Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dos/Alureon.A-W[n32/almarik.AKtrojan-Win64/zlmarik.Awotrojan [Solved]

Started by bella710 , Oct 21 2012 11:36 AM

  • This topic is locked This topic is locked

#16
Crag_Hack
Posted 24 October 2012 - 06:22 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi bella710. It looks like you made a mistake while dragging the CFscript text file onto the combofix program icon. The CF log says:
Command switches used :: c:\users\user\Desktop\CFScript - Shortcut.lnk
It should say:
Command switches used :: c:\users\user\Desktop\CFScript.txt
Please try again and make sure to drag the actual text file. Let me know if you have any problems.
  • 0

Advertisements

#17
bella710
Posted 25 October 2012 - 05:06 PM

bella710

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ComboFix 12-10-25.02 - user 10/25/2012 18:17:35.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4577 [GMT -4:00]
Running from: c:\users\user\Downloads\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\ffciiesa.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ffciiesa
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 22:52 . 2012-10-25 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-24 23:32 . 2012-10-11 01:06 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-24 23:32 . 2012-10-11 01:06 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-24 23:31 . 2012-10-24 23:31 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-24 23:31 . 2012-10-24 23:31 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-24 23:31 . 2012-10-24 23:31 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-24 23:31 . 2012-10-24 23:31 188904 ----a-w- c:\windows\system32\java.exe
2012-10-24 23:31 . 2012-10-24 23:31 -------- d-----w- c:\program files\Java
2012-10-24 23:28 . 2012-10-24 23:28 -------- d-----w- c:\users\user\AppData\Local\Secunia PSI
2012-10-24 23:28 . 2012-10-24 23:28 -------- d-----w- c:\program files (x86)\Secunia
2012-10-24 23:10 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3663F9A-16F3-4962-8E7F-787F48C204D8}\mpengine.dll
2012-10-24 02:03 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{846A369C-96B3-4CD3-8E86-786B657C026C}\mpengine.dll
2012-10-23 20:43 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-23 20:43 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-23 20:43 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-23 20:43 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-23 20:43 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-23 20:43 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-23 20:43 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-23 20:43 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-23 20:43 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-21 15:47 . 2012-10-21 15:47 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-10-17 23:22 . 2012-10-17 23:22 -------- d-----w- c:\users\user\AppData\Local\Diagnostics
2012-10-16 00:19 . 2012-10-16 00:19 -------- d-----w- c:\users\user\AppData\Local\Adobe
2012-10-15 20:29 . 2012-10-15 20:29 -------- d-----w- c:\users\user\AppData\Local\Apple
2012-10-14 22:06 . 2012-10-14 22:06 -------- d-----w- c:\users\user\AppData\Local\Apple Computer
2012-10-13 19:12 . 2012-10-13 19:12 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-10-13 15:45 . 2012-10-13 15:45 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-13 12:15 . 2012-10-13 12:22 -------- d-----w- c:\programdata\HitmanPro
2012-10-13 11:59 . 2012-10-13 11:59 -------- d-----w- c:\users\user\AppData\Local\AVG Secure Search
2012-10-13 01:08 . 2012-10-13 01:08 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-10-12 01:01 . 2012-10-13 15:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-11 20:07 . 2012-10-11 20:07 -------- d-----w- c:\users\user\AppData\Local\Mozilla
2012-10-11 18:58 . 2012-10-11 18:58 -------- d-----w- c:\users\user\AppData\Local\Macromedia
2012-10-10 23:21 . 2012-10-16 00:27 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-10-10 21:29 . 2012-08-20 15:33 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 21:29 . 2012-08-20 15:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 21:29 . 2012-08-20 15:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 21:29 . 2012-08-20 15:33 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 21:29 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 21:29 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 21:29 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 21:29 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 21:29 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-10-10 21:28 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 21:28 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 21:27 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 21:27 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 21:27 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 21:27 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 21:27 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 21:27 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 21:27 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-10 21:25 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 21:25 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 21:25 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 21:25 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 21:25 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 21:25 . 2012-10-10 21:25 -------- d-----w- c:\users\user\AppData\Local\Moonchild Productions
2012-10-10 21:05 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 21:05 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-09 23:30 . 2012-10-09 23:30 -------- d-----w- c:\users\Default\AppData\Local\Power2Go
2012-10-09 22:44 . 2012-10-09 22:44 -------- d-----w- C:\VritualRoot
2012-10-09 22:14 . 2012-10-10 20:47 -------- d-----w- c:\program files (x86)\Common Files\Comodo
2012-10-09 22:14 . 2012-10-09 22:14 -------- d-----w- c:\programdata\CPA_VA
2012-10-09 20:29 . 2012-10-10 20:47 -------- d-----w- c:\programdata\Comodo
2012-10-09 20:29 . 2012-10-09 22:14 -------- d-----w- c:\program files\COMODO
2012-10-08 09:36 . 2012-10-08 09:36 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-10-08 09:35 . 2012-10-08 09:35 -------- d-----w- c:\programdata\Malwarebytes
2012-10-08 04:26 . 2012-10-10 20:46 -------- d-----w- c:\windows\Microsoft Antimalware
2012-10-04 21:12 . 2012-10-04 21:12 -------- d-----w- c:\windows\Sun
2012-09-26 02:01 . 2012-09-26 02:01 -------- d-----w- c:\program files (x86)\Application Updater
