Jump to content

lsm virus


Recommended Posts

Hi

I've had a file called lsm.exe in my .Roaming folder for a while now; I noticed it in task manager, as it uses about 90% of my CPU. When I went to the process, it took me to the .Roaming folder. After looking it up online, I tried to delete it, which seemed to work, but the process reappeared the next time I used my computer. Sometimes, when I bootup, I can see a command prompt labelled "lsm.exe," but it disappears almost instantly. Naturally, I've been running Malwarebytes scans of my computer, and the file itself, but it came up with nothing. 

I go into task manager when my computer boots up to close it down to stop it slowing my computer down but i reopens randomly and i have to go in and close it again. This had been a big problem for a couple of months and i cant find any support on the internet.

I know this is not the legit lsm this is a virus because it is an application in my roaming folder and when i delete it there is no problem, also the real lsm is in the windows folder.

Thanks!

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.7.7 _x64_ [Nov 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Adem [Admin rights]

Mode : Scan -- Date : 11/13/2013 15:57:02

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] winlog.exe -- C:\Users\Adem\AppData\Roaming\Foresight Software\winlog.exe [-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 13 ¤¤¤

[RUN][HJNAME] HKCU\[...]\Run : LocalSessionManager ("C:\Users\Adem\AppData\Roaming\lsm.exe" [-]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : Keyboard Inf. (C:\Users\Adem\AppData\Roaming\Foresight Software\winlog.exe [-]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : sysXboot ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Adem\AppData\Local\Temp\sysXboot7347501006653336827.jar" [7][x]) -> FOUND

[RUN][HJNAME] HKUS\S-1-5-21-3340000255-2995248179-2642138226-1003\[...]\Run : LocalSessionManager ("C:\Users\Adem\AppData\Roaming\lsm.exe" [-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3340000255-2995248179-2642138226-1003\[...]\Run : Keyboard Inf. (C:\Users\Adem\AppData\Roaming\Foresight Software\winlog.exe [-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3340000255-2995248179-2642138226-1003\[...]\Run : sysXboot ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Adem\AppData\Local\Temp\sysXboot7347501006653336827.jar" [7][x]) -> FOUND

[sHELL][Rans.Gendarm] HKCU\[...]\Windows : load (C:\Users\Adem\LOCALS~1\Temp\msvvwap.bat [7]) -> FOUND

[sHELL][Rans.Gendarm] HKUS\[...]\Windows : load (C:\Users\Adem\LOCALS~1\Temp\msvvwap.bat [7]) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{367B59EF-75C5-47C7-89D7-07ABBC1D3385} : NameServer (208.67.222.222,208.67.220.200 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{367B59EF-75C5-47C7-89D7-07ABBC1D3385} : NameServer (208.67.222.222,208.67.220.200 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{367B59EF-75C5-47C7-89D7-07ABBC1D3385} : NameServer (208.67.222.222,208.67.220.200 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 3 ¤¤¤

[V1][sUSP PATH] Dealply.job : C:\Users\Adem\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

[V2][sUSP PATH] Dealply : C:\Users\Adem\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

[V2][sUSP PATH] RunAsStdUser Task : "C:\Users\Adem\AppData\Local\gameflakeSA\bin\1.0.10.0\GameFlakeSA.exe" [x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : Rans.Gendarm ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++

--- User ---

[MBR] cf7e00830d2723bb6ccbd0aa637b4dd7

[bSP] d4e061bce94c88737fc13e0552e6c930 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_11132013_155702.txt >>
Link to post
Share on other sites

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[RUN][HJNAME] HKCU\[...]\Run : LocalSessionManager ("C:\Users\Adem\AppData\Roaming\lsm.exe" [-]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : sysXboot ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Adem\AppData\Local\Temp\sysXboot7347501006653336827.jar" [7][x]) -> FOUND

[RUN][HJNAME] HKUS\S-1-5-21-3340000255-2995248179-2642138226-1003\[...]\Run : LocalSessionManager ("C:\Users\Adem\AppData\Roaming\lsm.exe" [-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3340000255-2995248179-2642138226-1003\[...]\Run : sysXboot ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Adem\AppData\Local\Temp\sysXboot7347501006653336827.jar" [7][x]) -> FOUND

[sHELL][Rans.Gendarm] HKCU\[...]\Windows : load (C:\Users\Adem\LOCALS~1\Temp\msvvwap.bat [7]) -> FOUND

[sHELL][Rans.Gendarm] HKUS\[...]\Windows : load (C:\Users\Adem\LOCALS~1\Temp\msvvwap.bat [7]) -> FOUND


Now click Delete on the right hand column under Options

-------------

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

------------------------------------

Last:


Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.
 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

this is the log it made

 

