Jump to content

Conhost.exe malware

hedgeh0g

By hedgeh0g
in Resolved Malware Removal Logs

 Share

Recommended Posts

hedgeh0g

hedgeh0g

Posted
Posted

hi, i believe i have encountered malware as i saw a process conhost.exe that was never there before, and it did not have the administrator's name attached to it. i have run the rogue killer 64-bit program which was mentioned in another post. i have no idea how to continue though. please help out!! i have attached the text created after the rogue killer scan.

RKreport0_S_11132013_223058.txt

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
When you have no idea don´t run tools blindly! We have some tools that may turn your machine into a very expensive door stop if you don´t know exactly what you´re doing...
 
 
Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites
hedgeh0g

hedgeh0g

Posted
  • Author
Posted

thanks for helping me out! here are the results of the scans!

 

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16447  BrowserJavaVersion: 10.25.2
Run by Jing at 22:03:53 on 2013-11-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.8174.5699 [GMT 8:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Users\Jing\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Users\Jing\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
C:\Users\Jing\AppData\Local\Apps\2.0\844L2OPP.VXH\GO88WTDX.729\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe
C:\Program Files (x86)\Funshion Online\2.8.6.51\FunshionService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Funshion Online\2.8.6.51\InnerWeb.exe
C:\Windows\system32\taskhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - 
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: ·çÐÐÊÓƵ²¥·Å¼°ÏÂÔØ×é¼þ: {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\Jing\funshion\funshiontools\FunshionHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - 
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - 
uRun: [Akamai NetSession Interface] "C:\Users\Jing\AppData\Local\Akamai\netsession_win.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Facebook Update] "C:\Users\Jing\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Funshion] "C:\Program Files (x86)\Funshion Online\2.8.6.51\Funshion.exe" startbywindows tray
uRun: [steelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FunshionService.diagnose
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 202.156.1.16 218.186.2.16 218.186.2.6
TCP: Interfaces\{3B7E9593-AA98-40E2-8BCC-53161BCCAF6C} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{7C853957-50BD-486F-A4AA-873AFA2A1501} : DHCPNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
TCP: Interfaces\{BCAC6A7C-3B56-4B9D-91F9-7BC66C76D526} : DHCPNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Windows\SysWOW64\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Windows\SysWOW64\KuGoo3DownXControl.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>
x64-Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-5-25 25960]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-10-11 46368]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-3-24 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-3-24 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-3-24 62584]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-7-1 256336]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-10-31 2756944]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-25 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-24 255376]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-5 503080]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-2 15122208]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-7-1 67664]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-25 2656280]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [2013-11-11 1734680]
R2 WebCakeUpdater;WebCakeUpdater;C:\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe [2013-8-2 51992]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2013-10-31 140800]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-2 39200]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2013-5-31 38016]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-8-2 32000]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-7 288776]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-3-24 1014624]
S3 sj;sj;C:\AeriaGames\EdenEternal\sjcs64.sys [2012-7-10 30840]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usj;usj;C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [2012-7-10 89560]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-10 1255736]
.
=============== Created Last 30 ================
.
2013-11-09 06:48:50 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 06:48:50 -------- d-----w- C:\Program Files\iTunes
2013-11-09 06:48:50 -------- d-----w- C:\Program Files\iPod
2013-11-09 06:48:50 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-09 06:47:33 -------- d-----w- C:\Users\Jing\AppData\Local\SteelSeries_ApS
2013-11-09 06:47:19 -------- d-----w- C:\Users\Jing\AppData\Roaming\SteelSeries
2013-11-09 06:46:17 -------- d-----w- C:\ProgramData\SteelSeries
2013-11-09 06:45:42 -------- d-----w- C:\Program Files\SteelSeries
2013-11-08 17:39:12 -------- d-----w- C:\Users\Jing\funshion
2013-11-08 17:39:11 -------- d-----w- C:\Program Files (x86)\Funshion Online
2013-11-04 13:54:18 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-11-02 10:16:56 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-11-02 10:16:56 1063200 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-11-02 10:08:53 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-11-02 10:08:53 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-11-02 10:08:53 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-10-30 16:15:32 140800 ----a-w- C:\Windows\System32\drivers\SteelBus64.sys
2013-10-28 16:14:57 -------- d-----w- C:\Users\Jing\AppData\Local\ESN
2013-10-27 14:16:27 -------- d-----w- C:\Program Files\McAfee Security Scan
2013-10-22 19:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M  ====================
.
2013-11-11 06:34:22 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-11-10 08:03:14 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-11-09 19:25:13 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-10-27 03:47:48 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:05 1064224 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-10 06:12:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 06:12:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 22:04:06.30 ===============
 

attach.txt

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites
hedgeh0g

hedgeh0g

Posted
  • Author
Posted

thanks again! these are the contents of combofix.txt:

 

ComboFix 13-11-16.01 - Jing 16/11/2013  23:44:58.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.8174.5675 [GMT 8:00]
Running from: c:\users\Jing\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jing\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-16 to 2013-11-16  )))))))))))))))))))))))))))))))
.
.
2013-11-16 15:52 . 2013-11-16 15:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-16 15:52 . 2013-11-16 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-16 10:52 . 2013-11-16 14:42 -------- d-----w- c:\users\Jing\AppData\Local\CrashDumps
2013-11-14 17:45 . 2013-11-14 17:45 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-11-09 06:48 . 2013-11-09 06:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 06:48 . 2013-11-09 06:49 -------- d-----w- c:\program files\iTunes
2013-11-09 06:48 . 2013-11-09 06:49 -------- d-----w- c:\program files (x86)\iTunes
2013-11-09 06:48 . 2013-11-09 06:48 -------- d-----w- c:\program files\iPod
2013-11-09 06:47 . 2013-11-09 06:47 -------- d-----w- c:\users\Jing\AppData\Local\SteelSeries_ApS
2013-11-09 06:47 . 2013-11-09 06:47 -------- d-----w- c:\users\Jing\AppData\Roaming\SteelSeries
2013-11-09 06:46 . 2013-11-09 06:46 -------- d-----w- c:\programdata\SteelSeries
2013-11-09 06:45 . 2013-11-09 06:45 -------- d-----w- c:\program files\SteelSeries
2013-11-08 17:39 . 2013-11-09 10:13 -------- d-----w- c:\users\Jing\funshion
2013-11-08 17:39 . 2013-11-08 17:39 -------- d-----w- c:\program files (x86)\Funshion Online
2013-11-02 10:16 . 2013-10-18 01:36 1063200 ----a-w- c:\windows\system32\nvspcap64.dll
2013-11-02 10:16 . 2013-10-18 01:36 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-11-02 10:16 . 2013-11-02 10:16 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-11-02 10:16 . 2013-11-02 10:16 -------- d-----w- c:\users\UpdatusUser.He-PC
2013-11-02 10:08 . 2013-09-27 23:01 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-11-02 10:08 . 2013-09-27 23:01 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-11-02 10:08 . 2013-09-27 23:01 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-10-30 16:15 . 2013-10-30 16:15 140800 ----a-w- c:\windows\system32\drivers\SteelBus64.sys
2013-10-28 16:14 . 2013-10-28 16:14 -------- d-----w- c:\users\Jing\AppData\Local\ESN
2013-10-27 14:16 . 2013-10-27 14:16 -------- d-----w- c:\program files\McAfee Security Scan
2013-10-22 19:02 . 2013-10-22 19:02 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-16 13:59 . 2011-10-24 14:51 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-11-16 13:08 . 2011-10-24 14:51 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-11-11 06:34 . 2013-10-10 16:49 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-10-27 03:47 . 2011-10-24 14:51 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-23 10:30 . 2011-05-25 07:27 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-23 10:30 . 2011-05-25 07:27 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-23 10:30 . 2011-05-25 07:27 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2011-05-25 07:27 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-23 08:20 . 2011-02-24 03:59 6669600 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2011-02-24 03:58 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2011-02-24 03:59 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2011-02-24 03:59 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2011-02-24 03:59 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2011-02-24 03:59 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-10-23 08:20 . 2011-02-24 03:59 1064224 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-10-23 08:20 . 2011-02-24 03:58 3426956 ----a-w- c:\windows\system32\nvcoproc.bin
2013-10-10 06:12 . 2012-09-16 05:41 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 06:12 . 2011-07-16 14:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}]
2013-11-08 17:38 439432 ----a-w- c:\users\Jing\funshion\funshiontools\FunshionHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-11-11 06:34 3353624 ----a-w- c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-11 3353624]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Windows Codecs]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-07-28 20:48 172032 ----a-w- c:\programdata\Windows Codecs\MediaShellOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Jing\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-28 1022352]
"Facebook Update"="c:\users\Jing\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280]
"Funshion"="c:\program files (x86)\Funshion Online\2.8.6.51\Funshion.exe" [2013-11-08 4243592]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2013-11-05 242688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-11-11 2420248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-11 2349392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-10-6 0]
FunshionService.diagnose [2011-10-13 18]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-7 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~2\avg\avg2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\users\Jing\Desktop\Garena Messenger\Room\safedrv.sys;c:\users\Jing\Desktop\Garena Messenger\Room\safedrv.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys;c:\aeriagames\EdenEternal\sjcs64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Jing\AppData\Local\Temp\0056077.tmp;c:\users\Jing\AppData\Local\Temp\0056077.tmp [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
S2 WebCakeUpdater;WebCakeUpdater;c:\program files (x86)\Web Cake\WebCakeDesktop.Updater.exe;c:\program files (x86)\Web Cake\WebCakeDesktop.Updater.exe [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
FunshionServiceTools REG_MULTI_SZ   FunshionSvr
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 08:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 06:12]
.
2013-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1560807749-217186930-2607330092-1001Core.job
- c:\users\Jing\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:03]
.
2013-11-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1560807749-217186930-2607330092-1001UA.job
- c:\users\Jing\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:03]
.
2013-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 17:05]
.
2013-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 17:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\SysWOW64\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\SysWOW64\KuGoo3DownXControl.ocx
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTo2.dll
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Jing\AppData\Local\Temp\0056077.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-11-16  23:58:05 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-16 15:58
.
Pre-Run: 212,308,148,224 bytes free
Post-Run: 211,967,299,584 bytes free
.
- - End Of File - - E83DF8E72A3687425C28FDA482486126
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

CFScript.txt

Link to post
Share on other sites
hedgeh0g

hedgeh0g

Posted
  • Author
Posted

Hi again! 