2012-09-26 02:01 . 2012-09-26 02:01 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-09-26 02:01 . 2012-09-26 02:01 -------- d-----w- c:\program files (x86)\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 22:53 . 2011-08-25 07:58 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-10-24 23:31 . 2012-08-03 02:22 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-24 23:31 . 2012-08-03 02:22 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-12 02:25 . 2012-04-19 00:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 02:25 . 2012-04-19 00:24 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-28 04:18 . 2012-04-23 19:21 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-08 13:35 . 2012-09-08 13:35 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 128456 ------w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 11:15 . 2012-09-22 14:02 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 14:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 14:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 14:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 14:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 14:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 14:02 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 14:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 14:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 14:02 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 14:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 14:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 14:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 14:03 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 14:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 14:03 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 14:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 14:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 14:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 14:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 14:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 14:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 02:28 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 02:28 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 02:28 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 02:28 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 19:35 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-09-24 22:43 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-09-10 20:28 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-09-10 20:28 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 21:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-15 00:49 . 2012-08-15 00:49 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 00:49 . 2012-08-15 00:49 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 00:49 . 2012-08-15 00:49 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 00:49 . 2012-08-15 00:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 00:49 . 2012-08-15 00:49 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 00:49 . 2012-08-15 00:49 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 00:49 . 2012-08-15 00:49 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 00:49 . 2012-08-15 00:49 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 00:49 . 2012-08-15 00:49 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 00:48 . 2012-08-15 00:48 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 00:48 . 2012-08-15 00:48 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 00:48 . 2012-08-15 00:48 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 00:47 . 2012-08-15 00:47 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-03 14:23 . 2012-08-03 14:23 35064 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
2012-08-03 02:26 . 2012-05-26 12:25 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-03 02:26 . 2012-05-26 12:25 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-02 17:58 . 2012-09-12 02:28 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 02:28 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-10-13 01:08 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-10-13 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-10-13 1107552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 548528]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent]
@="Office Depot PC Support Agent"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 250808]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [2011-03-15 10112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-17 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 assd;assd; [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-08 31080]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-09-19 795072]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 HsdService;HsdService;c:\program files (x86)\Windstream\Diagnostic Tools\HsdService.exe [2011-04-25 1393976]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-07-05 517632]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files (x86)\Office Depot PC Support Agent\esService.exe [2012-10-11 998336]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Windstream\Service Agent\ServicepointService.exe [2011-10-14 10315064]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-09-08 927840]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-23 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 02:25]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=21
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 166.102.165.11 166.102.165.13 192.168.1.1
TCP: Interfaces\{E0E38C28-CAF6-424B-9A0D-8882BB91964A}: DhcpNameServer = 166.102.165.11 166.102.165.13 192.168.1.1
TCP: Interfaces\{E0E38C28-CAF6-424B-9A0D-8882BB91964A}\34963736F60303437303: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E0E38C28-CAF6-424B-9A0D-8882BB91964A}\F66666963656465607F647: DhcpNameServer = 198.6.1.1 204.117.214.10
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ramotr5s.default-1340409351616\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - ExtSQL: 2012-08-31 16:02; {7b13ec3e-999a-4b70-b9cb-2617b8323822}; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ramotr5s.default-1340409351616\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - ExtSQL: 2012-09-02 08:59; [email protected]; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ramotr5s.default-1340409351616\extensions\[email protected]
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: content.max.tokenizing.time - 2250000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Office Depot PC Support Agent\escont.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-10-25 19:00:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-25 23:00
ComboFix2.txt 2012-10-24 22:54
ComboFix3.txt 2012-10-13 16:26
.
Pre-Run: 202,648,551,424 bytes free
Post-Run: 202,089,484,288 bytes free
.
- - End Of File - - 8D09DF1AADEEB4F18B3A128DF6EC2717
  • 0

#18
bella710
Posted 25 October 2012 - 05:22 PM

bella710

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
C:\Windows\System32\rundll32.exe

Illegal operation attempted on a registry key marked for deletion.




