AdemPenver Posted November 12, 2013 ID:752830 Share Posted November 12, 2013 HiI've had a file called lsm.exe in my .Roaming folder for a while now; I noticed it in task manager, as it uses about 90% of my CPU. When I went to the process, it took me to the .Roaming folder. After looking it up online, I tried to delete it, which seemed to work, but the process reappeared the next time I used my computer. Sometimes, when I bootup, I can see a command prompt labelled "lsm.exe," but it disappears almost instantly. Naturally, I've been running Malwarebytes scans of my computer, and the file itself, but it came up with nothing. I go into task manager when my computer boots up to close it down to stop it slowing my computer down but i reopens randomly and i have to go in and close it again. This had been a big problem for a couple of months and i cant find any support on the internet.I know this is not the legit lsm this is a virus because it is an application in my roaming folder and when i delete it there is no problem, also the real lsm is in the windows folder.Thanks! Link to post Share on other sites More sharing options...
MrCharlie Posted November 13, 2013 ID:752854 Share Posted November 13, 2013 Welcome to the forum, please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
AdemPenver Posted November 13, 2013 Author ID:753050 Share Posted November 13, 2013 Thank you!!! Link to post Share on other sites More sharing options...
AdemPenver Posted November 13, 2013 Author ID:753069 Share Posted November 13, 2013 RogueKiller V8.7.7 _x64_ [Nov 11 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Adem [Admin rights]Mode : Scan -- Date : 11/13/2013 15:57:02| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] winlog.exe -- C:\Users\Adem\AppData\Roaming\Foresight Software\winlog.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 13 ¤¤¤[RUN][HJNAME] HKCU\[...]\Run : LocalSessionManager ("C:\Users\Adem\AppData\Roaming\lsm.exe" [-]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : Keyboard Inf. (C:\Users\Adem\AppData\Roaming\Foresight Software\winlog.exe [-]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : sysXboot ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Adem\AppData\Local\Temp\sysXboot7347501006653336827.jar" [7][x]) -> FOUND[RUN][HJNAME] HKUS\S-1-5-21-3340000255-2995248179-2642138226-1003\[...]\Run : LocalSessionManager ("C:\Users\Adem\AppData\Roaming\lsm.exe" [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3340000255-2995248179-2642138226-1003\[...]\Run : Keyboard Inf. (C:\Users\Adem\AppData\Roaming\Foresight Software\winlog.exe [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3340000255-2995248179-2642138226-1003\[...]\Run : sysXboot ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Adem\AppData\Local\Temp\sysXboot7347501006653336827.jar" [7][x]) -> FOUND[sHELL][Rans.Gendarm] HKCU\[...]\Windows : load (C:\Users\Adem\LOCALS~1\Temp\msvvwap.bat [7]) -> FOUND[sHELL][Rans.Gendarm] HKUS\[...]\Windows : load (C:\Users\Adem\LOCALS~1\Temp\msvvwap.bat [7]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{367B59EF-75C5-47C7-89D7-07ABBC1D3385} : NameServer (208.67.222.222,208.67.220.200 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{367B59EF-75C5-47C7-89D7-07ABBC1D3385} : NameServer (208.67.222.222,208.67.220.200 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{367B59EF-75C5-47C7-89D7-07ABBC1D3385} : NameServer (208.67.222.222,208.67.220.200 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 3 ¤¤¤[V1][sUSP PATH] Dealply.job : C:\Users\Adem\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND[V2][sUSP PATH] Dealply : C:\Users\Adem\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND[V2][sUSP PATH] RunAsStdUser Task : "C:\Users\Adem\AppData\Local\gameflakeSA\bin\1.0.10.0\GameFlakeSA.exe" [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++--- User ---[MBR] cf7e00830d2723bb6ccbd0aa637b4dd7[bSP] d4e061bce94c88737fc13e0552e6c930 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_11132013_155702.