 

Here are the results for ComboFix:

 

ComboFix 13-11-16.01 - Jing 18/11/2013  22:03:08.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.8174.6147 [GMT 8:00]
Running from: c:\users\Jing\Desktop\ComboFix.exe
Command switches used :: c:\users\Jing\Desktop\CFScript.txt
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FunshionService.diagnose"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Funshion Online
c:\program files (x86)\Funshion Online\2.8.6.51\atrc.dll
c:\program files (x86)\Funshion Online\2.8.6.51\cook.dll
c:\program files (x86)\Funshion Online\2.8.6.51\CoreAAC.ax
c:\program files (x86)\Funshion Online\2.8.6.51\CoreAVC.ax
c:\program files (x86)\Funshion Online\2.8.6.51\CrashReport.exe
c:\program files (x86)\Funshion Online\2.8.6.51\drvc.dll
c:\program files (x86)\Funshion Online\2.8.6.51\funoictl.dll
c:\program files (x86)\Funshion Online\2.8.6.51\Funshion.exe
c:\program files (x86)\Funshion Online\2.8.6.51\funshion.ini
c:\program files (x86)\Funshion Online\2.8.6.51\FunshionGame2.ico
c:\program files (x86)\Funshion Online\2.8.6.51\funshionplugin2.dll
c:\program files (x86)\Funshion Online\2.8.6.51\FunshionService.exe
c:\program files (x86)\Funshion Online\2.8.6.51\FunshionService.log
c:\program files (x86)\Funshion Online\2.8.6.51\FunshionUpgrade.exe
c:\program files (x86)\Funshion Online\2.8.6.51\Funshop4.ico
c:\program files (x86)\Funshion Online\2.8.6.51\gma.dll
c:\program files (x86)\Funshion Online\2.8.6.51\icon\MP4.ico
c:\program files (x86)\Funshion Online\2.8.6.51\icon\RMVB.ico
c:\program files (x86)\Funshion Online\2.8.6.51\InnerWeb.exe
c:\program files (x86)\Funshion Online\2.8.6.51\lan.ini
c:\program files (x86)\Funshion Online\2.8.6.51\LangResEnAmerican.dll
c:\program files (x86)\Funshion Online\2.8.6.51\pncrt.dll
c:\program files (x86)\Funshion Online\2.8.6.51\pndx5016.dll
c:\program files (x86)\Funshion Online\2.8.6.51\pndx5032.dll
c:\program files (x86)\Funshion Online\2.8.6.51\pos.ini
c:\program files (x86)\Funshion Online\2.8.6.51\rmoc3260.dll
c:\program files (x86)\Funshion Online\2.8.6.51\SimpleIE.dll
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\AbnormalPopWndCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\AddListFile.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\AddMore.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\AdPackUpBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\AdTimer.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\bmpCleanFile.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\bmpClearDisk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\bmpError.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\bmpError_IE.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\bmpPlayBarTip.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\bmpPrompt.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\bmpQuestion.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\bmpTimerClose.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\bmpYellowQuestion.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\btn_normal.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\btn_normalEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Buffering.gif
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\CaptionText.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\CaptionTextEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\CheckBox_Box.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\CheckBox_Box.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\CheckBox_Check.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\CheckBox_Check.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\checkSkin.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ClearFile.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\cycle.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Default.fskin
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\DelListFile.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\DiskWarnning.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\DownloadJsonClose.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Family.fskin
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\IErrorReshBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\IErrorWndBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgCleanFileBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgCloseMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgFullViewMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgMinViewMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgNonTopViewMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgNormalViewMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgStandardMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgStandardMiniEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgTopViewMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgVolCtrlBarThumb.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgVolCtrlBarThumbSel.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\imgVolCtrlBarThumbSel.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\list_expend.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\logo.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\LogoMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\LogoMiniEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\OptionBtnArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\OptionBtnBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\OptionBtnDownArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\OptionBtnUpArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\OptionSplidBarHead.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\OptionSplidBarTrail.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\OptionSplideBarBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\OptionSplideBarThumb.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\OptionText.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\OptionTextEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PauseAdCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PauseFlickerBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnFullView.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnNext.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnNextMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnNonTop.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnNormal.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPause.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPauseMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPlay.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPlayList.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPlayMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPre.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPreMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnSimple.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnSimpleEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnStop.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnStopMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnTop.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnVolMute.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnVolume.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarBtnVolumeMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerBarOpenFile.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayerTipCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayInfoCurPlay.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayList.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayListEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayTrackBar.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayTrackBarThumb.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PlayTrackBarThumbSel.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Popular.fskin
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PopUrlBtnSplitter.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PopUrlCheckBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PopUrlCheckBtnCheck.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PopUrlCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PopUrlCloseBtn.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PopUrlCloseBtnAbnormal.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PopUrlIcon.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PopUrlMiniBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PopUrlMiniBtn.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\PopUrlSetBtn.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\RadioBtnBox.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\RadioBtnPt.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\RpcLoading.gif
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\RpcStartDlgBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Scroll.gif
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarDownArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarDownArrowOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarUpArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarUpArrowOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarVerBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarVerBkgndOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetBkgndOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetHead.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetHeadOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetMid.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetMidOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetTrail.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetTrailOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ScrollLinkBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\selected.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\ShowPlayInfoBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\small.zip
