Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Internet Slow, Weird webpages pop up. [Closed]

Started by sparkey75 , Dec 06 2013 11:25 PM

  • This topic is locked This topic is locked
18 replies to this topic

#1 sparkey75

sparkey75

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 06 December 2013 - 11:25 PM

My son downloaded some programs and now we have issues I did already ran malwarebytes and combofix. trying to fix it myself Sorry!! I couldn't run combofix after downloading it I had to use another computer and download to a thumb drive and then run it for there. 

 

Thanks for your help! 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:38 PM, on 12/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CE\CovenantEyes.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\CE\CovenantEyesHelper.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\Downloads\HiJackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NMSVC] C:\Program Files\CE\CovenantEyes.exe
O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nmnsp.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Auth Service - Unknown owner - C:\Windows\system32\authServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GorillaPrice - Unknown owner - C:\Program Files\GorillaPrice\GorillaPrice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WatGorp - Unknown owner - C:\ProgramData\GorillaPrice\WatGorp.exe
 
--
End of file - 9732 bytes
.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by Administrator at 23:05:54.25 on Fri 12/06/2013
Internet Explorer: 9.10.9200.16736 BrowserJavaVersion: 10.25.2
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1526.252 [GMT -6:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\authServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\GorillaPrice\WatGorp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Browny02\BrYNSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CE\CovenantEyes.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\CE\CovenantEyesHelper.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\GorillaPrice\GorillaPrice.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Administrator\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NMSVC] c:\program files\ce\CovenantEyes.exe
mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
dRunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
dRunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f
dRunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
dRunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: CESpy.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 NNSALPC;NNSALPC;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-29 84200]
R1 NNSHTTP;NNSHTTP;c:\windows\system32\drivers\NNSHttp.sys [2013-5-29 126184]
R1 NNSHTTPS;NNSHTTPS;c:\windows\system32\drivers\NNSHttps.sys [2013-5-29 107752]
R1 NNSIDS;NNSIDS;c:\windows\system32\drivers\NNSIds.sys [2013-5-29 124648]
R1 NNSPICC;NNSPICC;c:\windows\system32\drivers\NNSpicc.sys [2013-5-29 95464]
R1 NNSPOP3;NNSPOP3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-29 106344]
R1 NNSPROT;NNSPROT;c:\windows\system32\drivers\NNSProt.sys [2013-5-29 287336]
R1 NNSPRV;NNSPRV;c:\windows\system32\drivers\NNSPrv.sys [2013-5-29 161384]
R1 NNSSMTP;NNSSMTP;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-29 108904]
R1 NNSSTRM;NNSSTRM;c:\windows\system32\drivers\NNSStrm.sys [2013-5-29 230376]
R1 NNSTLSC;NNSTLSC;c:\windows\system32\drivers\NNStlsc.sys [2013-5-29 93928]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2013-5-28 175848]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-5-10 65640]
R2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2011-5-26 1633280]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
R2 GorillaPrice;GorillaPrice;c:\program files\gorillaprice\gorillaprice.exe -service --> c:\program files\gorillaprice\GorillaPrice.exe -service [?]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-5-28 140768]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-5-28 145128]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-5-28 105704]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-5-28 114920]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-5-29 127720]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-5-28 37344]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 WatGorp;WatGorp;c:\programdata\gorillaprice\watgorp.exe -service --> c:\programdata\gorillaprice\WatGorp.exe -service [?]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-11-9 245760]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2013-12-5 47632]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-10-22 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-23 257416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2011-11-9 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2011-11-9 11520]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-9-12 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-10-22 116648]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-5-28 97512]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-26 1343400]
S4 NNSPIHSW;NNSPIHSW;c:\windows\system32\drivers\NNSPihsw.sys [2013-5-29 61672]
.
=============== Created Last 30 ================
.
2013-12-07 01:11:43 7772552 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{13a602ef-03da-44f2-8c1d-4b66a7c4d11f}\mpengine.dll
2013-12-05 16:32:28 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-05 16:32:22 -------- d-----w- c:\users\admini~1\appdata\local\temp
2013-12-05 15:55:15 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-11-25 01:13:11 -------- d-----w- c:\program files\CAM Development
2013-11-18 22:50:04 -------- d-----w- c:\users\admini~1\appdata\roaming\Open Download Manager
2013-11-18 20:44:10 -------- d-----w- c:\users\admini~1\appdata\local\Programs
2013-11-18 20:36:34 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2013-11-18 20:35:14 -------- d-----w- c:\users\admini~1\appdata\roaming\SearchProtect
2013-11-17 19:45:59 3092480 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\asapsdk.dll
2013-11-15 19:23:54 -------- d-----w- c:\program files\DivX
2013-11-15 19:22:24 -------- d-----w- c:\program files\DSP-worx
2013-11-15 19:22:17 -------- d-----w- c:\progra~2\DivX
2013-11-15 19:21:46 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2013-11-14 19:41:21 -------- d-----w- c:\program files\Mysearchdial
2013-11-13 10:33:13 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-13 10:33:13 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-13 10:33:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-13 10:33:12 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-13 10:33:12 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-13 10:33:11 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-13 10:33:11 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-13 10:33:11 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-13 10:33:10 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-13 10:33:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-13 10:32:44 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 10:32:40 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 10:32:38 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 10:32:37 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-13 10:32:28 1168384 ----a-w- c:\windows\system32\crypt32.dll
.
==================== Find3M  ====================
.
2013-11-11 11:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-04 08:23:13 183776 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\psenlc.dll
2013-10-22 09:25:20 83936 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\psenutil.dll
2013-10-22 09:25:19 397280 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANModAV.dll
2013-10-22 09:25:17 346080 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANUpgSI.dll
2013-10-20 06:24:42 3188192 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNPnlConfig.dll
2013-10-19 05:21:41 919520 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSCCGUIUtils.dll
2013-10-18 18:53:31 135136 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\psenfilter.dll
2013-10-18 18:53:30 307168 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANModCfg.dll
2013-10-17 19:31:31 167904 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSINEnAg.dll
2013-10-17 19:31:30 145640 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system32\drivers\vista\PSINAflt.sys
2013-10-17 19:31:29 169192 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system64\drivers\vista\PSINAflt.sys
2013-10-17 19:31:28 145640 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system32\drivers\w7\PSINAflt.sys
2013-10-17 19:31:26 169192 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system64\drivers\w7\PSINAflt.sys
2013-10-17 19:31:25 145640 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\drivers\psinaflt\x86_w8\PSINAflt.sys
2013-10-17 19:31:24 169192 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\drivers\psinaflt\x64_w8\PSINAflt.sys
2013-10-17 19:31:22 145640 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system32\drivers\xp\PSINAflt.sys
2013-10-17 15:32:44 901928 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\Setup.exe
2013-10-17 15:31:58 355624 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSINanoRun.exe
2013-10-17 15:30:46 241960 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\Launcher.exe
2013-10-15 11:34:22 111072 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\psenlog.dll
2013-10-15 11:34:20 331744 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANCU.exe
2013-10-14 16:28:20 1461728 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSAUI.dll
2013-10-14 16:28:19 370656 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSAEng.dll
2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-11 09:47:23 97896 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system32\drivers\xp\PSINReg.sys
2013-10-11 09:45:56 137960 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system64\drivers\vista\PSINProt.sys
2013-10-11 09:45:56 124648 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system64\drivers\vista\PSINProc.sys
2013-10-11 09:45:55 206056 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system64\drivers\vista\PSINKNC.sys
2013-10-11 09:45:55 122600 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system64\drivers\vista\PSINFile.sys
2013-10-11 09:45:49 175848 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system32\drivers\w7\PSINKNC.sys
2013-10-11 09:45:49 105704 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system32\drivers\w7\PSINFile.sys
2013-10-11 09:45:32 280032 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSINPrSg.dll
2013-10-11 09:45:31 138208 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSINEvAg.dll
2013-10-11 09:45:30 163296 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSINApAg.dll
2013-10-11 09:45:28 127720 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system32\drivers\vista\PSINProt.sys
2013-10-11 09:45:28 114920 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system32\drivers\vista\PSINProc.sys
2013-10-11 09:45:27 175848 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system32\drivers\vista\PSINKNC.sys
2013-10-11 09:45:27 105704 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\system32\drivers\vista\PSINFile.sys
2013-10-10 15:38:08 227624 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\dg\SMCLpav.exe
2013-10-10 15:38:07 364840 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\dg\SMCLPav.dll
2013-10-10 15:38:06 229160 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\dg\PGUse.exe
2013-10-10 15:38:05 479016 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\dg\PAVSMCL.dll
2013-10-10 15:38:05 150312 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\dg\PAV2WSC.dll
2013-10-10 15:38:04 135464 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\dg\DGNano.dll
2013-10-10 08:26:54 133600 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\pkndtr.dll
2013-10-08 21:59:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:59:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 15:55:44 105440 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSNCSysInfo.dll
2013-10-07 13:36:59 2207712 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNReports.dll
2013-10-07 13:36:58 983520 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNMsg.dll
2013-10-07 12:48:25 238560 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNUtils.dll
2013-10-07 12:48:24 2298848 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNSuspects.dll
2013-10-07 12:48:23 2551264 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNScan.dll
2013-10-07 12:48:05 2238432 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNResources.dll
2013-10-07 12:48:04 2595808 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNProcMon.dll
2013-10-07 12:48:04 115168 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNProcMonMng.dll
2013-10-07 12:48:02 512992 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNMain.exe
2013-10-07 12:48:01 2404320 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNFwConfig.dll
2013-10-07 12:48:00 98784 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNConfigStore.dll
2013-10-07 12:48:00 520672 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUASBoot.exe
2013-10-07 12:47:59 35808 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANLang.dll
2013-10-07 11:06:12 101344 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUAResourcesEx.dll
2013-10-07 10:54:59 202208 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANModProcMon.dll
2013-10-07 10:37:38 90592 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\x64\PSNCSysAction.exe
2013-10-07 10:37:34 24544 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\x86\PSNCSysAction.exe
2013-10-07 10:37:21 69600 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSNXml.dll
2013-10-07 10:37:21 56288 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSNTypeReflection.dll
2013-10-07 10:37:20 64992 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSNMuid.dll
2013-10-07 10:37:20 55776 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSNCUpdMgr.dll
2013-10-07 10:37:20 47584 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSNEvts.dll
2013-10-07 10:37:20 42976 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSNReg.dll
2013-10-07 10:35:57 365024 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANUpgMgr.dll
2013-10-07 10:34:59 227808 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\NdkApi.Prl.dll
2013-10-07 10:34:59 197600 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\NdkApi.Quarantine.dll
2013-10-07 10:34:58 225248 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\NdkApi.Notification.dll
2013-10-07 10:34:58 184288 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\NdkApi.License.dll
2013-10-07 10:34:57 234976 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\NdkApi.dll
2013-10-07 10:34:56 305632 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\NdkApi.Configuration.dll
2013-10-07 10:34:56 210400 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\NdkApi.Communication.dll
2013-10-07 10:34:55 221664 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\NdkApi.Analysis.dll
2013-10-07 10:34:55 131552 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\NdkApi.Common.dll
2013-10-03 16:07:23 3845088 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUNConsole.dll
2013-10-03 16:07:21 2502112 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSUAConfig.dll
2013-10-03 15:15:59 64992 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSNFiles.dll
2013-10-03 11:43:22 145888 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANMSrvc.dll
2013-10-03 11:43:03 164832 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANModCtrlCfg.dll
2013-10-03 06:15:33 35296 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSNWSC.dll
2013-10-03 06:15:14 92128 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\psensfl.dll
2013-10-03 06:15:13 88544 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSENQMem.dll
2013-10-03 06:15:12 102368 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\psenplgb.dll
2013-10-03 06:14:58 114656 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSENMgrb.dll
2013-10-03 06:14:57 152544 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSENIExAg.dll
2013-10-03 06:14:41 125920 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANURLCounters.dll
2013-10-03 06:14:40 46560 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5963.tmp\program files\panda security\panda cloud antivirus\PSANStatsSend.dll
.
============= FINISH: 23:07:24.21 ===============
 