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted November 13, 2013 ID:753083 Share Posted November 13, 2013 Run RogueKiller again and click ScanWhen the scan completes > click on the Registry tabPut a check next to all of these and uncheck the rest: (if found) [RUN][HJNAME] HKCU\[...]\Run : LocalSessionManager ("C:\Users\Adem\AppData\Roaming\lsm.exe" [-]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : sysXboot ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Adem\AppData\Local\Temp\sysXboot7347501006653336827.jar" [7][x]) -> FOUND[RUN][HJNAME] HKUS\S-1-5-21-3340000255-2995248179-2642138226-1003\[...]\Run : LocalSessionManager ("C:\Users\Adem\AppData\Roaming\lsm.exe" [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3340000255-2995248179-2642138226-1003\[...]\Run : sysXboot ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Adem\AppData\Local\Temp\sysXboot7347501006653336827.jar" [7][x]) -> FOUND[sHELL][Rans.Gendarm] HKCU\[...]\Windows : load (C:\Users\Adem\LOCALS~1\Temp\msvvwap.bat [7]) -> FOUND[sHELL][Rans.Gendarm] HKUS\[...]\Windows : load (C:\Users\Adem\LOCALS~1\Temp\msvvwap.bat [7]) -> FOUNDNow click Delete on the right hand column under Options-------------Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.Just run fixdamage.exe.Verify that they are now functioning normally.------------------------------------Last:Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease make sure you click download buttons that look like this, not "sponsored ad links":Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop.Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
AdemPenver Posted November 13, 2013 Author ID:753146 Share Posted November 13, 2013 i have 3 logsmbar-log-2013-11-13 (17-45-49).txtmbar-log-2013-11-13 (17-46-48).txtmbar-log-2013-11-13 (18-08-51).txt Link to post Share on other sites More sharing options...
MrCharlie Posted November 13, 2013 ID:753166 Share Posted November 13, 2013 OK...run ComboFix. MrC Link to post Share on other sites More sharing options...
AdemPenver Posted November 13, 2013 Author ID:753174 Share Posted November 13, 2013 i have Link to post Share on other sites More sharing options...
AdemPenver Posted November 13, 2013 Author ID:753189 Share Posted November 13, 2013 this is the log it made ComboFix 13-11-12.01 - Adem 13/11/2013 19:45:36.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8150.5743 [GMT 0:00]Running from: c:\users\Adem\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\ENDc:\program files (x86)\DealPlyc:\program files (x86)\DealPly\uninst.exec:\programdata\292d36393d3d3b2d3b27593f31_cc:\users\Adem\AppData\Roaming\lsm.exec:\users\Public\cg.exec:\windows\SysWow64\FlashPlayerApp.exec:\windows\SysWow64\frapsvid.dll..((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 )))))))))))))))))))))))))))))))..2013-11-13 19:50 . 2013-11-13 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-13 17:45 . 2013-11-13 18:45 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-11-13 17:45 . 2013-11-13 18:08 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2013-11-13 17:45 . 2013-11-13 18:08 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-11-13 15:35 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE708DB2-D978-423A-BAD0-D2599953511A}\mpengine.dll2013-11-12 22:17 . 2013-11-12 22:17 -------- d-----w- c:\users\Adem\AppData\Roaming\openvr2013-11-12 15:33 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-11 18:40 . 2013-11-11 18:40 -------- d-----w- c:\programdata\Steam2013-11-11 17:14 . 2013-11-11 17:14 312744 ----a-w- c:\windows\system32\javaws.exe2013-11-11 17:14 . 2013-11-11 17:14 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2013-11-11 17:14 . 2013-11-11 17:14 189352 ----a-w- c:\windows\system32\javaw.exe2013-11-11 17:14 . 2013-11-11 17:14 189352 ----a-w- c:\windows\system32\java.exe2013-11-11 17:01 . 2013-11-11 17:58 -------- d-----w- c:\users\Adem\AppData\Local\Eclipse2013-11-11 16:59 . 2013-11-11 17:03 -------- d-----w- c:\users\Adem\workspace2013-11-11 16:00 . 