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\smallerror.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\smallerror.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\switchToLibrary.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\switchToPlayer.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TaskDelete.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TaskDownLoad.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TaskList.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TaskListEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TaskListStatIcons.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TaskListStatSelIcon.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TaskManagerCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TaskManagerCloseTxtBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TaskPaused.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TextBtnBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TipTopArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\BmpDetect.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\bmpdetection.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\bmpexception.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\bmpNormal.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\bmpOK.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\CaptionCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\CaptionMinBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\feedbackbtnbk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\forumhelpbtnbk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\funshionmark.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\gifChecking.gif
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\gifRepairing.gif
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\gifScanning.gif
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ignorebtnbk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ProblemHelpBtnBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\problemtabbk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ProgressBarBK.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ProgressBarFG.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\question.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\recheck.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\repairBtnBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ReRepairBtnBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\RestoreBtnBK.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarDownArrowOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarUpArrowOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarVerBkgndOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarVerWidgetBkgndOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarVerWidgetHeadOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarVerWidgetMidOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarVerWidgetTrailOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TopLeftCornor.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TopRightCornor.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\TrayWndclose.png
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\UpdateBtmBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\UpdateBtmCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\UpdateBtmIgoreBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\UpdateBtmUpdateBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\UpdateCapBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\UpdateCaption.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\UpdateIconFail.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\UpdateIconInit.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\UpdateIconSuc.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\VolumeMute.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\VolumeNoMute.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\WebCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\WebCloseBtnRgn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\skin1\WndCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.51\Uninstall.exe
c:\program files (x86)\Web Cake
c:\program files (x86)\Web Cake\OptChrome.exe
c:\program files (x86)\Web Cake\optimizer.exe
c:\program files (x86)\Web Cake\sqlite3.exe
c:\program files (x86)\Web Cake\WebCakeDesktop.Updater.exe
c:\program files (x86)\Web Cake\WebCakeDesktop.Updater.InstallState
c:\program files (x86)\Web Cake\WebCakeIEClient.dll
c:\program files (x86)\Web Cake\WebCakeLayers.crx
c:\users\Jing\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll
c:\users\Jing\funshion
c:\users\Jing\funshion\1383934789_2429110_macross_1383381245_281.fsp
c:\users\Jing\funshion\bbinfo.txt
c:\users\Jing\funshion\Cache\CacheFlash\donghuanew_18.swf
c:\users\Jing\funshion\Cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf
c:\users\Jing\funshion\Cache\flashNew\20130716103038-11026092.swf
c:\users\Jing\funshion\Cache\flashNew\20130906193301-5462519.flv
c:\users\Jing\funshion\Cache\flashNew\20130918140301-4648194.flv
c:\users\Jing\funshion\Cache\flashNew\20131008170532-11231835.date1384247375.flv
c:\users\Jing\funshion\Cache\flashNew\20131015104921-10110637.flv
c:\users\Jing\funshion\Cache\flashNew\20131023173205-13521504.flv
c:\users\Jing\funshion\Cache\flashNew\20131024113636-12006585.flv
c:\users\Jing\funshion\Cache\flashNew\20131025164031-7897512.date1384151659.swf
c:\users\Jing\funshion\Cache\flashNew\20131101170904-9172355.flv
c:\users\Jing\funshion\Cache\flashNew\20131101171038-13184189.flv
c:\users\Jing\funshion\Cache\flashNew\20131101211132-3104178.date1384781686.swf
c:\users\Jing\funshion\Cache\flashNew\20131104181904-16778194.flv
c:\users\Jing\funshion\Cache\flashNew\20131105174811-79082.flv
c:\users\Jing\funshion\Cache\flashNew\20131107151129-7548167.flv
c:\users\Jing\funshion\Cache\flashNew\20131107173002-12507889.date1383979297.flv
c:\users\Jing\funshion\Cache\flashNew\20131107174325-416161.date1383979297.swf
c:\users\Jing\funshion\Cache\flashNew\20131107174950-2460393.date1383979297.swf
c:\users\Jing\funshion\Cache\flashNew\20131108155603-12227713.date1384064594.flv
c:\users\Jing\funshion\Cache\flashNew\20131108164517-19872477.date1384247375.swf
c:\users\Jing\funshion\Cache\flashNew\20131111105556-2158030.date1384247375.swf
c:\users\Jing\funshion\Cache\flashNew\20131112164907-15472585.date1384451102.flv
c:\users\Jing\funshion\Cache\flashNew\20131113162557-14597334.swf
c:\users\Jing\funshion\Cache\flashNew\20131114154544-9821143.date1384540307.flv
c:\users\Jing\funshion\Cache\flashNew\20131114190707-12007355.date1384540307.flv
c:\users\Jing\funshion\Cache\flashNew\20131115173539-2342226.flv
c:\users\Jing\funshion\Cache\flashNew\20131118111157-1093414.swf
c:\users\Jing\funshion\control\1383932732_1383932732_371954_8F3770FBA292A3FA502A5A3B723E1118A839D6E0.json
c:\users\Jing\funshion\control\1383932732_1383932732_371954_8F3770FBA292A3FA502A5A3B723E1118A839D6E0.json_backup
c:\users\Jing\funshion\control\1383934805_1383934789_2429110_macross_1383381245_281.dat
c:\users\Jing\funshion\control\1383934805_1383934789_2429110_macross_1383381245_281.fsp
c:\users\Jing\funshion\crash_dump.dmp
c:\users\Jing\funshion\favorites.fav
c:\users\Jing\funshion\funshionDoctor\DiagnosticConfig.xml
c:\users\Jing\funshion\funshionDoctor\FunshionDoctor.exe
c:\users\Jing\funshion\funshionDoctor\TmpFile.zip
c:\users\Jing\funshion\funshionDoctor\Tools_skin\Õï¶Ï¹¤¾ß-Òì³£icon.jpg
c:\users\Jing\funshion\funshionDoctor\Tools_skin\ArrowLeft.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\ArrowLeft1 (2).bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\ArrowLeft1.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\ArrowLeft2.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\ArrowLeft5.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\ArrowLefte.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\Bk.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\bk_homepage.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\bk_projection.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\bmpdetection.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\bmpexception.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\bmpNormal.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\btn_Ignore.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\btn_Ignore.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\btn_normal.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\btn_normal2.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\cancel.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\cancle_result.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\checkDown.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\checking.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\checkUp.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\close.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\expend.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\feedback.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\FunshionDoctor.exe
c:\users\Jing\funshion\funshionDoctor\Tools_skin\gifChecking.gif
c:\users\Jing\funshion\funshionDoctor\Tools_skin\gifRepairing.gif
c:\users\Jing\funshion\funshionDoctor\Tools_skin\hide.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\icon_detecting.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\Icon_Green.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\line.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\littleicon_help.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\NoNet.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\Normal.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\progress_bar.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\question.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\repair.gif
c:\users\Jing\funshion\funshionDoctor\Tools_skin\repair_animation.gif
c:\users\Jing\funshion\funshionDoctor\Tools_skin\repairing.gif
c:\users\Jing\funshion\funshionDoctor\Tools_skin\repairSucess.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\restartFunshion.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\restartfunshion_close.bmp
c:\users\Jing\funshion\funshionDoctor\Tools_skin\restartFunshionLater.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\result_question.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\Scroll.gif
c:\users\Jing\funshion\funshionDoctor\Tools_skin\ScrollBar.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\startBK.png