ComboFix 13-11-12.01 - Adem 13/11/2013  19:45:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8150.5743 [GMT 0:00]
Running from: c:\users\Adem\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\292d36393d3d3b2d3b27593f31_c
c:\users\Adem\AppData\Roaming\lsm.exe
c:\users\Public\cg.exe
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-13 to 2013-11-13  )))))))))))))))))))))))))))))))
.
.
2013-11-13 19:50 . 2013-11-13 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-13 17:45 . 2013-11-13 18:45 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-13 17:45 . 2013-11-13 18:08 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-13 17:45 . 2013-11-13 18:08 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-13 15:35 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE708DB2-D978-423A-BAD0-D2599953511A}\mpengine.dll
2013-11-12 22:17 . 2013-11-12 22:17 -------- d-----w- c:\users\Adem\AppData\Roaming\openvr
2013-11-12 15:33 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-11 18:40 . 2013-11-11 18:40 -------- d-----w- c:\programdata\Steam
2013-11-11 17:14 . 2013-11-11 17:14 312744 ----a-w- c:\windows\system32\javaws.exe
2013-11-11 17:14 . 2013-11-11 17:14 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-11-11 17:14 . 2013-11-11 17:14 189352 ----a-w- c:\windows\system32\javaw.exe
2013-11-11 17:14 . 2013-11-11 17:14 189352 ----a-w- c:\windows\system32\java.exe
2013-11-11 17:01 . 2013-11-11 17:58 -------- d-----w- c:\users\Adem\AppData\Local\Eclipse
2013-11-11 16:59 . 2013-11-11 17:03 -------- d-----w- c:\users\Adem\workspace
2013-11-11 16:00 . 2013-11-11 18:48 -------- d-----w- c:\program files (x86)\Call of Duty Ghosts
2013-11-10 20:40 . 2013-11-10 20:45 -------- d-----w- c:\programdata\SecTaskMan
2013-11-10 20:40 . 2013-11-10 20:40 -------- d-----w- c:\program files (x86)\Security Task Manager
2013-11-10 20:31 . 2013-11-10 20:38 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-11-10 20:31 . 2013-11-10 20:31 -------- d-----w- c:\program files (x86)\Reason
2013-11-07 15:43 . 2013-11-07 15:44 -------- d-----w- c:\program files (x86)\RegistryNuke 2013
2013-11-07 15:41 . 2013-10-18 14:26 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE539D5B-FA49-402F-A6D5-97C5A613F30A}\gapaengine.dll
2013-11-01 19:11 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-01 19:11 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-01 19:11 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-01 19:11 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-01 19:11 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-01 19:11 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-01 19:11 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-01 00:20 . 2013-11-01 00:20 -------- d-----w- c:\users\Adem\AppData\Roaming\AVAST Software
2013-11-01 00:19 . 2013-11-01 00:19 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-01 00:19 . 2013-11-01 00:19 44640 ----a-w- c:\windows\system32\drivers\aswTap.sys
2013-11-01 00:18 . 2013-11-03 10:42 -------- d-----w- c:\programdata\AVAST Software
2013-10-30 18:46 . 2013-10-30 18:46 -------- d-----w- c:\users\Adem\openvr
2013-10-29 18:30 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 19:00 . 2012-12-27 20:16 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-11-12 22:25 . 2012-12-27 20:16 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-29 18:31 . 2012-12-27 20:16 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-18 14:26 . 2013-03-13 08:23 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-10 19:14 . 2012-12-24 10:03 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 18:55 . 2013-01-23 20:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-26 19:12 . 2012-12-27 20:20 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-22 23:28 . 2013-10-10 19:17 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-10 19:17 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-10 19:17 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-10 19:17 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-10 19:17 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-10 19:17 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-10 19:17 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-10 19:17 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-10 19:17 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-10 19:17 855552 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-10 19:17 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-10 19:17 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-10 19:17 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-10 19:17 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-10 19:17 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-10 19:17 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-10 19:17 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-10 19:17 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-10 19:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-10 19:17 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-10 19:17 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-10 19:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-16 21:10 . 2013-09-16 21:10 452972 ----a-w- c:\users\Public\poclbm130302Tahitigv1w64l4.bin
2013-09-14 01:10 . 2013-10-10 14:38 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-10 14:38 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 14:38 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 14:38 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-08-31 00:14 . 2013-08-31 00:14 156712 ----a-w- c:\windows\system32\amdhcp64.dll
2013-08-31 00:14 . 2013-08-31 00:14 141256 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-08-31 00:14 . 2013-08-31 00:14 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-08-31 00:14 . 2012-09-28 01:11 142792 ----a-w- c:\windows\system32\atiuxp64.dll
2013-08-31 00:13 . 2012-12-19 19:31 114488 ----a-w- c:\windows\system32\atiu9p64.dll