2013-11-11 18:48 -------- d-----w- c:\program files (x86)\Call of Duty Ghosts2013-11-10 20:40 . 2013-11-10 20:45 -------- d-----w- c:\programdata\SecTaskMan2013-11-10 20:40 . 2013-11-10 20:40 -------- d-----w- c:\program files (x86)\Security Task Manager2013-11-10 20:31 . 2013-11-10 20:38 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin2013-11-10 20:31 . 2013-11-10 20:31 -------- d-----w- c:\program files (x86)\Reason2013-11-07 15:43 . 2013-11-07 15:44 -------- d-----w- c:\program files (x86)\RegistryNuke 20132013-11-07 15:41 . 2013-10-18 14:26 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE539D5B-FA49-402F-A6D5-97C5A613F30A}\gapaengine.dll2013-11-01 19:11 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-11-01 19:11 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-11-01 19:11 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-11-01 19:11 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-11-01 19:11 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-11-01 19:11 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-11-01 19:11 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-11-01 00:20 . 2013-11-01 00:20 -------- d-----w- c:\users\Adem\AppData\Roaming\AVAST Software2013-11-01 00:19 . 2013-11-01 00:19 334648 ----a-w- c:\windows\system32\aswBoot.exe2013-11-01 00:19 . 2013-11-01 00:19 44640 ----a-w- c:\windows\system32\drivers\aswTap.sys2013-11-01 00:18 . 2013-11-03 10:42 -------- d-----w- c:\programdata\AVAST Software2013-10-30 18:46 . 2013-10-30 18:46 -------- d-----w- c:\users\Adem\openvr2013-10-29 18:30 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-13 19:00 . 2012-12-27 20:16 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2013-11-12 22:25 . 2012-12-27 20:16 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02013-10-29 18:31 . 2012-12-27 20:16 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2013-10-18 14:26 . 2013-03-13 08:23 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-10-10 19:14 . 2012-12-24 10:03 80541720 ----a-w- c:\windows\system32\MRT.exe2013-10-08 18:55 . 2013-01-23 20:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-26 19:12 . 2012-12-27 20:20 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2013-09-22 23:28 . 2013-10-10 19:17 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-22 23:27 . 2013-10-10 19:17 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll2013-09-22 23:27 . 2013-10-10 19:17 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-09-22 23:27 . 2013-10-10 19:17 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-09-22 22:55 . 2013-10-10 19:17 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-09-22 22:55 . 2013-10-10 19:17 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-22 22:55 . 2013-10-10 19:17 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-09-22 22:54 . 2013-10-10 19:17 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-09-22 22:54 . 2013-10-10 19:17 19252224 ----a-w- c:\windows\system32\mshtml.dll2013-09-22 22:54 . 2013-10-10 19:17 855552 ----a-w- c:\windows\system32\jscript.dll2013-09-22 22:54 . 2013-10-10 19:17 3959296 ----a-w- c:\windows\system32\jscript9.dll2013-09-22 22:54 . 2013-10-10 19:17 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-22 22:54 . 2013-10-10 19:17 67072 ----a-w- c:\windows\system32\iesetup.dll2013-09-22 22:54 . 2013-10-10 19:17 526336 ----a-w- c:\windows\system32\ieui.dll2013-09-22 22:54 . 2013-10-10 19:17 39936 ----a-w- c:\windows\system32\iernonce.dll2013-09-22 22:54 . 2013-10-10 19:17 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-09-22 22:54 . 2013-10-10 19:17 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-09-22 22:54 . 2013-10-10 19:17 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-21 03:38 . 2013-10-10 19:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-09-21 03:30 . 2013-10-10 19:17 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-09-21 02:48 . 2013-10-10 19:17 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-09-21 02:39 . 2013-10-10 19:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-09-16 21:10 . 2013-09-16 21:10 452972 ----a-w- c:\users\Public\poclbm130302Tahitigv1w64l4.bin2013-09-14 01:10 . 2013-10-10 14:38 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-09-08 02:30 . 2013-10-10 14:38 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-10 14:38 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-10 14:38 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-08-31 00:14 . 2013-08-31 00:14 156712 ----a-w- c:\windows\system32\amdhcp64.dll2013-08-31 00:14 . 2013-08-31 00:14 141256 ----a-w- c:\windows\SysWow64\amdhcp32.dll2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\atimpc64.dll2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\amdpcom64.dll2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll2013-08-31 00:14 . 2013-08-31 00:14 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll2013-08-31 00:14 . 2012-09-28 01:11 142792 ----a-w- c:\windows\system32\atiuxp64.dll2013-08-31 00:13 . 2012-12-19 19:31 114488 ----a-w- c:\windows\system32\atiu9p64.dll2013-08-31 00:13 . 2012-09-28 01:10 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll2013-08-31 00:13 . 2012-09-28 01:41 1233080 ----a-w- c:\windows\system32\aticfx64.dll2013-08-31 00:13 . 2012-09-28 01:43 1027544 ----a-w- c:\windows\SysWow64\aticfx32.dll2013-08-31 00:13 . 2012-09-28 01:22 9464840 ----a-w- c:\windows\system32\atidxx64.dll2013-08-31 00:13 . 2013-08-31 00:13 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll2013-08-31 00:13 . 2012-09-28 01:22 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll2013-08-31 00:13 . 2012-09-28 02:23 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll2013-08-31 00:13 . 2012-12-19 19:59 6767240 ----a-w- c:\windows\system32\atiumd6a.dll2013-08-31 00:13 . 2012-12-19 19:44 7256496 ----a-w- c:\windows\system32\atiumd64.dll2013-08-31 00:11 . 2013-08-31 00:11 12528640 ----a-w- c:\windows\system32\drivers\atikmdag.sys2013-08-30 23:48 . 2013-08-30 23:48 127488 ----a-w- c:\windows\system32\coinst_13.152.dll2013-08-30 23:48 . 2013-08-30 23:48 229376 ----a-w- c:\windows\system32\clinfo.exe2013-08-30 23:47 . 2013-08-30 23:47 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe2013-08-30 23:47 . 2013-08-30 23:47 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe2013-08-30 23:47 . 2013-08-30 23:47 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe2013-08-30 23:47 . 2013-08-30 23:47 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe2013-08-30 23:47 . 2013-08-30 23:47 98816 ----a-w- c:\windows\system32\OpenVideo64.dll2013-08-30 23:47 . 2013-08-30 23:47 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll2013-08-30 23:47 . 2013-08-30 23:47 86528 ----a-w- c:\windows\system32\OVDecode64.dll2013-08-30 23:47 . 2013-08-30 23:47 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll2013-08-30 23:47 . 2013-08-30 23:47 28192256 ----a-w- c:\windows\system32\amdocl64.dll2013-08-30 23:45 . 2013-08-30 23:45 23760896 ----a-w- c:\windows\SysWow64\amdocl.dll2013-08-30 23:43 . 2013-08-30 23:43 63488 ----a-w- c:\windows\system32\OpenCL.dll2013-08-30 23:43 . 2013-08-30 23:43 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll2013-08-30 23:35 . 2013-08-30 23:35 25387520 ----a-w- c:\windows\system32\atio6axx.dll2013-08-30 23:18 . 2013-08-30 23:18 368640 ----a-w- c:\windows\system32\atiapfxx.exe2013-08-30 23:18 . 2013-08-30 23:18 62464 ----a-w- c:\windows\system32\aticalrt64.dll2013-08-30 23:18 . 2013-08-30 23:18 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll2013-08-30 23:18 . 2013-08-30 23:18 55808 ----a-w- c:\windows\system32\aticalcl64.dll2013-08-30 23:18 . 2013-08-30 23:18 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll2013-08-30 23:17 . 2013-08-30 23:17 15716352 ----a-w- c:\windows\system32\aticaldd64.dll2013-08-30 23:14 . 2013-08-30 23:14 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll2013-08-30 23:13 . 2013-08-30 23:13 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll2013-08-30 22:59 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll2013-08-30 22:58 . 