c:\users\Jing\funshion\funshionDoctor\Tools_skin\startCheck.png
c:\users\Jing\funshion\funshiontools\FunshionHelper.dll
c:\users\Jing\funshion\funshiontools\LoadIE.log
c:\users\Jing\funshion\funshiontools\npFunshion.dll
c:\users\Jing\funshion\ini\httpfile.ini
c:\users\Jing\funshion\ini\temp_config.ini
c:\users\Jing\funshion\Shortcut\FunShortcut.ini
c:\users\Jing\funshion\update\adConfig.xml
c:\users\Jing\funshion\update\adConfig.xml.bak
c:\users\Jing\funshion\update\adMaterialsTable1.xml
c:\users\Jing\funshion\update\minisite.json
c:\users\Jing\funshion\update\popwind.json
c:\users\Jing\funshion\update\textAdLink.xml
c:\users\Jing\funshion\update\textMiniAdLink.xml
c:\users\Jing\funshion\update\updatexmlfile.txt
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Service_WebCakeUpdater
-------\Service_X6va005
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-18 to 2013-11-18  )))))))))))))))))))))))))))))))
.
.
2013-11-18 14:13 . 2013-11-18 14:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-18 14:13 . 2013-11-18 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-17 13:07 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-11-17 13:07 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-11-17 13:06 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-11-17 13:06 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-11-16 19:41 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-11-16 19:35 . 2013-11-16 19:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-16 16:44 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-11-16 16:44 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-11-16 16:44 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-11-16 16:44 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-11-16 16:44 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-11-16 16:44 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-11-16 16:44 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-11-16 16:42 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-11-16 16:42 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-11-16 16:42 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-11-16 16:42 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-11-16 16:40 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-16 16:39 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2013-11-16 16:38 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-11-16 16:37 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2013-11-16 16:36 . 2013-08-29 02:17 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-11-16 16:30 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-11-16 16:30 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-11-16 16:30 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-11-16 16:30 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-11-16 16:29 . 2013-11-18 14:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAE77216-571C-4987-BF06-2D1916187543}\offreg.dll
2013-11-16 16:23 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-11-16 16:23 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-11-16 16:23 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-16 16:23 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-16 16:23 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-11-16 16:22 . 2013-10-15 16:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAE77216-571C-4987-BF06-2D1916187543}\mpengine.dll
2013-11-16 16:17 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-11-16 16:17 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-11-16 16:17 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-11-16 16:17 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-11-16 16:17 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-11-16 16:17 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-11-16 16:17 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-11-16 16:15 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-11-16 16:15 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-11-16 16:15 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-11-16 16:15 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-11-16 16:15 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-11-16 10:52 . 2013-11-17 07:30 -------- d-----w- c:\users\Jing\AppData\Local\CrashDumps
2013-11-14 17:45 . 2013-11-14 17:45 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-11-09 06:48 . 2013-11-09 06:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 06:48 . 2013-11-09 06:49 -------- d-----w- c:\program files\iTunes
2013-11-09 06:48 . 2013-11-09 06:49 -------- d-----w- c:\program files (x86)\iTunes
2013-11-09 06:48 . 2013-11-09 06:48 -------- d-----w- c:\program files\iPod
2013-11-09 06:47 . 2013-11-09 06:47 -------- d-----w- c:\users\Jing\AppData\Local\SteelSeries_ApS
2013-11-09 06:47 . 2013-11-09 06:47 -------- d-----w- c:\users\Jing\AppData\Roaming\SteelSeries
2013-11-09 06:46 . 2013-11-09 06:46 -------- d-----w- c:\programdata\SteelSeries
2013-11-09 06:45 . 2013-11-09 06:45 -------- d-----w- c:\program files\SteelSeries
2013-11-02 10:16 . 2013-10-18 01:36 1063200 ----a-w- c:\windows\system32\nvspcap64.dll
2013-11-02 10:16 . 2013-10-18 01:36 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-11-02 10:16 . 2013-11-02 10:16 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-11-02 10:16 . 2013-11-02 10:16 -------- d-----w- c:\users\UpdatusUser.He-PC
2013-11-02 10:08 . 2013-09-27 23:01 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-11-02 10:08 . 2013-09-27 23:01 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-11-02 10:08 . 2013-09-27 23:01 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-10-30 16:15 . 2013-10-30 16:15 140800 ----a-w- c:\windows\system32\drivers\SteelBus64.sys
2013-10-28 16:14 . 2013-10-28 16:14 -------- d-----w- c:\users\Jing\AppData\Local\ESN
2013-10-27 14:16 . 2013-11-17 14:34 -------- d-----w- c:\program files\McAfee Security Scan
2013-10-22 19:02 . 2013-10-22 19:02 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-17 08:53 . 2011-10-24 14:51 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-11-17 08:39 . 2011-10-24 14:51 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-11-11 06:34 . 2013-10-10 16:49 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-07 08:00 . 2011-07-11 11:50 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-27 03:47 . 2011-10-24 14:51 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-23 10:30 . 2011-05-25 07:27 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-23 10:30 . 2011-05-25 07:27 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-23 10:30 . 2011-05-25 07:27 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2011-05-25 07:27 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-23 08:20 . 2011-02-24 03:59 6669600 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2011-02-24 03:58 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2011-02-24 03:59 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2011-02-24 03:59 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2011-02-24 03:59 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2011-02-24 03:59 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-10-23 08:20 . 2011-02-24 03:59 1064224 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-10-23 08:20 . 2011-02-24 03:58 3426956 ----a-w- c:\windows\system32\nvcoproc.bin
2013-10-10 06:12 . 2012-09-16 05:41 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 06:12 . 2011-07-16 14:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-11-16 16:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-11-11 06:34 3353624 ----a-w- c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-11 3353624]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo2.dll" [bU]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Windows Codecs]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-07-28 20:48 172032 ----a-w- c:\programdata\Windows Codecs\MediaShellOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Jing\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-28 1022352]
"Facebook Update"="c:\users\Jing\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2013-11-05 242688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-11-11 2420248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-11 2349392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-10-6 0]
FunshionService.diagnose [2011-10-13 18]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-7 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~2\avg\avg2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\users\Jing\Desktop\Garena Messenger\Room\safedrv.sys;c:\users\Jing\Desktop\Garena Messenger\Room\safedrv.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys;c:\aeriagames\EdenEternal\sjcs64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
FunshionServiceTools REG_MULTI_SZ   FunshionSvr
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 08:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 06:12]
.
2013-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1560807749-217186930-2607330092-1001Core.job
- c:\users\Jing\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:03]
.
2013-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1560807749-217186930-2607330092-1001UA.job
- c:\users\Jing\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:03]
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 17:05]
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 17:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\SysWOW64\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\SysWOW64\KuGoo3DownXControl.ocx
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - c:\users\Jing\funshion\funshiontools\FunshionHelper.dll
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-Funshion - c:\program files (x86)\Funshion Online\2.8.6.51\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-11-18  22:18:47 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-18 14:18
ComboFix2.txt  2013-11-16 15:58
.
Pre-Run: 204,941,754,368 bytes free
Post-Run: 204,755,849,216 bytes free
.
- - End Of File - - 09B31EE25360DFEE818BF46E47284B4C
Link to post
Share on other sites
hedgeh0g