 

    Advertisements

Register to Remove

#2 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 08 December 2013 - 01:04 AM

Hi and Welcome!! Sparkey75 :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Vista and Windows 7 users:

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")

    Stay with this topic until I give you the all clean post.

    Having said that....Let's get going!! ;)

    ====================================

    p22002970.gifSecurity Check

    p22002970.gif Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    Next

    p22002970.gif81mYIKe.jpgAdwCleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    Next

    p22002970.gifJunkware Removal Tool

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

    Next

    p22002970.gifRogueKiller
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.

    Please post: All RKreport.txt text files located on your desktop.

    On your next reply please post :
  • checkup.txt
  • AdwCleaner[R0].txt
  • JRT.txt
  • All RKreport.txt

  • Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!

- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#3 sparkey75

sparkey75

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 08 December 2013 - 09:44 PM

I tried downloading security check and adware but my computer gave me an error message saying the files were corrupt. So I had to use another computer and downloaded on a thumb drive to then run on this computer. Here are the reports:

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Panda Cloud Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Toolbar Cleaner 1.0   
 JavaFX 2.1.1    
 Java™ 6 Update 31  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````
 Panda Security Panda Cloud Antivirus PSANHost.exe  
 Panda Security Panda Cloud Antivirus PSUAService.exe  
 Panda Security Panda Cloud Antivirus PSUAMain.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
 

# AdwCleaner v3.014 - Report created 08/12/2013 at 20:20:27
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Administrator - DAN-LAPTOP
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\Admin\AppData\Local\mysearchdial-speeddial.crx
Folder Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giekjokemioblbkdkclpehonimdjgiee
Folder Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giekjokemioblbkdkclpehonimdjgiee
Folder Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\giekjokemioblbkdkclpehonimdjgiee
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\giekjokemioblbkdkclpehonimdjgiee
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Mysearchdial
Folder Found C:\Program Files\Searchprotect
Folder Found C:\Program Files\Toolbar Cleaner
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Admin\AppData\Local\Conduit
Folder Found C:\Users\Admin\AppData\Local\NativeMessaging
Folder Found C:\Users\Admin\AppData\Local\WhiteListing
Folder Found C:\Users\Admin\AppData\LocalLow\Conduit
Folder Found C:\Users\Admin\AppData\LocalLow\PriceGong
Folder Found C:\Users\Admin\AppData\LocalLow\SweetPacks_A7
Folder Found C:\Users\Admin\AppData\Roaming\digitalsite
Folder Found C:\Users\Admin\AppData\Roaming\Searchprotect
Folder Found C:\Users\Administrator\AppData\Roaming\Searchprotect
Folder Found C:\Users\Dan\AppData\LocalLow\SweetPacks_A7
Folder Found C:\Users\Dan\AppData\Roaming\Searchprotect
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\FLEXnet
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3314936
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\giekjokemioblbkdkclpehonimdjgiee
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\giekjokemioblbkdkclpehonimdjgiee
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29FEADFD-F050-457D-8AFD-7FE9198AEA69}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B34D6DC-FAEB-4E0C-B9A6-6828AE8D4482}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BackgroundContainer Startup Task
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF062B7C-3A0C-4B82-BBC0-A6718BB2F894}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF062B7C-3A0C-4B82-BBC0-A6718BB2F894}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B0C0123D-E2A6-451E-A3BD-A4B9C7326B53}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\SweetPacks_A7
Key Found : HKLM\Software\Toolbar Cleaner
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16736
 
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtC0BtAzztC0DtBzz0D0Ezz0AzyyCtN0D0Tzu0SyCzzyEtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=942012373&ir=
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
Found : icon_url
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7033 octets] - [08/12/2013 20:20:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7093 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by Administrator on Sun 12/08/2013 at 20:55:45.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] gorillaprice 
Successfully deleted: [Service] gorillaprice 
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3314936
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\Users\Administrator\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\mysearchdial"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/08/2013 at 21:00:47.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

RogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 12/08/2013 21:08:21
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] WatGorp.exe -- C:\ProgramData\GorillaPrice\WatGorp.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-00A0RT0 ATA Device +++++
--- User ---
[MBR] bab8115d1d11ed1846639456a1252181
[BSP] b63f261ea300128fdd9f5bbb140a7bbf : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 303744 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_12082013_210821.txt >>
 

RogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 12/08/2013 21:11:58
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] WatGorp.exe -- C:\ProgramData\GorillaPrice\WatGorp.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-00A0RT0 ATA Device +++++
--- User ---
[MBR] bab8115d1d11ed1846639456a1252181
[BSP] b63f261ea300128fdd9f5bbb140a7bbf : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 303744 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_12082013_211158.txt >>
RKreport[0]_S_12082013_210821.txt
 
 

RogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Shortcuts HJfix -- Date : 12/08/2013 21:12:12
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] WatGorp.exe -- C:\ProgramData\GorillaPrice\WatGorp.exe [-] -> KILLED [TermProc]
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 6 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 2 / Fail 0
Backup: [NOT FOUND]
 
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
 
¤¤¤ Infection :  ¤¤¤
 
Finished : << RKreport[0]_SC_12082013_211212.txt >>
RKreport[0]_D_12082013_211158.txt;RKreport[0]_S_12082013_210821.txt
 
Thanks for your time!! Looks like it got a few things.
 

Edited by sparkey75, 08 December 2013 - 10:02 PM.

#4 sparkey75

sparkey75

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 08 December 2013 - 09:48 PM

Opened up IE and this webpage opened up http://jumpingforfit...es/LastWeek.htm

 

image2941.jpgimage327.gifimage327.gif

 

 

 

 

 

Message From Bing

 

Several months ago you were given notice that your privacy settings needed to be updated regarding ads being displayed to you.  Please update your preferences now for displaying ads for your Bing account.  Failure to do so will result in immediate account termination.

 

Simply click on the ad below and select either “I want to opt-out from seeing ads” or “It’s ok to continue showing me ads.”

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Laura Thompson

Bing Privacy Team

Bing, Inc.

 

            

 

 


Edited by sparkey75, 08 December 2013 - 09:56 PM.