2013-08-31 00:13 . 2012-09-28 01:10 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-08-31 00:13 . 2012-09-28 01:41 1233080 ----a-w- c:\windows\system32\aticfx64.dll
2013-08-31 00:13 . 2012-09-28 01:43 1027544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-08-31 00:13 . 2012-09-28 01:22 9464840 ----a-w- c:\windows\system32\atidxx64.dll
2013-08-31 00:13 . 2013-08-31 00:13 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-08-31 00:13 . 2012-09-28 01:22 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-08-31 00:13 . 2012-09-28 02:23 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-08-31 00:13 . 2012-12-19 19:59 6767240 ----a-w- c:\windows\system32\atiumd6a.dll
2013-08-31 00:13 . 2012-12-19 19:44 7256496 ----a-w- c:\windows\system32\atiumd64.dll
2013-08-31 00:11 . 2013-08-31 00:11 12528640 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-08-30 23:48 . 2013-08-30 23:48 127488 ----a-w- c:\windows\system32\coinst_13.152.dll
2013-08-30 23:48 . 2013-08-30 23:48 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-08-30 23:47 . 2013-08-30 23:47 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-08-30 23:47 . 2013-08-30 23:47 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-08-30 23:47 . 2013-08-30 23:47 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-08-30 23:47 . 2013-08-30 23:47 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-08-30 23:47 . 2013-08-30 23:47 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-08-30 23:47 . 2013-08-30 23:47 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-08-30 23:47 . 2013-08-30 23:47 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-08-30 23:47 . 2013-08-30 23:47 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-08-30 23:47 . 2013-08-30 23:47 28192256 ----a-w- c:\windows\system32\amdocl64.dll
2013-08-30 23:45 . 2013-08-30 23:45 23760896 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-08-30 23:43 . 2013-08-30 23:43 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-08-30 23:43 . 2013-08-30 23:43 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-08-30 23:35 . 2013-08-30 23:35 25387520 ----a-w- c:\windows\system32\atio6axx.dll
2013-08-30 23:18 . 2013-08-30 23:18 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-08-30 23:18 . 2013-08-30 23:18 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-08-30 23:18 . 2013-08-30 23:18 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-08-30 23:18 . 2013-08-30 23:18 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-08-30 23:18 . 2013-08-30 23:18 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-08-30 23:17 . 2013-08-30 23:17 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-08-30 23:14 . 2013-08-30 23:14 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-08-30 23:13 . 2013-08-30 23:13 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-08-30 22:59 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-08-30 22:58 . 2013-08-30 22:58 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-08-30 22:58 . 2013-08-30 22:58 571904 ----a-w- c:\windows\system32\atieclxx.exe
2013-08-30 22:57 . 2013-08-30 22:57 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-08-30 22:56 . 2013-08-30 22:56 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-08-30 22:37 . 2013-08-30 22:37 96256 ----a-w- c:\windows\system32\amdave64.dll
2013-08-30 22:37 . 2013-08-30 22:37 90624 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-08-30 22:37 . 2013-08-30 22:37 89088 ----a-w- c:\windows\system32\atisamu64.dll
2013-08-30 22:37 . 2013-08-30 22:37 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-08-30 22:33 . 2012-12-19 19:33 784384 ----a-w- c:\windows\system32\atiadlxx.dll
2013-08-30 22:33 . 2013-08-30 22:33 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-08-30 22:33 . 2013-08-30 22:33 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-08-30 22:32 . 2013-08-30 22:32 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-08-30 22:32 . 2013-08-30 22:32 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 618496 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-08-30 18:58 . 2013-08-30 18:58 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-08-30 18:53 . 2013-08-30 18:53 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-08-29 02:17 . 2013-10-10 14:38 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 14:38 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 14:38 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 14:38 859648 ----a-w- c:\windows\system32\tdh.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"uTorrent"="c:\users\Adem\AppData\Roaming\uTorrent\uTorrent.exe" [2013-11-10 802136]
"Keyboard Inf."="c:\users\Adem\AppData\Roaming\Foresight Software\winlog.exe" [2013-11-11 3344896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VBoxDRV;PortableVBoxDRV;f:\virtualbox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys;f:\virtualbox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [x]
R2 VBoxUSBMon;PortableVBoxUSBMon;f:\virtualbox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys;f:\virtualbox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [x]
R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 I1KBFLTR;Gaming Keyboard;c:\windows\system32\drivers\I1KBFLTR.sys;c:\windows\SYSNATIVE\drivers\I1KBFLTR.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-21 15:28 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-23 18:55]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 10:38]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 10:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{367B59EF-75C5-47C7-89D7-07ABBC1D3385}: NameServer = 208.67.222.222,208.67.220.200
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Quake III Arena - c:\program files (x86)\Quake III Arena\QIII.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-13  19:52:20
ComboFix-quarantined-files.txt  2013-11-13 19:52
.
Pre-Run: 123,050,102,784 bytes free
Post-Run: 122,721,042,432 bytes free
.
- - End Of File - - 1544A43AE77215CEFB44D992D2965997
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.