hedgeh0g

Posted
  • Author
Posted

Here are the results for Malwarebytes Anti-Malware:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.18.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Jing :: HE-PC [administrator]
 
Protection: Enabled
 
18/11/2013 10:27:15 PM
mbam-log-2013-11-18 (22-27-15).txt
 
Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 505068
Time elapsed: 56 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 7
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\fsp (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Funshion Task (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Quarantined and repaired successfully.
 
Folders Detected: 3
C:\Users\Jing\Documents\PCSpeedUp (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\Jing\Documents\PCSpeedUp\RestorePoints (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\Jing\Documents\PCSpeedUp\ScanResults (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
 
Files Detected: 26
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.51\Funshion.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.51\funshionplugin2.dll.vir (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.51\FunshionService.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.51\FunshionUpgrade.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.51\LangResEnAmerican.dll.vir (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Web Cake\WebCakeIEClient.dll.vir (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Jing\AppData\Roaming\eIntaller\F35E8ABCB25B4e89BC6AD0134C378342\Desk365.exe (PUP.Optional.E7) -> Quarantined and deleted successfully.
C:\Users\Jing\AppData\Roaming\eIntaller\F35E8ABCB25B4e89BC6AD0134C378342\eGdpSvc.exe (PUP.Optional.Wsys.A) -> Quarantined and deleted successfully.
C:\Users\Jing\AppData\Roaming\eIntaller\F35E8ABCB25B4e89BC6AD0134C378342\eXQ.exe (PUP.Optional.Wilsys.A) -> Quarantined and deleted successfully.
C:\Users\Jing\AppData\Roaming\Web Cake\WebCakeDesktop.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Users\Jing\Downloads\FunshionInstall_C1024.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Jing\Downloads\SoftonicDownloader_for_hamachi.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Jing\Downloads\VeohWebPlayerSetup_eng.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Jing\Videos\Veoh\1_VeohWebPlayerSetup_other_upgrade.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jing\Videos\Veoh\VeohWebPlayerSetup_other_upgrade.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Jing\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Jing\Documents\PCSpeedUp\app.log (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\Jing\Documents\PCSpeedUp\ScanResults\FragmentedDisksCollection.log (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\Jing\Documents\PCSpeedUp\ScanResults\JunkFilesCollection.log (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites
hedgeh0g

hedgeh0g

Posted
  • Author
Posted

thanks! here are the ESET Scan Results:

 

C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A application
C:\ProgramData\Windows Codecs\MediaShellOverlays.dll a variant of Win32/Sathurbot.B trojan
C:\Users\All Users\Windows Codecs\MediaShellOverlays.dll a variant of Win32/Sathurbot.B trojan
C:\Users\Jing\AppData\Roaming\Web Cake\dat\Desktop.OS.dll a variant of MSIL/WebCake.A application
C:\Users\Jing\AppData\Roaming\Web Cake\dat\Dora.dat a variant of MSIL/WebCake.A application
C:\Users\Jing\AppData\Roaming\Web Cake\dat\Maintain.dat a variant of MSIL/WebCake.A application
C:\Users\Jing\AppData\Roaming\Web Cake\dat\Paladin.dat a variant of MSIL/WebCake.A application
C:\Users\Jing\Desktop\MinecraftInstall.exe a variant of Win32/AirAdInstaller.A application
C:\Users\Jing\Desktop\Minecarft\MinecraftInstall.exe a variant of Win32/AirAdInstaller.A application
Operating memory a variant of Win32/Sathurbot.B trojan
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

Link to post
Share on other sites
hedgeh0g

hedgeh0g

Posted
  • Author
Posted
ComboFix 13-11-16.01 - Jing 21/11/2013  10:12:04.3.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.8174.5932 [GMT 8:00]

Running from: c:\users\Jing\Desktop\ComboFix.exe

Command switches used :: c:\users\Jing\Desktop\CFScript.txt

AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

FILE ::

"c:\oem\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe"

"c:\users\Jing\Desktop\Minecarft\MinecraftInstall.exe"

"c:\users\Jing\Desktop\MinecraftInstall.exe"

.

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jing\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll

c:\users\Jing\AppData\Roaming\Web Cake

c:\users\Jing\AppData\Roaming\Web Cake\dat\Desktop.OS.dll

c:\users\Jing\AppData\Roaming\Web Cake\dat\Dora.dat

c:\users\Jing\AppData\Roaming\Web Cake\dat\Maintain.dat

c:\users\Jing\AppData\Roaming\Web Cake\dat\Paladin.dat

c:\users\Jing\AppData\Roaming\Web Cake\PlugIns.cache

.

.

(((((((((((((((((((((((((   Files Created from 2013-10-21 to 2013-11-21  )))))))))))))))))))))))))))))))

.

.

2013-11-21 02:22 . 2013-11-21 02:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-11-21 02:22 . 2013-11-21 02:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-20 05:42 . 2013-11-20 08:52 -------- d-----w- c:\users\Jing\funshion

2013-11-20 05:42 . 2013-11-20 05:42 -------- d-----w- c:\program files (x86)\Funshion Online

2013-11-19 09:10 . 2013-11-20 04:05 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0327B6CA-35DE-4192-ABC1-F6537DF1B594}\offreg.dll

2013-11-19 09:05 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0327B6CA-35DE-4192-ABC1-F6537DF1B594}\mpengine.dll

2013-11-18 14:23 . 2013-11-18 14:23 -------- d-----w- c:\users\Jing\AppData\Roaming\Malwarebytes

2013-11-18 14:23 . 2013-11-18 14:23 -------- d-----w- c:\programdata\Malwarebytes

2013-11-18 14:23 . 2013-11-18 14:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-11-18 14:23 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-11-18 14:23 . 2013-11-18 14:23 -------- d-----w- c:\users\Jing\AppData\Local\Programs

2013-11-17 13:07 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-11-17 13:07 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-11-17 13:06 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2013-11-17 13:06 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2013-11-16 19:41 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2013-11-16 19:35 . 2013-11-16 19:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-11-16 16:44 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-11-16 16:44 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2013-11-16 16:44 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll

2013-11-16 16:44 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll

2013-11-16 16:44 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll

2013-11-16 16:44 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2013-11-16 16:44 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2013-11-16 16:42 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2013-11-16 16:42 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2013-11-16 16:42 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2013-11-16 16:42 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2013-11-16 16:40 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-11-16 16:39 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll

2013-11-16 16:38 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-11-16 16:37 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll

2013-11-16 16:36 . 2013-08-29 02:17 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-11-16 16:30 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2013-11-16 16:30 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2013-11-16 16:30 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-11-16 16:30 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-11-16 16:23 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-11-16 16:23 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-11-16 16:23 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-11-16 16:23 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-11-16 16:23 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-11-16 16:17 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-11-16 16:17 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

2013-11-16 16:17 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-11-16 16:17 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-11-16 16:17 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-11-16 16:17 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-11-16 16:17 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-11-16 16:15 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-11-16 16:15 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-11-16 16:15 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-11-16 16:15 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-11-16 16:15 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2013-11-16 10:52 . 2013-11-20 01:47 -------- d-----w- c:\users\Jing\AppData\Local\CrashDumps

2013-11-14 17:45 . 2013-11-14 17:45 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2013-11-09 06:48 . 2013-11-09 06:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-09 06:48 . 2013-11-09 06:49 -------- d-----w- c:\program files\iTunes

2013-11-09 06:48 . 2013-11-09 06:49 -------- d-----w- c:\program files (x86)\iTunes

2013-11-09 06:48 . 2013-11-09 06:48 -------- d-----w- c:\program files\iPod

2013-11-09 06:47 . 2013-11-09 06:47 -------- d-----w- c:\users\Jing\AppData\Local\SteelSeries_ApS

2013-11-09 06:47 . 2013-11-09 06:47 -------- d-----w- c:\users\Jing\AppData\Roaming\SteelSeries

2013-11-09 06:46 . 2013-11-09 06:46 -------- d-----w- c:\programdata\SteelSeries

2013-11-09 06:45 . 2013-11-09 06:45 -------- d-----w- c:\program files\SteelSeries

2013-11-02 10:16 . 2013-10-18 01:36 1063200 ----a-w- c:\windows\system32\nvspcap64.dll

2013-11-02 10:16 . 2013-10-18 01:36 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll

2013-11-02 10:16 . 2013-11-02 10:16 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2013-11-02 10:16 . 2013-11-02 10:16 -------- d-----w- c:\users\UpdatusUser.He-PC

2013-11-02 10:08 . 2013-09-27 23:01 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2013-11-02 10:08 . 2013-09-27 23:01 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll

2013-11-02 10:08 . 2013-09-27 23:01 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2013-10-30 16:15 . 2013-10-30 16:15 140800 ----a-w- c:\windows\system32\drivers\SteelBus64.sys

2013-10-28 16:14 . 2013-10-28 16:14 -------- d-----w- c:\users\Jing\AppData\Local\ESN

2013-10-27 14:16 . 2013-11-17 14:34 -------- d-----w- c:\program files\McAfee Security Scan

2013-10-22 19:02 . 2013-10-22 19:02 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-17 08:53 . 2011-10-24 14:51 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-11-17 08:39 . 2011-10-24 14:51 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-11-11 06:34 . 2013-10-10 16:49 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-11-07 08:00 . 2011-07-11 11:50 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-10-27 03:47 . 2011-10-24 14:51 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-10-23 10:30 . 2011-05-25 07:27 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-10-23 10:30 . 2011-05-25 07:27 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-10-23 10:30 . 2011-05-25 07:27 3067560 ----a-w- c:\windows\system32\nvapi64.dll

2013-10-23 10:30 . 2011-05-25 07:27 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-10-23 08:20 . 2011-02-24 03:59 6669600 ----a-w- c:\windows\system32\nvcpl.dll

2013-10-23 08:20 . 2011-02-24 03:58 3489568 ----a-w- c:\windows\system32\nvsvc64.dll

2013-10-23 08:20 . 2011-02-24 03:59 922912 ----a-w- c:\windows\system32\nvvsvc.exe

2013-10-23 08:20 . 2011-02-24 03:59 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-10-23 08:20 . 2011-02-24 03:59 219424 ----a-w- c:\windows\system32\nvmctray.dll

2013-10-23 08:20 . 2011-02-24 03:59 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll

2013-10-23 08:20 . 2011-02-24 03:59 1064224 ----a-w- c:\windows\system32\nv3dappshext.dll

2013-10-23 08:20 . 2011-02-24 03:58 3426956 ----a-w- c:\windows\system32\nvcoproc.bin

2013-10-10 06:12 . 2012-09-16 05:41 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-10 06:12 . 2011-07-16 14:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-29 01:48 . 2013-11-16 16:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}]

2013-11-20 05:42 439432 ----a-w- c:\users\Jing\funshion\funshiontools\FunshionHelper.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-11-11 06:34 3353624 ----a-w- c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-11 3353624]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo2.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Jing\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-28 1022352]

"Facebook Update"="c:\users\Jing\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280]

"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2013-11-05 242688]

"Funshion"="c:\program files (x86)\Funshion Online\2.8.6.51\Funshion.exe" [2013-11-20 4243592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]

"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-11-11 2420248]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-11 2349392]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

c:\users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-10-6 0]

FunshionService.diagnose [2011-10-13 18]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-7 324320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~2\avg\avg2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\users\Jing\Desktop\Garena Messenger\Room\safedrv.sys;c:\users\Jing\Desktop\Garena Messenger\Room\safedrv.sys [x]

R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys;c:\aeriagames\EdenEternal\sjcs64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]

S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]

S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ   Akamai

FunshionServiceTools REG_MULTI_SZ   FunshionSvr

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-11-15 08:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 06:12]

.

2013-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1560807749-217186930-2607330092-1001Core.job

- c:\users\Jing\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:03]

.

2013-11-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1560807749-217186930-2607330092-1001UA.job

- c:\users\Jing\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:03]

.

2013-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 17:05]

.

2013-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 17:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]

.

------- Supplementary Scan -------

.


uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

Trusted Zone: aeriagames.com

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6

Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\SysWOW64\KuGoo3DownXControl.ocx

Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\SysWOW64\KuGoo3DownXControl.ocx

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\users\Jing\Desktop\Garena Messenger\ggdllhost.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe

c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-11-21  10:27:55 - machine was rebooted

ComboFix-quarantined-files.txt  2013-11-21 02:27

ComboFix2.txt  2013-11-18 14:18

ComboFix3.txt  2013-11-16 15:58

.

Pre-Run: 205,389,266,944 bytes free

Post-Run: 204,943,003,648 bytes free

.

- - End Of File - - A9D58A8624811C2D30C89C9200173FB6
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

urrrgh, where did this funsion crap come from? o.O

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.