#5 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 09 December 2013 - 12:59 PM

Hi Sparkey

FRST.jpgFRST

Download the 32 bit or 64 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#6 sparkey75

sparkey75

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 09 December 2013 - 10:13 PM

Here you go!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013
Ran by SYSTEM on MININT-47PO2T5 on 09-12-2013 22:05:44
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1316136 2008-06-20] (Synaptics, Inc.)
HKLM\...\Run: [NMSVC] - C:\Program Files\CE\CovenantEyes.exe [2429440 2012-10-22] ()
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-04-11] (Visicom Media Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-09-12] (Google)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2010-12-23] (Brother Industries, Ltd.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-03-03] (Brother Industries, Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-05-28] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKU\Admin\...\Run: [Google Update] - C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-05-25] (Google Inc.)
HKU\Admin\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2009-05-05] (Acresso Corporation)
HKU\Admin\...\Run: [SearchProtect] - C:\Users\Admin\AppData\Roaming\SearchProtect\bin\cltmng.exe
HKU\Admin\...\Run: [BackgroundContainer] - "C:\Windows\system32\Rundll32.exe" "C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\Admin\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe [ 2012-11-20] (AWS Convergence Technologies, Inc.)
HKU\Admin\...\Run: [Open Download Manager] - C:\Program Files\OpenDownloaderManager\odm.exe -autorun
HKU\Admin\...\RunOnce: [Del3518368] - cmd.exe /Q /D /c del "C:\Users\Admin\AppData\Local\Temp\0.del"
HKU\Admin\...\RunOnce: [Del3607928] - cmd.exe /Q /D /c del "C:\Users\Admin\AppData\Local\Temp\0.del"
HKU\Administrator\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2009-05-05] (Acresso Corporation)
HKU\Dan\...\Run: [Google Update] - C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-05-25] (Google Inc.)
HKU\Dan\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2009-05-05] (Acresso Corporation)
HKU\Dan\...\Run: [MusicManager] - C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [ 2013-11-11] (Google Inc.)
HKU\Dan\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [ 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\Dan\...\Run: [SearchProtect] - C:\Users\Dan\AppData\Roaming\SearchProtect\bin\cltmng.exe
AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [ 2011-09-12] (Google)
 
========================== Services (Whitelisted) =================
 
S2 Auth Service; C:\Windows\system32\authServer.exe [1633280 2012-10-22] ()
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-09-12] (Google)
S2 GorillaPrice; C:\Program Files\GorillaPrice\GorillaPrice.exe [631808 2013-11-05] ()
S2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-05-28] (Panda Security, S.L.)
S2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-05-28] (Panda Security, S.L.)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-11-05] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 FANTOM; C:\Windows\System32\DRIVERS\fantom.sys [39424 2006-03-10] (National Instruments Corporation)
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-29] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [126184 2013-05-29] (Panda Security, S.L.)
S1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [107752 2013-05-29] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [124648 2013-05-29] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61672 2013-05-29] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [106344 2013-05-29] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [287336 2013-05-29] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [161384 2013-05-29] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-29] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [230376 2013-05-29] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-29] (Panda Security, S.L.)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [145128 2013-05-28] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105704 2013-05-28] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175848 2013-05-28] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114920 2013-05-28] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [127720 2013-05-29] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [97512 2013-05-28] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-09 22:05 - 2013-12-09 22:05 - 00000000 ____D C:\FRST
2013-12-09 19:34 - 2013-12-09 19:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-12-08 19:12 - 2013-12-08 19:12 - 00001303 _____ C:\Users\Administrator\Desktop\RKreport[0]_SC_12082013_211212.txt
2013-12-08 19:11 - 2013-12-08 19:11 - 00001899 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_12082013_211158.txt
2013-12-08 19:08 - 2013-12-08 19:08 - 00002067 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_12082013_210821.txt
2013-12-08 19:04 - 2013-12-08 19:13 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-12-08 19:04 - 2013-12-08 18:59 - 03580416 _____ C:\Users\Administrator\Desktop\RogueKiller.exe
2013-12-08 19:00 - 2013-12-08 19:00 - 00003248 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-12-08 18:57 - 2013-12-08 18:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-12-08 18:55 - 2013-12-08 18:55 - 00000000 ____D C:\Windows\ERUNT
2013-12-08 18:53 - 2013-12-08 18:08 - 01034531 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2013-12-08 18:52 - 2013-12-08 18:52 - 00007173 _____ C:\Users\Administrator\Desktop\AdwCleaner[R0].txt
2013-12-08 18:20 - 2013-12-08 18:21 - 00000000 ____D C:\AdwCleaner
2013-12-08 18:19 - 2013-12-08 18:07 - 01110034 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2013-12-08 18:15 - 2013-12-08 18:15 - 00001252 _____ C:\Users\Administrator\Desktop\checkup.txt
2013-12-08 18:05 - 2013-12-08 18:03 - 00891200 _____ C:\Users\Administrator\Desktop\SecurityCheck.exe
2013-12-08 17:51 - 2013-12-08 17:51 - 00332462 _____ C:\Users\Administrator\Downloads\SecurityCheck (2).exe
2013-12-08 17:50 - 2013-12-08 17:50 - 00284930 _____ C:\Users\Administrator\Downloads\SecurityCheck (1).exe
2013-12-08 17:49 - 2013-12-08 17:50 - 00199652 _____ C:\Users\Administrator\Downloads\SecurityCheck.exe
2013-12-07 06:51 - 2013-12-08 18:05 - 00000906 _____ C:\Windows\setupact.log
2013-12-07 06:51 - 2013-12-07 06:51 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 21:11 - 2013-12-06 21:11 - 00009651 _____ C:\Users\Administrator\Desktop\Attach.txt
2013-12-06 21:09 - 2013-12-06 21:09 - 00031348 _____ C:\Users\Administrator\Desktop\DDS.txt
2013-12-06 21:04 - 2013-12-06 21:05 - 00625664 _____ C:\Users\Administrator\Downloads\dds.scr
2013-12-06 21:03 - 2013-12-06 21:03 - 00484370 _____ C:\Users\Administrator\Desktop\OTL.Txt
2013-12-06 21:03 - 2013-12-06 21:03 - 00058926 _____ C:\Users\Administrator\Desktop\Extras.Txt
2013-12-06 21:00 - 2013-12-06 21:00 - 00058926 _____ C:\Users\Administrator\Downloads\Extras.Txt
2013-12-06 20:56 - 2013-12-06 20:56 - 00484370 _____ C:\Users\Administrator\Downloads\OTL.Txt
2013-12-06 20:20 - 2013-12-06 20:20 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\OTL (1).exe
2013-12-06 20:20 - 2013-12-06 20:20 - 00009733 _____ C:\Users\Administrator\Desktop\hijackthis.log
2013-12-06 20:18 - 2013-12-06 20:18 - 00009733 _____ C:\Users\Administrator\Downloads\hijackthis.log
2013-12-06 20:17 - 2013-12-06 20:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HiJackThis.exe
2013-12-06 20:17 - 2013-12-06 20:17 - 00041903 _____ C:\Users\Administrator\Desktop\index (1).htm
2013-12-06 20:16 - 2013-12-06 20:16 - 00065036 _____ C:\Users\Administrator\Desktop\index.htm
2013-12-06 20:14 - 2013-12-06 20:14 - 00547939 _____ C:\Users\Administrator\Downloads\OTL.exe
2013-12-06 17:17 - 2013-12-06 17:17 - 00496746 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\dfsetup216.exe
2013-12-06 17:16 - 2013-12-06 17:16 - 00050106 _____ C:\Users\Administrator\Documents\cc_20131206_191605.reg
2013-12-06 17:03 - 2013-12-06 17:03 - 00069662 _____ C:\Users\Dan\Downloads\PageDefrag.zip
2013-12-05 08:32 - 2013-12-05 08:32 - 00018654 _____ C:\ComboFix.txt
2013-12-05 08:02 - 2013-12-05 08:03 - 01000366 _____ (Swearware) C:\Users\Dan\Downloads\ComboFix (2).exe
2013-12-05 08:01 - 2013-12-05 08:01 - 00782656 _____ (Swearware) C:\Users\Dan\Downloads\ComboFix (1).exe
2013-12-05 07:55 - 2013-04-29 06:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\PSKMAD.sys
2013-12-04 21:26 - 2013-12-04 21:27 - 05152313 ____R (Swearware) C:\Users\Dan\Downloads\ComboFix.exe
2013-12-04 14:00 - 2013-12-04 14:00 - 00136662 _____ C:\Users\Dan\Downloads\UnityWebPlayer.exe
2013-11-24 17:22 - 2013-11-24 17:22 - 00000000 ____D C:\Users\Dan\Documents\CAM Development
2013-11-24 17:13 - 2013-11-24 17:13 - 00000000 ____D C:\Program Files\CAM Development
2013-11-24 17:12 - 2013-11-24 17:12 - 00901072 _____ (CAM Development                                             ) C:\Users\Dan\Downloads\cuz_setup.exe
2013-11-24 17:10 - 2013-11-24 17:10 - 00317070 _____ C:\Users\Dan\Downloads\cbsidlm-cbsi145-CAM_UnZip-SEO-10399651 (1).exe
2013-11-24 17:09 - 2013-11-24 17:09 - 00317070 _____ C:\Users\Dan\Downloads\cbsidlm-cbsi145-CAM_UnZip-SEO-10399651.exe
2013-11-24 15:11 - 2013-11-24 15:11 - 01284762 _____ C:\Users\Dan\Downloads\Wrath of the Fallen 1.6 (2).zip
2013-11-21 08:43 - 2013-11-21 08:43 - 00000000 ____D C:\Users\Dan\Desktop\Random
2013-11-21 07:51 - 2013-11-21 07:51 - 00000000 ____D C:\Users\Dan\Desktop\New folder
2013-11-21 07:47 - 2013-11-24 17:28 - 00000000 ____D C:\Users\Dan\Desktop\Xander's Games
2013-11-20 08:45 - 2013-11-20 08:45 - 00000155 _____ C:\Users\Dan\Downloads\download (1)
2013-11-20 08:44 - 2013-11-20 08:44 - 00000155 _____ C:\Users\Dan\Downloads\father
2013-11-20 05:17 - 2013-11-20 05:18 - 00243056 _____ C:\Users\Dan\Downloads\Withers Challenge 1.6.zip
2013-11-18 17:27 - 2013-11-18 17:27 - 00000000 ____D C:\Users\Administrator\Documents\My Games
2013-11-18 15:49 - 2013-11-18 15:49 - 00543598 _____ (Swearware) C:\Users\Administrator\Downloads\ComboFix-1.exe
2013-11-18 15:46 - 2013-11-18 15:46 - 00791044 _____ (Swearware) C:\Users\Administrator\Downloads\ComboFix (1).exe
2013-11-18 15:44 - 2013-11-18 15:45 - 00424768 _____ (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2013-11-18 14:50 - 2013-11-18 14:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Open Download Manager
2013-11-18 12:36 - 2013-11-18 12:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-11-17 14:27 - 2013-11-17 14:27 - 00183881 _____ C:\Users\Dan\Downloads\world4 (2).zip
2013-11-17 14:26 - 2013-11-17 14:26 - 00168340 _____ C:\Users\Dan\Downloads\MineCraftSetup.exe
2013-11-17 14:18 - 2013-11-17 14:18 - 00750369 _____ (Conduit) C:\Users\Dan\Downloads\7Zip_brch.exe
2013-11-17 14:15 - 2013-11-17 14:15 - 00234668 _____ C:\Users\Dan\Downloads\Herobrines Return 1.6 (1).zip
2013-11-17 14:15 - 2013-11-17 14:15 - 00142596 _____ C:\Users\Dan\Downloads\Herobrines Return 1.6 (2).zip
2013-11-15 14:45 - 2013-11-15 14:45 - 00001012 _____ C:\Users\Dan\Documents\mc storylibne.txt
2013-11-15 11:27 - 2013-11-15 11:27 - 00001126 _____ C:\Users\Admin\Desktop\Continue Codec Package Installation.lnk
2013-11-15 11:23 - 2013-11-15 11:23 - 00000000 ____D C:\Program Files\DivX
2013-11-15 11:22 - 2013-11-18 14:47 - 00000000 ____D C:\Program Files\DSP-worx
2013-11-15 11:22 - 2013-11-15 11:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\LavFilters
2013-11-15 11:22 - 2013-11-15 11:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\CDXReader
2013-11-15 11:22 - 2013-11-15 11:22 - 00000000 ____D C:\ProgramData\DivX
2013-11-15 11:21 - 2013-11-18 14:48 - 00000000 ____D C:\Program Files\OpenSource Flash Video Splitter
2013-11-15 11:12 - 2013-11-15 11:12 - 00992214 _____ C:\Users\Dan\Downloads\Wrath of the Fallen 1.6 (1).zip
2013-11-15 11:09 - 2013-11-15 11:09 - 00626304 _____ C:\Users\Dan\Downloads\Search for the Skyheart V1.2.1.zip
2013-11-14 18:19 - 2013-11-14 18:20 - 00014817 _____ C:\Users\Dan\Downloads\launcher-start (3).jar
2013-11-14 18:18 - 2013-11-14 18:18 - 00525088 _____ C:\Users\Dan\Downloads\chromeinstall-7u45 (1).exe
2013-11-14 14:40 - 2013-11-14 14:40 - 00262633 _____ C:\Users\Dan\Downloads\World4 (1).zip
2013-11-14 14:16 - 2013-11-14 14:16 - 00423331 _____ C:\Users\Dan\Downloads\world4.zip
2013-11-14 14:13 - 2013-11-14 14:14 - 01385222 _____ C:\Users\Dan\Downloads\Multiplex 2 The Village V0.99.zip
2013-11-14 14:07 - 2013-11-14 14:07 - 00322938 _____ C:\Users\Dan\Downloads\Amidst the Clouds.zip
2013-11-14 13:56 - 2013-11-14 13:56 - 01702160 _____ C:\Users\Dan\Downloads\Dreams I The Awakening (1).zip
2013-11-14 13:55 - 2013-11-14 13:55 - 01281702 _____ C:\Users\Dan\Downloads\-Father II- Adventure Map v1.3.zip
2013-11-14 13:51 - 2013-11-14 13:51 - 01515432 _____ C:\Users\Dan\Downloads\Firestorm Fortress v1.0.zip
2013-11-14 13:44 - 2013-11-14 13:44 - 01702160 _____ C:\Users\Dan\Downloads\Dreams I The Awakening.zip
2013-11-14 13:19 - 2013-11-14 13:19 - 01430154 _____ C:\Users\Dan\Downloads\Wrath of the Fallen 1.6.zip
2013-11-14 13:04 - 2013-11-14 13:05 - 01453920 _____ C:\Users\Dan\Downloads\Herobrines Mansion 1.6 (1).zip
2013-11-14 12:53 - 2013-11-14 12:53 - 00119147 _____ C:\Users\Dan\Downloads\wrar500 (1).exe
2013-11-14 12:50 - 2013-11-14 12:52 - 00000000 ____D C:\Program Files\WinRAR
2013-11-14 12:47 - 2013-11-14 12:47 - 00546029 _____ C:\Users\Dan\Downloads\wrar500.exe
2013-11-14 11:53 - 2013-11-14 11:53 - 00000000 ____D C:\Users\Admin\AppData\Local\WhiteListing
2013-11-14 11:47 - 2013-11-14 11:48 - 00269814 _____ C:\Users\Dan\Downloads\Herobrines Return 1.6.zip
2013-11-14 11:42 - 2013-11-14 11:41 - 00351124 _____ C:\Users\Admin\AppData\Local\mysearchdial-speeddial.crx
2013-11-14 11:41 - 2013-11-18 14:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DigitalSite
2013-11-14 11:41 - 2013-11-14 11:41 - 00000383 _____ C:\Users\Admin\Desktop\FREE Games.url
2013-11-14 11:41 - 2013-11-14 11:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\0D0S1L2Z1P1B
2013-11-14 10:25 - 2013-11-14 10:25 - 00385848 _____ C:\Users\Dan\Downloads\Herobrines Mansion 1.6.zip
2013-11-14 01:12 - 2013-10-11 23:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-14 01:12 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-14 01:12 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-14 01:12 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-14 01:12 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-14 01:12 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-13 14:06 - 2013-11-26 07:38 - 00001546 _____ C:\Users\Dan\Documents\NBT TAGS.txt
2013-11-13 02:33 - 2013-09-24 18:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 02:33 - 2013-09-24 18:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 02:33 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 02:33 - 2013-09-24 17:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 02:33 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 02:33 - 2013-09-24 17:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 02:33 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 02:33 - 2013-09-24 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 02:33 - 2013-09-24 16:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 02:33 - 2013-07-04 04:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-13 02:32 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 02:32 - 2013-10-11 18:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 02:32 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 02:32 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 02:32 - 2013-10-02 17:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-12 10:45 - 2013-11-12 10:45 - 00000000 ____D C:\Users\Admin\AppData\Local\Apple
2013-11-11 13:12 - 2013-11-11 13:12 - 00000155 _____ C:\Users\Dan\Downloads\download
2013-11-11 13:07 - 2013-11-11 13:07 - 00000155 _____ C:\Users\Dan\Downloads\ads (2)
2013-11-11 13:07 - 2013-11-11 13:07 - 00000155 _____ C:\Users\Dan\Downloads\ads (1)
2013-11-11 13:04 - 2013-11-11 13:04 - 00000155 _____ C:\Users\Dan\Downloads\ads
 
==================== One Month Modified Files and Folders =======
 
2013-12-09 22:05 - 2013-12-09 22:05 - 00000000 ____D C:\FRST
2013-12-09 20:02 - 2011-05-25 21:33 - 01525916 _____ C:\Windows\WindowsUpdate.log
2013-12-09 19:59 - 2009-07-13 20:34 - 00013440 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 19:59 - 2009-07-13 20:34 - 00013440 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 19:53 - 2011-05-26 19:59 - 00169655 _____ C:\ceProcesses.txt
2013-12-09 19:34 - 2013-12-09 19:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-12-08 19:13 - 2013-12-08 19:04 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-12-08 19:12 - 2013-12-08 19:12 - 00001303 _____ C:\Users\Administrator\Desktop\RKreport[0]_SC_12082013_211212.txt
2013-12-08 19:11 - 2013-12-08 19:11 - 00001899 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_12082013_211158.txt
2013-12-08 19:08 - 2013-12-08 19:08 - 00002067 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_12082013_210821.txt
2013-12-08 19:00 - 2013-12-08 19:00 - 00003248 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-12-08 18:59 - 2013-12-08 19:04 - 03580416 _____ C:\Users\Administrator\Desktop\RogueKiller.exe
2013-12-08 18:57 - 2013-12-08 18:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-12-08 18:55 - 2013-12-08 18:55 - 00000000 ____D C:\Windows\ERUNT
2013-12-08 18:52 - 2013-12-08 18:52 - 00007173 _____ C:\Users\Administrator\Desktop\AdwCleaner[R0].txt
2013-12-08 18:21 - 2013-12-08 18:20 - 00000000 ____D C:\AdwCleaner
2013-12-08 18:20 - 2011-05-25 19:53 - 00726316 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-08 18:15 - 2013-12-08 18:15 - 00001252 _____ C:\Users\Administrator\Desktop\checkup.txt
2013-12-08 18:08 - 2013-12-08 18:53 - 01034531 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2013-12-08 18:07 - 2013-12-08 18:19 - 01110034 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2013-12-08 18:05 - 2013-12-07 06:51 - 00000906 _____ C:\Windows\setupact.log
2013-12-08 18:03 - 2013-12-08 18:05 - 00891200 _____ C:\Users\Administrator\Desktop\SecurityCheck.exe
2013-12-08 17:51 - 2013-12-08 17:51 - 00332462 _____ C:\Users\Administrator\Downloads\SecurityCheck (2).exe
2013-12-08 17:50 - 2013-12-08 17:50 - 00284930 _____ C:\Users\Administrator\Downloads\SecurityCheck (1).exe
2013-12-08 17:50 - 2013-12-08 17:49 - 00199652 _____ C:\Users\Administrator\Downloads\SecurityCheck.exe
2013-12-08 17:47 - 2011-05-26 20:48 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-12-08 12:56 - 2013-11-07 13:34 - 00000000 ____D C:\Users\Dan\AppData\Roaming\.minecraft
2013-12-07 06:51 - 2013-12-07 06:51 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 21:11 - 2013-12-06 21:11 - 00009651 _____ C:\Users\Administrator\Desktop\Attach.txt
2013-12-06 21:09 - 2013-12-06 21:09 - 00031348 _____ C:\Users\Administrator\Desktop\DDS.txt
2013-12-06 21:05 - 2013-12-06 21:04 - 00625664 _____ C:\Users\Administrator\Downloads\dds.scr
2013-12-06 21:03 - 2013-12-06 21:03 - 00484370 _____ C:\Users\Administrator\Desktop\OTL.Txt
2013-12-06 21:03 - 2013-12-06 21:03 - 00058926 _____ C:\Users\Administrator\Desktop\Extras.Txt
2013-12-06 21:00 - 2013-12-06 21:00 - 00058926 _____ C:\Users\Administrator\Downloads\Extras.Txt
2013-12-06 20:56 - 2013-12-06 20:56 - 00484370 _____ C:\Users\Administrator\Downloads\OTL.Txt
2013-12-06 20:20 - 2013-12-06 20:20 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\OTL (1).exe
2013-12-06 20:20 - 2013-12-06 20:20 - 00009733 _____ C:\Users\Administrator\Desktop\hijackthis.log
2013-12-06 20:18 - 2013-12-06 20:18 - 00009733 _____ C:\Users\Administrator\Downloads\hijackthis.log
2013-12-06 20:17 - 2013-12-06 20:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HiJackThis.exe
2013-12-06 20:17 - 2013-12-06 20:17 - 00041903 _____ C:\Users\Administrator\Desktop\index (1).htm
2013-12-06 20:16 - 2013-12-06 20:16 - 00065036 _____ C:\Users\Administrator\Desktop\index.htm
2013-12-06 20:14 - 2013-12-06 20:14 - 00547939 _____ C:\Users\Administrator\Downloads\OTL.exe
2013-12-06 17:17 - 2013-12-06 17:17 - 00496746 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\dfsetup216.exe
2013-12-06 17:16 - 2013-12-06 17:16 - 00050106 _____ C:\Users\Administrator\Documents\cc_20131206_191605.reg
2013-12-06 17:14 - 2011-05-25 22:28 - 00000000 ____D C:\Windows\Panther
2013-12-06 17:03 - 2013-12-06 17:03 - 00069662 _____ C:\Users\Dan\Downloads\PageDefrag.zip
2013-12-05 08:32 - 2013-12-05 08:32 - 00018654 _____ C:\ComboFix.txt
2013-12-05 08:32 - 2011-09-12 05:50 - 00000000 ____D C:\Qoobox
2013-12-05 08:29 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
2013-12-05 08:03 - 2013-12-05 08:02 - 01000366 _____ (Swearware) C:\Users\Dan\Downloads\ComboFix (2).exe
2013-12-05 08:01 - 2013-12-05 08:01 - 00782656 _____ (Swearware) C:\Users\Dan\Downloads\ComboFix (1).exe
2013-12-05 07:10 - 2011-06-22 10:47 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-04 21:27 - 2013-12-04 21:26 - 05152313 ____R (Swearware) C:\Users\Dan\Downloads\ComboFix.exe
2013-12-04 14:00 - 2013-12-04 14:00 - 00136662 _____ C:\Users\Dan\Downloads\UnityWebPlayer.exe
2013-11-26 08:59 - 2013-11-07 10:31 - 00000000 ____D C:\Users\Dan\Desktop\Dan's items
2013-11-26 08:36 - 2013-08-17 07:45 - 00000000 ____D C:\Users\Public\Documents\TT Math 7
2013-11-26 07:38 - 2013-11-13 14:06 - 00001546 _____ C:\Users\Dan\Documents\NBT TAGS.txt
2013-11-25 08:11 - 2013-08-17 07:35 - 00000000 ____D C:\Users\Public\Documents\TT Math 4
2013-11-24 17:28 - 2013-11-21 07:47 - 00000000 ____D C:\Users\Dan\Desktop\Xander's Games
2013-11-24 17:22 - 2013-11-24 17:22 - 00000000 ____D C:\Users\Dan\Documents\CAM Development
2013-11-24 17:13 - 2013-11-24 17:13 - 00000000 ____D C:\Program Files\CAM Development
2013-11-24 17:12 - 2013-11-24 17:12 - 00901072 _____ (CAM Development                                             ) C:\Users\Dan\Downloads\cuz_setup.exe
2013-11-24 17:10 - 2013-11-24 17:10 - 00317070 _____ C:\Users\Dan\Downloads\cbsidlm-cbsi145-CAM_UnZip-SEO-10399651 (1).exe
2013-11-24 17:09 - 2013-11-24 17:09 - 00317070 _____ C:\Users\Dan\Downloads\cbsidlm-cbsi145-CAM_UnZip-SEO-10399651.exe
2013-11-24 15:11 - 2013-11-24 15:11 - 01284762 _____ C:\Users\Dan\Downloads\Wrath of the Fallen 1.6 (2).zip
2013-11-21 08:43 - 2013-11-21 08:43 - 00000000 ____D C:\Users\Dan\Desktop\Random
2013-11-21 07:51 - 2013-11-21 07:51 - 00000000 ____D C:\Users\Dan\Desktop\New folder
2013-11-20 08:45 - 2013-11-20 08:45 - 00000155 _____ C:\Users\Dan\Downloads\download (1)
2013-11-20 08:44 - 2013-11-20 08:44 - 00000155 _____ C:\Users\Dan\Downloads\father
2013-11-20 05:18 - 2013-11-20 05:17 - 00243056 _____ C:\Users\Dan\Downloads\Withers Challenge 1.6.zip
2013-11-18 17:27 - 2013-11-18 17:27 - 00000000 ____D C:\Users\Administrator\Documents\My Games
2013-11-18 15:53 - 2011-09-12 06:42 - 00000000 ____D C:\Program Files\Google
2013-11-18 15:50 - 2011-10-13 21:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-11-18 15:49 - 2013-11-18 15:49 - 00543598 _____ (Swearware) C:\Users\Administrator\Downloads\ComboFix-1.exe
2013-11-18 15:47 - 2011-10-13 21:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-11-18 15:47 - 2011-10-13 21:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2013-11-18 15:46 - 2013-11-18 15:46 - 00791044 _____ (Swearware) C:\Users\Administrator\Downloads\ComboFix (1).exe
2013-11-18 15:45 - 2013-11-18 15:44 - 00424768 _____ (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2013-11-18 14:50 - 2013-11-18 14:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Open Download Manager
2013-11-18 14:48 - 2013-11-15 11:21 - 00000000 ____D C:\Program Files\OpenSource Flash Video Splitter
2013-11-18 14:47 - 2013-11-15 11:22 - 00000000 ____D C:\Program Files\DSP-worx
2013-11-18 14:21 - 2013-11-14 11:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DigitalSite
2013-11-18 14:21 - 2013-11-06 05:09 - 00000000 ____D C:\Users\Dan\AppData\Roaming\SearchProtect
2013-11-18 14:21 - 2013-11-05 19:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\SearchProtect
2013-11-18 12:44 - 2011-09-12 05:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-18 12:36 - 2013-11-18 12:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-11-17 14:27 - 2013-11-17 14:27 - 00183881 _____ C:\Users\Dan\Downloads\world4 (2).zip
2013-11-17 14:26 - 2013-11-17 14:26 - 00168340 _____ C:\Users\Dan\Downloads\MineCraftSetup.exe
2013-11-17 14:18 - 2013-11-17 14:18 - 00750369 _____ (Conduit) C:\Users\Dan\Downloads\7Zip_brch.exe
2013-11-17 14:15 - 2013-11-17 14:15 - 00234668 _____ C:\Users\Dan\Downloads\Herobrines Return 1.6 (1).zip
2013-11-17 14:15 - 2013-11-17 14:15 - 00142596 _____ C:\Users\Dan\Downloads\Herobrines Return 1.6 (2).zip
2013-11-16 09:36 - 2011-05-25 19:51 - 00000000 ____D C:\users\Dan
2013-11-15 14:45 - 2013-11-15 14:45 - 00001012 _____ C:\Users\Dan\Documents\mc storylibne.txt
2013-11-15 11:27 - 2013-11-15 11:27 - 00001126 _____ C:\Users\Admin\Desktop\Continue Codec Package Installation.lnk
2013-11-15 11:23 - 2013-11-15 11:23 - 00000000 ____D C:\Program Files\DivX
2013-11-15 11:23 - 2013-11-15 11:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\LavFilters
2013-11-15 11:23 - 2013-11-15 11:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\CDXReader
2013-11-15 11:22 - 2013-11-15 11:22 - 00000000 ____D C:\ProgramData\DivX
2013-11-15 11:12 - 2013-11-15 11:12 - 00992214 _____ C:\Users\Dan\Downloads\Wrath of the Fallen 1.6 (1).zip
2013-11-15 11:09 - 2013-11-15 11:09 - 00626304 _____ C:\Users\Dan\Downloads\Search for the Skyheart V1.2.1.zip
2013-11-14 18:22 - 2013-11-07 10:29 - 00000000 ____D C:\Users\Dan\AppData\Roaming\.aether
2013-11-14 18:20 - 2013-11-14 18:19 - 00014817 _____ C:\Users\Dan\Downloads\launcher-start (3).jar
2013-11-14 18:18 - 2013-11-14 18:18 - 00525088 _____ C:\Users\Dan\Downloads\chromeinstall-7u45 (1).exe
2013-11-14 14:40 - 2013-11-14 14:40 - 00262633 _____ C:\Users\Dan\Downloads\World4 (1).zip
2013-11-14 14:16 - 2013-11-14 14:16 - 00423331 _____ C:\Users\Dan\Downloads\world4.zip
2013-11-14 14:14 - 2013-11-14 14:13 - 01385222 _____ C:\Users\Dan\Downloads\Multiplex 2 The Village V0.99.zip
2013-11-14 14:07 - 2013-11-14 14:07 - 00322938 _____ C:\Users\Dan\Downloads\Amidst the Clouds.zip
2013-11-14 13:56 - 2013-11-14 13:56 - 01702160 _____ C:\Users\Dan\Downloads\Dreams I The Awakening (1).zip
2013-11-14 13:55 - 2013-11-14 13:55 - 01281702 _____ C:\Users\Dan\Downloads\-Father II- Adventure Map v1.3.zip
2013-11-14 13:51 - 2013-11-14 13:51 - 01515432 _____ C:\Users\Dan\Downloads\Firestorm Fortress v1.0.zip
2013-11-14 13:44 - 2013-11-14 13:44 - 01702160 _____ C:\Users\Dan\Downloads\Dreams I The Awakening.zip
2013-11-14 13:19 - 2013-11-14 13:19 - 01430154 _____ C:\Users\Dan\Downloads\Wrath of the Fallen 1.6.zip
2013-11-14 13:05 - 2013-11-14 13:04 - 01453920 _____ C:\Users\Dan\Downloads\Herobrines Mansion 1.6 (1).zip
2013-11-14 12:53 - 2013-11-14 12:53 - 00119147 _____ C:\Users\Dan\Downloads\wrar500 (1).exe
2013-11-14 12:52 - 2013-11-14 12:50 - 00000000 ____D C:\Program Files\WinRAR
2013-11-14 12:47 - 2013-11-14 12:47 - 00546029 _____ C:\Users\Dan\Downloads\wrar500.exe
2013-11-14 11:53 - 2013-11-14 11:53 - 00000000 ____D C:\Users\Admin\AppData\Local\WhiteListing
2013-11-14 11:48 - 2013-11-14 11:47 - 00269814 _____ C:\Users\Dan\Downloads\Herobrines Return 1.6.zip
2013-11-14 11:41 - 2013-11-14 11:42 - 00351124 _____ C:\Users\Admin\AppData\Local\mysearchdial-speeddial.crx
2013-11-14 11:41 - 2013-11-14 11:41 - 00000383 _____ C:\Users\Admin\Desktop\FREE Games.url
2013-11-14 11:41 - 2013-11-14 11:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\0D0S1L2Z1P1B
2013-11-14 10:25 - 2013-11-14 10:25 - 00385848 _____ C:\Users\Dan\Downloads\Herobrines Mansion 1.6.zip
2013-11-14 02:28 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-11-14 01:27 - 2011-09-10 18:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 01:11 - 2013-08-14 21:15 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 01:03 - 2011-05-25 21:30 - 80340640 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-12 11:14 - 2013-11-05 19:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Open Download Manager
2013-11-12 10:45 - 2013-11-12 10:45 - 00000000 ____D C:\Users\Admin\AppData\Local\Apple
2013-11-11 13:12 - 2013-11-11 13:12 - 00000155 _____ C:\Users\Dan\Downloads\download
2013-11-11 13:07 - 2013-11-11 13:07 - 00000155 _____ C:\Users\Dan\Downloads\ads (2)
2013-11-11 13:07 - 2013-11-11 13:07 - 00000155 _____ C:\Users\Dan\Downloads\ads (1)
2013-11-11 13:04 - 2013-11-11 13:04 - 00000155 _____ C:\Users\Dan\Downloads\ads
2013-11-11 03:50 - 2011-05-25 20:48 - 00230048 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
5
Restore point made on: 2013-11-26 07:45:59
Restore point made on: 2013-12-03 06:17:16
Restore point made on: 2013-12-05 08:11:35
Restore point made on: 2013-12-06 17:10:46
Restore point made on: 2013-12-06 20:27:55
 