2013-08-30 22:58 26112 ----a-w- c:\windows\system32\atimuixx.dll2013-08-30 22:58 . 2013-08-30 22:58 571904 ----a-w- c:\windows\system32\atieclxx.exe2013-08-30 22:57 . 2013-08-30 22:57 239616 ----a-w- c:\windows\system32\atiesrxx.exe2013-08-30 22:56 . 2013-08-30 22:56 190976 ----a-w- c:\windows\system32\atitmm64.dll2013-08-30 22:37 . 2013-08-30 22:37 96256 ----a-w- c:\windows\system32\amdave64.dll2013-08-30 22:37 . 2013-08-30 22:37 90624 ----a-w- c:\windows\SysWow64\amdave32.dll2013-08-30 22:37 . 2013-08-30 22:37 89088 ----a-w- c:\windows\system32\atisamu64.dll2013-08-30 22:37 . 2013-08-30 22:37 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll2013-08-30 22:33 . 2012-12-19 19:33 784384 ----a-w- c:\windows\system32\atiadlxx.dll2013-08-30 22:33 . 2013-08-30 22:33 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll2013-08-30 22:33 . 2013-08-30 22:33 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll2013-08-30 22:32 . 2013-08-30 22:32 75264 ----a-w- c:\windows\system32\atig6pxx.dll2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\system32\atiglpxx.dll2013-08-30 22:32 . 2013-08-30 22:32 100352 ----a-w- c:\windows\system32\atig6txx.dll2013-08-30 22:32 . 2013-08-30 22:32 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll2013-08-30 22:32 . 2013-08-30 22:32 618496 ----a-w- c:\windows\system32\drivers\atikmpag.sys2013-08-30 18:58 . 2013-08-30 18:58 51200 ----a-w- c:\windows\system32\kdbsdk64.dll2013-08-30 18:53 . 2013-08-30 18:53 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll2013-08-29 02:17 . 2013-10-10 14:38 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-10 14:38 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-10 14:38 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-10 14:38 859648 ----a-w- c:\windows\system32\tdh.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]"uTorrent"="c:\users\Adem\AppData\Roaming\uTorrent\uTorrent.exe" [2013-11-10 802136]"Keyboard Inf."="c:\users\Adem\AppData\Roaming\Foresight Software\winlog.exe" [2013-11-11 3344896].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 VBoxDRV;PortableVBoxDRV;f:\virtualbox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys;f:\virtualbox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [x]R2 VBoxUSBMon;PortableVBoxUSBMon;f:\virtualbox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys;f:\virtualbox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [x]R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]R3 I1KBFLTR;Gaming Keyboard;c:\windows\system32\drivers\I1KBFLTR.sys;c:\windows\SYSNATIVE\drivers\I1KBFLTR.sys [x]R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-21 15:28 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-23 18:55].2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 10:38].2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 10:38]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.htmlTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 194.168.4.100 194.168.8.100TCP: Interfaces\{367B59EF-75C5-47C7-89D7-07ABBC1D3385}: NameServer = 208.67.222.222,208.67.220.200.- - - - ORPHANS REMOVED - - - -.Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startWebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)AddRemove-Quake III Arena - c:\program files (x86)\Quake III Arena\QIII.isu...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-11-13 19:52:20ComboFix-quarantined-files.txt 2013-11-13 19:52.Pre-Run: 123,050,102,784 bytes freePost-Run: 122,721,042,432 bytes free.- - End Of File - - 1544A43AE77215CEFB44D992D2965997A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
MrCharlie Posted November 14, 2013 ID:753528 Share Posted November 14, 2013 Lets clean out any adware/spyware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Make sure you click on download buttons that look like this, not "sponsored ad links": Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 19, 2013 Root Admin ID:755580 Share Posted November 19, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts