Tools\- Bots\AddMeFastBotv4.exe    multiple threats    cleaned by deleting - quarantined
D:\- Jeremy\- Programs\- Website Tools\- Bots\jingling.exe    Win32/FlowSpirit application    cleaned by deleting - quarantined
D:\- Jeremy\- Programs\- Website Tools\- Sites\wwedivaspictures.com\pics\cure.php    HTML/Iframe.B.Gen virus    deleted - quarantined
D:\- Jeremy\- Programs\- Website Tools\- Sites\wwedivaspictures.com\pics1\cure.php    HTML/Iframe.B.Gen virus    deleted - quarantined
D:\- Jeremy\- Programs\Midi to MP3 Converter\cbsidlm-tr1_13-Free_MIDI_to_MP3_Converter-BP-75211970.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
D:\- Jeremy\- Programs\Winrar\winrar.exe    Win32/DomaIQ.E application    cleaned by deleting - quarantined
 

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.

    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:

    Drweb-cureit-1_zps34a2f747.gif

    Click the checkbox to participate, and then click on Continue button.

  • Next

    Drweb-cureit-2_zpsee7bdcb6.gif

    Click on Select onjects for scanning

  • Next

    Drweb-cureit-3_zps137b4332.gif

    Put a checkmark by clicking on the boxes as shown.

    Do not select Temporary files or System Restore points.

    Then click on Start scanning button

  • The scan in progress will be shown like this

    Drweb-cureit-4_zps211037d0.gif

  • IF something is detected, you will see a screen similar to this

    Drweb-cureit-5_zpsd7be6acf.gif

    For each item "detected", click on the Action column down arrow, like this

    Drweb-cureit-8_zpsb099f9d5.gif

    Your options will be Cure or Ignore

    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.

    Typically, you will keep the Cure default.

    Then click on the Neutralize button.

  • When the actions are completed, you will see this

    Drweb-cureit-7_zpsd290a127.gif

  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.

    Save the report to your desktop. The report will be called Cureit.log

  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
Re-Enable your antivirus program when all done.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.