==================== Memory info =========================== 
 
Percentage of memory in use: 24%
Total physical RAM: 1526.12 MB
Available physical RAM: 1158.77 MB
Total Pagefile: 1526.12 MB
Available Pagefile: 1156.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.9 MB
 
==================== Drives ================================
 
Drive c: (SQ004508V01) (Fixed) (Total:296.62 GB) (Free:228.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.33 GB) NTFS
Drive f: () (Removable) (Total:0.96 GB) (Free:0.88 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: BB97EA26)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=297 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 983 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=983 MB) - (Type=0E)
 
 
LastRegBack: 2013-12-04 10:38
 
==================== End Of Log ============================

#7 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 12 December 2013 - 02:14 PM

Hi Sparkey

p22002970.gif81mYIKe.jpgAdwCleaner

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Next

p22002970.gifComboFix


Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


On your next reply please post :
  • AdwCleaner[S0].txt
  • ComboFix.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#8 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 15 December 2013 - 12:23 PM

Still need help?


- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#9 sparkey75

sparkey75

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 15 December 2013 - 07:58 PM

# AdwCleaner v3.015 - Report created 15/12/2013 at 19:42:58
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Administrator - DAN-LAPTOP
# Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Users\Dan\AppData\LocalLow\SweetPacks_A7
Folder Deleted : C:\Users\Dan\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Admin\AppData\Local\Conduit
Folder Deleted : C:\Users\Admin\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Admin\AppData\Local\WhiteListing
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Admin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Admin\AppData\LocalLow\SweetPacks_A7
Folder Deleted : C:\Users\Admin\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Admin\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Folder Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giekjokemioblbkdkclpehonimdjgiee
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\giekjokemioblbkdkclpehonimdjgiee
[!] Folder Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giekjokemioblbkdkclpehonimdjgiee
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\giekjokemioblbkdkclpehonimdjgiee
File Deleted : C:\Users\Admin\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\giekjokemioblbkdkclpehonimdjgiee
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF062B7C-3A0C-4B82-BBC0-A6718BB2F894}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF062B7C-3A0C-4B82-BBC0-A6718BB2F894}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B0C0123D-E2A6-451E-A3BD-A4B9C7326B53}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B34D6DC-FAEB-4E0C-B9A6-6828AE8D4482}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29FEADFD-F050-457D-8AFD-7FE9198AEA69}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\SweetPacks_A7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7173 octets] - [08/12/2013 20:20:27]
AdwCleaner[R1].txt - [5329 octets] - [15/12/2013 17:08:22]
AdwCleaner[R2].txt - [5681 octets] - [15/12/2013 19:33:04]
AdwCleaner[S0].txt - [5536 octets] - [15/12/2013 19:42:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5596 octets] ##########

#10 sparkey75

sparkey75

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 15 December 2013 - 08:37 PM

Here is the CF log. When I opened up chrome after running CF IE opened on it's own http://www.binary-op...?camp=media_ron  

 

ComboFix 13-12-13.01 - Administrator 12/15/2013  20:14:08.4.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1526.715 [GMT -6:00]
Running from: E:\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-16 to 2013-12-16  )))))))))))))))))))))))))))))))
.
.
2013-12-16 02:26 . 2013-12-16 02:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-16 02:26 . 2013-12-16 02:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-16 02:26 . 2013-12-16 02:26 -------- d-----w- c:\users\Dan\AppData\Local\temp
2013-12-16 02:26 . 2013-12-16 02:26 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-12-16 01:46 . 2013-12-16 01:46 -------- d-----w- c:\programdata\boost_interprocess
2013-12-14 16:09 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9EA8384-B86D-4EF0-B2D6-E7E225DEE5C6}\mpengine.dll
2013-12-12 13:47 . 2013-04-29 14:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-12-12 09:03 . 2013-10-25 03:41 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-12 09:03 . 2013-10-25 04:43 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-12-12 09:03 . 2013-10-25 04:44 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-12-12 09:03 . 2013-10-25 04:43 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-12-12 09:03 . 2013-10-25 04:45 469504 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2013-12-12 09:03 . 2013-10-25 04:43 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-12-12 02:59 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 02:59 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 02:59 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 02:59 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 02:59 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 02:59 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-12 02:59 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 02:59 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 02:59 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 14:22 . 2013-12-11 14:58 9293192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-10 23:27 . 2013-12-15 20:16 -------- d-----w- c:\users\Dan\AppData\Local\CrashDumps
2013-12-10 06:05 . 2013-12-10 06:05 -------- d-----w- C:\FRST
2013-12-10 03:34 . 2013-12-10 03:34 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2013-12-09 02:55 . 2013-12-09 02:55 -------- d-----w- c:\windows\ERUNT
2013-12-09 02:20 . 2013-12-16 01:43 -------- d-----w- C:\AdwCleaner
2013-12-05 16:32 . 2013-12-16 02:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-11-25 01:13 . 2013-11-25 01:13 -------- d-----w- c:\program files\CAM Development
2013-11-18 22:50 . 2013-11-18 22:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\Open Download Manager
2013-11-18 20:44 . 2013-11-18 20:44 -------- d-----w- c:\users\Administrator\AppData\Local\Programs
2013-11-18 20:36 . 2013-11-18 20:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2013-11-17 19:45 . 2013-11-17 19:46 -------- d-----w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 14:58 . 2012-08-24 04:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 14:58 . 2011-05-26 04:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-11 11:50 . 2011-05-26 04:48 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-12 02:03 . 2013-11-13 10:32 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 10:32 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-13 10:32 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57 . 2013-11-13 10:32 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-03 01:58 . 2013-11-13 10:32 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-09-25 02:01 . 2013-11-13 10:33 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01 . 2013-11-13 10:33 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57 . 2013-11-13 10:33 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 01:57 . 2013-11-13 10:33 22016 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 01:57 . 2013-11-13 10:33 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:56 . 2013-11-13 10:33 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56 . 2013-11-13 10:33 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49 . 2013-11-13 10:33 22016 ----a-w- c:\windows\system32\lsass.exe
2013-09-25 00:49 . 2013-11-13 10:33 15872 ----a-w- c:\windows\system32\sspisrv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2013-01-08 15:56 87768 ----a-w- c:\program files\pandasecuritytb\pandasecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\pandasecuritytb\pandasecurityDx.dll" [2013-01-08 87768]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"NMSVC"="c:\program files\CE\CovenantEyes.exe" [2012-10-22 2429440]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2013-04-11 235072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-12 30192]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-03-04 139264]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-05-28 32736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X]
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2012-10-22 1633280]
R2 GorillaPrice;GorillaPrice;c:\program files\GorillaPrice\GorillaPrice.exe [2013-11-05 631808]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R2 WatGorp;WatGorp;c:\programdata\GorillaPrice\WatGorp.exe [2013-11-05 70144]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 11520]
R3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\DRIVERS\fantom.sys [2006-03-10 39424]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-09-12 30192]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
R3 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys [2013-05-28 97512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2013-05-29 61672]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2013-05-29 84200]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2013-05-29 126184]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys [2013-05-29 107752]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2013-05-29 124648]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2013-05-29 95464]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2013-05-29 106344]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2013-05-29 287336]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2013-05-29 161384]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2013-05-29 108904]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2013-05-29 230376]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2013-05-29 93928]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2013-05-28 175848]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-27 185688]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-05-28 140768]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2013-05-28 145128]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2013-05-28 105704]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2013-05-28 114920]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2013-05-29 127720]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-05-28 37344]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 02:52 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 14:58]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-22 15:52]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-22 15:52]
.
2013-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1863780492-622105713-1626105537-1000Core.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 04:23]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1863780492-622105713-1626105537-1000UA.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 04:23]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: CESpy.dll
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"=hex:51,66,7a,6c,4c,1d,3b,1b,70,a0,3b,
   a7,19,08,8c,0c,8a,de,7e,0c,cb,7b,65,f9
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5,
   07,99,bc,e4,0f,bd,94,ba,17,8a,6f,fa,de
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2,
   c4,71,f0,3c,0e,a4,76,dc,65,c7,84,cf,b4
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,47,9a,
   b1,68,7a,b3,03,97,79,b1,b7,83,5b,03,8a
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:bc,7a,e1,0b,b7,e4,ce,01
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,e4,02,5f,03,ac,16,43,a0,f0,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,e4,02,5f,03,ac,16,43,a0,f0,19,\
"027C9CB72E593A8F02C55092F385DBAC99DF56D067"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,ee,bb,dc,c7,1e,06,46,96,e4,6a,\
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-15  20:28:24
ComboFix-quarantined-files.txt  2013-12-16 02:28
ComboFix2.txt  2013-12-05 16:32
ComboFix3.txt  2013-01-27 06:36
ComboFix4.txt  2011-09-12 14:20
.
Pre-Run: 244,607,844,352 bytes free
Post-Run: 244,347,269,120 bytes free
.
- - End Of File - - 0C2FCF369AE900100CA4975A4E710AF2
A36C5E4F47E84449FF07ED3517B43A31

    Advertisements

Register to Remove

#11 sparkey75

sparkey75

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 15 December 2013 - 08:52 PM

I also just tried running java update and it gives me a download error and will not run.


Edited by sparkey75, 15 December 2013 - 11:05 PM.

#12 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 17 December 2013 - 02:16 PM

Hi Sparkey

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
ClearJavaCache
In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Next


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png
    On your next reply please post :
  • MBAM log
  • ESET Report
  • Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!

- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#13 sparkey75

sparkey75

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 20 December 2013 - 11:40 PM

Here is the CF Log

ComboFix 13-12-13.01 - Administrator 12/20/2013  23:01:53.5.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1526.669 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-21 to 2013-12-21  )))))))))))))))))))))))))))))))
.
.
2013-12-21 05:14 . 2013-12-21 05:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-21 05:14 . 2013-12-21 05:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-21 05:14 . 2013-12-21 05:14 -------- d-----w- c:\users\Dan\AppData\Local\temp
2013-12-21 05:14 . 2013-12-21 05:14 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-12-20 19:45 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD3B5D09-BC32-40A0-9937-F5007690261F}\mpengine.dll
2013-12-20 19:33 . 2013-12-20 19:33 -------- d-----w- c:\users\Administrator\AppData\Local\Apple
2013-12-16 01:46 . 2013-12-20 19:58 -------- d-----w- c:\programdata\boost_interprocess
2013-12-12 13:47 . 2013-04-29 14:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-12-12 09:03 . 2013-10-25 03:41 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-12 09:03 . 2013-10-25 04:43 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-12-12 09:03 . 2013-10-25 04:44 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-12-12 09:03 . 2013-10-25 04:43 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-12-12 09:03 . 2013-10-25 04:45 469504 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2013-12-12 09:03 . 2013-10-25 04:43 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-12-12 02:59 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 02:59 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 02:59 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 02:59 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 02:59 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 02:59 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-12 02:59 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 02:59 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 02:59 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 14:22 . 2013-12-11 14:58 9293192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-10 23:27 . 2013-12-15 20:16 -------- d-----w- c:\users\Dan\AppData\Local\CrashDumps
2013-12-10 06:05 . 2013-12-10 06:05 -------- d-----w- C:\FRST
2013-12-10 03:34 . 2013-12-16 02:32 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2013-12-09 02:55 . 2013-12-09 02:55 -------- d-----w- c:\windows\ERUNT
2013-12-09 02:20 . 2013-12-16 01:43 -------- d-----w- C:\AdwCleaner
2013-12-05 16:32 . 2013-12-21 05:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-11-25 01:13 . 2013-11-25 01:13 -------- d-----w- c:\program files\CAM Development
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 14:58 . 2012-08-24 04:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 14:58 . 2011-05-26 04:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-26 18:25 . 2011-05-26 04:48 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-04 08:23 . 2013-11-17 19:46 183776 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\psenlc.dll
2013-10-22 09:25 . 2013-11-17 19:46 83936 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\psenutil.dll
2013-10-22 09:25 . 2013-11-17 19:46 397280 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSANModAV.dll
2013-10-22 09:25 . 2013-11-17 19:46 346080 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSANUpgSI.dll
2013-10-20 06:24 . 2013-11-17 19:46 3188192 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNPnlConfig.dll
2013-10-19 05:21 . 2013-11-17 19:46 919520 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSCCGUIUtils.dll
2013-10-19 05:19 . 2013-11-17 19:46 63456 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAUtils.dll
2013-10-19 05:19 . 2013-11-17 19:46 55264 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAWatchdog.dll
2013-10-19 05:19 . 2013-11-17 19:46 64480 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUATranslator.dll
2013-10-19 05:19 . 2013-11-17 19:46 181216 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUASystrayObject.dll
2013-10-19 05:19 . 2013-11-17 19:46 417248 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAServiceManager.dll
2013-10-19 05:19 . 2013-11-17 19:46 37344 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
2013-10-19 05:19 . 2013-11-17 19:46 183776 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUASysTray.dll
2013-10-19 05:19 . 2013-11-17 19:46 32736 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
2013-10-19 05:19 . 2013-11-17 19:46 238560 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\x64\PSUAShell.dll
2013-10-19 05:19 . 2013-11-17 19:46 99296 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\x86\PSUAShell.dll
2013-10-19 05:19 . 2013-11-17 19:46 865760 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAResources.dll
2013-10-19 05:19 . 2013-11-17 19:46 39904 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUALegacyExt.dll
2013-10-19 05:19 . 2013-11-17 19:46 132576 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAInfo.dll
2013-10-19 05:19 . 2013-11-17 19:46 64480 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAGUIAlertsManager.dll
2013-10-19 05:19 . 2013-11-17 19:46 48096 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAConfigMgr.dll
2013-10-19 05:19 . 2013-11-17 19:46 34784 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAError.dll
2013-10-19 05:19 . 2013-11-17 19:46 135136 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAFirewall.dll
2013-10-19 05:19 . 2013-11-17 19:46 808416 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAAlerts.dll
2013-10-19 05:19 . 2013-11-17 19:46 538080 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAAction.dll
2013-10-19 05:19 . 2013-11-17 19:46 105952 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUAADiag.dll
2013-10-18 18:53 . 2013-11-17 19:46 135136 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\psenfilter.dll
2013-10-18 18:53 . 2013-11-17 19:46 307168 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSANModCfg.dll
2013-10-17 19:31 . 2013-11-17 19:46 167904 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSINEnAg.dll
2013-10-17 19:31 . 2013-11-17 19:46 145640 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Vista\PSINAflt.sys
2013-10-17 19:31 . 2013-11-17 19:46 169192 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\Vista\PSINAflt.sys
2013-10-17 19:31 . 2013-11-17 19:46 145640 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\W7\PSINAflt.sys
2013-10-17 19:31 . 2013-11-17 19:46 169192 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\W7\PSINAflt.sys
2013-10-17 19:31 . 2013-11-17 19:46 145640 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\Drivers\psinaflt\x86_W8\PSINAflt.sys
2013-10-17 19:31 . 2013-11-17 19:46 169192 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\Drivers\psinaflt\x64_W8\PSINAflt.sys
2013-10-17 19:31 . 2013-11-17 19:46 145640 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Xp\PSINAflt.sys
2013-10-17 15:32 . 2013-11-17 19:46 901928 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Setup.exe
2013-10-17 15:31 . 2013-11-17 19:46 355624 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSINanoRun.exe
2013-10-17 15:30 . 2013-11-17 19:45 241960 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Launcher.exe
2013-10-15 11:34 . 2013-11-17 19:46 111072 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\psenlog.dll
2013-10-15 11:34 . 2013-11-17 19:46 331744 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSANCU.exe
2013-10-14 16:28 . 2013-11-17 19:46 1461728 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSAUI.dll
2013-10-14 16:28 . 2013-11-17 19:46 370656 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSAEng.dll
2013-10-12 02:03 . 2013-11-13 10:32 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 10:32 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-13 10:32 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-11 09:47 . 2013-11-17 19:46 97896 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Xp\PSINReg.sys
2013-10-11 09:46 . 2013-11-17 19:46 127720 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\Drivers\psinprot\x86_W8\PSINProt.sys
2013-10-11 09:46 . 2013-11-17 19:46 175848 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\Drivers\psinknc\x86_W8\PSINKNC.sys
2013-10-11 09:46 . 2013-11-17 19:46 206056 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\Drivers\psinknc\x64_W8\PSINKNC.sys
2013-10-11 09:46 . 2013-11-17 19:46 137960 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\Drivers\psinprot\x64_W8\PSINProt.sys
2013-10-11 09:46 . 2013-11-17 19:46 128232 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Xp\PSINProt.sys
2013-10-11 09:46 . 2013-11-17 19:46 115048 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Xp\PSINProc.sys
2013-10-11 09:46 . 2013-11-17 19:46 179944 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Xp\PSINKNC.sys
2013-10-11 09:46 . 2013-11-17 19:46 103528 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Xp\PSINFile.sys
2013-10-11 09:46 . 2013-11-17 19:46 97512 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Vista_W7\PSINReg.sys
2013-10-11 09:46 . 2013-11-17 19:46 127720 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\W7\PSINProt.sys
2013-10-11 09:46 . 2013-11-17 19:46 114920 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\W7\PSINProc.sys
2013-10-11 09:46 . 2013-11-17 19:46 137960 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\W7\PSINProt.sys
2013-10-11 09:46 . 2013-11-17 19:46 124648 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\W7\PSINProc.sys
2013-10-11 09:46 . 2013-11-17 19:46 105704 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\Vista_W7\PSINReg.sys
2013-10-11 09:46 . 2013-11-17 19:46 206056 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\W7\PSINKNC.sys
2013-10-11 09:46 . 2013-11-17 19:46 122600 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\W7\PSINFile.sys
2013-10-11 09:45 . 2013-11-17 19:46 137960 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\Vista\PSINProt.sys
2013-10-11 09:45 . 2013-11-17 19:46 124648 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\Vista\PSINProc.sys
2013-10-11 09:45 . 2013-11-17 19:46 206056 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\Vista\PSINKNC.sys
2013-10-11 09:45 . 2013-11-17 19:46 122600 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System64\drivers\Vista\PSINFile.sys
2013-10-11 09:45 . 2013-11-17 19:46 175848 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\W7\PSINKNC.sys
2013-10-11 09:45 . 2013-11-17 19:46 105704 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\W7\PSINFile.sys
2013-10-11 09:45 . 2013-11-17 19:46 280032 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSINPrSg.dll
2013-10-11 09:45 . 2013-11-17 19:46 138208 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSINEvAg.dll
2013-10-11 09:45 . 2013-11-17 19:46 163296 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSINApAg.dll
2013-10-11 09:45 . 2013-11-17 19:46 127720 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Vista\PSINProt.sys
2013-10-11 09:45 . 2013-11-17 19:46 114920 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Vista\PSINProc.sys
2013-10-11 09:45 . 2013-11-17 19:46 175848 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Vista\PSINKNC.sys
2013-10-11 09:45 . 2013-11-17 19:46 105704 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\System32\drivers\Vista\PSINFile.sys
2013-10-10 15:38 . 2013-11-17 19:46 227624 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\DG\SMCLpav.exe
2013-10-10 15:38 . 2013-11-17 19:46 364840 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\DG\SMCLPav.dll
2013-10-10 15:38 . 2013-11-17 19:46 229160 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\DG\PGUse.exe
2013-10-10 15:38 . 2013-11-17 19:46 479016 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\DG\PAVSMCL.dll
2013-10-10 15:38 . 2013-11-17 19:46 150312 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\DG\PAV2WSC.dll
2013-10-10 15:38 . 2013-11-17 19:46 135464 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\DG\DGNano.dll
2013-10-10 08:26 . 2013-11-17 19:46 133600 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\pkndtr.dll
2013-10-08 15:55 . 2013-11-17 19:46 105440 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSNCSysInfo.dll
2013-10-07 13:36 . 2013-11-17 19:46 2207712 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNReports.dll
2013-10-07 13:36 . 2013-11-17 19:46 983520 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMsg.dll
2013-10-07 12:48 . 2013-11-17 19:46 238560 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNUtils.dll
2013-10-07 12:48 . 2013-11-17 19:46 2298848 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNSuspects.dll
2013-10-07 12:48 . 2013-11-17 19:46 2551264 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNScan.dll
2013-10-07 12:48 . 2013-11-17 19:46 2238432 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNResources.dll
2013-10-07 12:48 . 2013-11-17 19:46 115168 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNProcMonMng.dll
2013-10-07 12:48 . 2013-11-17 19:46 2595808 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNProcMon.dll
2013-10-07 12:48 . 2013-11-17 19:46 512992 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
2013-10-07 12:48 . 2013-11-17 19:46 2404320 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNFwConfig.dll
2013-10-07 12:48 . 2013-11-17 19:46 98784 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUNConfigStore.dll
2013-10-07 12:48 . 2013-11-17 19:46 520672 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSUASBoot.exe
2013-10-07 12:47 . 2013-11-17 19:46 35808 ----a-w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan5963.tmp\Program Files\Panda Security\Panda Cloud Antivirus\PSANLang.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2013-01-08 15:56 87768 ----a-w- c:\program files\pandasecuritytb\pandasecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\pandasecuritytb\pandasecurityDx.dll" [2013-01-08 87768]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"NMSVC"="c:\program files\CE\CovenantEyes.exe" [2012-10-22 2429440]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2013-04-11 235072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-12 30192]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-03-04 139264]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-05-28 32736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X]
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2012-10-22 1633280]
R2 GorillaPrice;GorillaPrice;c:\program files\GorillaPrice\GorillaPrice.exe [2013-11-05 631808]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R2 WatGorp;WatGorp;c:\programdata\GorillaPrice\WatGorp.exe [2013-11-05 70144]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 11520]
R3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\DRIVERS\fantom.sys [2006-03-10 39424]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-09-12 30192]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
R3 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys [2013-05-28 97512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2013-05-29 61672]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2013-05-29 84200]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2013-05-29 126184]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys [2013-05-29 107752]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2013-05-29 124648]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2013-05-29 95464]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2013-05-29 106344]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2013-05-29 287336]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2013-05-29 161384]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2013-05-29 108904]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2013-05-29 230376]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2013-05-29 93928]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2013-05-28 175848]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-27 185688]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-05-28 140768]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2013-05-28 145128]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2013-05-28 105704]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2013-05-28 114920]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2013-05-29 127720]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-05-28 37344]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 02:52 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 14:58]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-22 15:52]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-22 15:52]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1863780492-622105713-1626105537-1000Core.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 04:23]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1863780492-622105713-1626105537-1000UA.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 04:23]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: CESpy.dll
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"=hex:51,66,7a,6c,4c,1d,3b,1b,70,a0,3b,
   a7,19,08,8c,0c,8a,de,7e,0c,cb,7b,65,f9
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5,
   07,99,bc,e4,0f,bd,94,ba,17,8a,6f,fa,de
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2,
   c4,71,f0,3c,0e,a4,76,dc,65,c7,84,cf,b4
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,47,9a,
   b1,68,7a,b3,03,97,79,b1,b7,83,5b,03,8a
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:bc,7a,e1,0b,b7,e4,ce,01
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,e4,02,5f,03,ac,16,43,a0,f0,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,e4,02,5f,03,ac,16,43,a0,f0,19,\
"027C9CB72E593A8F02C55092F385DBAC99DF56D067"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,ee,bb,dc,c7,1e,06,46,96,e4,6a,\
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1863780492-622105713-1626105537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-20  23:16:55
ComboFix-quarantined-files.txt  2013-12-21 05:16
ComboFix2.txt  2013-12-16 02:28
ComboFix3.txt  2013-12-05 16:32
ComboFix4.txt  2013-01-27 06:36
ComboFix5.txt  2013-12-21 04:59
.
Pre-Run: 244,205,244,416 bytes free
Post-Run: 244,163,612,672 bytes free
.
- - End Of File - - B0F92A0A337F07D13E5F034B0128616B
A36C5E4F47E84449FF07ED3517B43A31

#14 sparkey75

sparkey75

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 21 December 2013 - 12:00 AM

 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.21.01
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16750
Administrator :: DAN-LAPTOP [administrator]
 
12/20/2013 11:37:12 PM
mbam-log-2013-12-20 (23-37-12).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282795
Time elapsed: 17 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

Edited by sparkey75, 21 December 2013 - 12:17 AM.

#15 sparkey75

sparkey75

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 21 December 2013 - 12:13 AM

I cannot run eset. I tried running it from IE but it will not start. I tried downloading it with chrome, it took 5 times to get it downloaded and then when I run it it starts and then pops up with "unexpected error #3. 

 

Also When I power up the computer and launch chrome IE just opens up to some spam web page still. 


Edited by sparkey75, 21 December 2013 - 12:21 AM.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·