It says this when I try to get on the internet
  • 0

#19
Crag_Hack
Posted 25 October 2012 - 05:28 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
When did it start giving you this error message? After running Combofix using the fix I gave you?
  • 0

#20
bella710
Posted 25 October 2012 - 06:08 PM

bella710

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
yes
  • 0

#21
Crag_Hack
Posted 25 October 2012 - 11:24 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
I looked around a little and the fix looks easy... just restart the computer and see if that fixes the issue. Please let me know what happens.
  • 0

#22
bella710
Posted 26 October 2012 - 01:49 PM

bella710

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Yes that worked every thing is normal
  • 0

#23
Crag_Hack
Posted 26 October 2012 - 02:57 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi bella710. Looks like everything's good now. We will now clean up your temporary files, run a scan with Malwarebytes, and run a scan with Kaspersky Security Scanner to remove any remnants of the infection. Also it's time to use your computer and see if any symptoms persist. Please do the following:

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
[emptytemp]
[CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

  • Go to here
  • Click the download button under Kaspersky Security Scan
  • Download and run the file
  • It will start to download the Kaspersky Security Scan program data
  • Once downloaded the installer will begin
  • Click Next
  • Accept the License Agreement
  • Click Install
  • The program will now install
  • Click Finish
  • Kaspersky Security Scan will now start

    Posted Image
  • Click the Full Scan button

    Posted Image
  • The scan will take about an hour or two depending on the amount of data on your hard drive
  • If the scan detects problems it will open a Problems found window
  • Click Details to generate a scan results report

    Posted Image
  • Once the scan is complete do the following:
    • Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
    • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
    • Attach the HtmlReport zipped folder to your next post
      Posted Image
      Posted Image
      Posted Image
  • You can now close Kaspersky Security Scan

Step 4

Please use your computer for a couple hours or so and see if there are any symptoms. Then report back to me.

Things to see in your next post:
MBAM log
KSS log
computer status
  • 0

#24
bella710
Posted 26 October 2012 - 05:20 PM

bella710

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 14556455 bytes
->Temporary Internet Files folder emptied: 3817289 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49763556 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3263 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19033454 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10262012_191419

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ramotr5s.default-1340409351616\Cache\_CACHE_001_ moved successfully.
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ramotr5s.default-1340409351616\Cache\_CACHE_002_ moved successfully.
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ramotr5s.default-1340409351616\Cache\_CACHE_003_ moved successfully.
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ramotr5s.default-1340409351616\Cache\_CACHE_MAP_ moved successfully.
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ramotr5s.default-1340409351616\urlclassifier3.sqlite moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#25
bella710
Posted 26 October 2012 - 07:59 PM

bella710

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Attached File  HtmlReport.zip   317.71KB   98 downloads
  • 0

Advertisements

#26
Crag_Hack
Posted 26 October 2012 - 11:27 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
get the mbam scan yet? should only take 15 minutes or so
  • 0

#27
bella710
Posted 27 October 2012 - 09:42 AM

bella710

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

10/27/2012 11:37:10 AM
mbam-log-2012-10-27 (11-37-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 196055
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#28
bella710
Posted 27 October 2012 - 10:38 AM

bella710

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
everything seems to be working better maybe even faster
  • 0

#29
Crag_Hack
Posted 27 October 2012 - 03:03 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
We're done! Score one for the good guys. :thumbsup: Now that we're done scanning for and disinfecting malware it's time to clean up. I noticed you have outdated java and adobe reader apps. You will want to upgrade these to prevent possible infection through these apps in the future.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

Upgrading Adobe Reader:
  • Go to Start Menu --> Control Panel --> Programs and Features
  • Scroll to and select the Adobe Reader entry
  • Click Remove or Uninstall
  • Follow the instructions
  • Go to this site: http://get.adobe.com/reader/ or http://www.foxitsoft...ure_PDF_Reader/ for Foxit Reader (I prefer Foxit - it is less targeted by malware and allows pdf form editing)
  • Download and install the newest Adobe Reader (or Foxit)

Please use your computer a couple hours at least and make sure there are no remaining symptoms. If there are no symptoms proceed with the following instructions. One final step to take in disinfecting your computer is to purge all system restore points. This ensures that you will not get reinfected by files hiding in the system restore points. To do this follow these instructions:

  • Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
[ClearAllRestorePoints]
  • Then click the Run Fix button at the top
  • OTL may ask to reboot the machine. Please do so if asked.
  • Post the log it produces in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. Make sure to grab the contents of this file before following the cleanup procedure described next.

We will now clean up Combofix.
Press the Windows key and the R key at the same time
Copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall

You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus . Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program
Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run Spybot S&D
  • Click "Search for Updates"
  • Click "Continue"
  • Click "Download" - ignore if it says "please select some update files from the list first"
  • Click "OK" in update window if it prompts you
  • Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
  • Go back to Spybot main window
  • Close Internet Explorer/Firefox/Chrome if they are open
  • Click "Immunize"
  • Wait for the progress meter to complete
  • Click the "Immunize" button with the plus sign next to it towards the top of the window
  • Wait for the progress meter to complete
  • Close the program
And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly including Windows Updates. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. Updates close these holes. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated.

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:
By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0

#30
bella710
Posted 27 October 2012 - 04:12 PM

bella710

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you so much Josh,Will do all of the above (((hugs)))
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP