Solved FBI Moneypak ransomware

[familyman14]

My kids laptop got this after DL'ing flash player update. I can't open anything or run his avira or malwarebytes due to the bogus page coming up every time I reboot. What do I do?
Also shows up on safe mode and safe mode with networking.

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

What Windows version is it?

 

[familyman14]

Windows7

 

[Broni]

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[familyman14]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2013 02
Ran by SYSTEM at 28-01-2013 22:46:02
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" [82792 2012-12-10] (Sendori, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1573576 2012-10-16] (Ask)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1046984 2012-12-12] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)
HKU\Owner\...\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-31] (Google Inc.)
HKU\Owner\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-12-03] (Valve Corporation)
HKU\Owner\...\Run: [PlayNC Launcher] [x]
HKU\Owner\...\Run: [miulgou] rundll32 "C:\Users\Owner\AppData\Local\miulgou.dll",miulgou [17408 2013-01-28] ()
HKU\Owner\...\Run: [crlob] rundll32.exe "C:\Users\Owner\AppData\Roaming\crlob.dll",GetDllMajorVersion [152576 2013-01-28] (Syntek Corporation)
HKU\Owner\...\Run: [winpr] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\winpr.dll",set_rows [598016 2013-01-28] (S3 Graphics Co., Ltd.)
HKU\Owner\...\Run: [nrvrs] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\nrvrs.dll",CheckReadBuffer [365568 2013-01-28] ()
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [56832 2011-11-16] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}: [NameServer]216.146.35.240,216.146.36.240,192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
==================== Services (Whitelisted) ===================
2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [118632 2012-12-10] (Sendori, Inc.)
2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [1340976 2012-11-01] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.)
2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [14696 2012-12-10] (sendori)
2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3569512 2012-12-10] (Sendori)
2 vToolbarUpdater13.3.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [894920 2012-12-12] ()
3 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [109064 2012-10-05] (Wajam)
==================== Drivers (Whitelisted) =====================
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-12-12] (AVG Technologies)
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2013-01-28 22:45 - 2013-01-28 22:45 - 00000000 ____D C:\FRST
2013-01-28 09:52 - 2013-01-28 09:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-01-28 09:31 - 2013-01-28 09:51 - 00000365 ____A C:\Windows\System32\avgrep.txt
2013-01-28 03:41 - 2013-01-28 03:41 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-01-28 03:38 - 2013-01-28 19:34 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
2013-01-28 03:37 - 2013-01-28 03:37 - 00365568 ____A () C:\Users\Owner\AppData\Roaming\nrvrs.dll
2013-01-28 03:36 - 2013-01-28 19:34 - 00006528 ____A C:\Users\Owner\AppData\Local\045b083c-7415-4a22-ba9e-7a63e54675f8.crx
2013-01-28 03:36 - 2013-01-28 03:36 - 00598016 ____A (S3 Graphics Co., Ltd.) C:\Users\Owner\AppData\Roaming\winpr.dll
2013-01-28 03:33 - 2013-01-28 03:33 - 00152576 ____A (Syntek Corporation) C:\Users\Owner\AppData\Roaming\crlob.dll
2013-01-28 03:33 - 2013-01-28 03:33 - 00017408 ____A C:\Users\Owner\AppData\Local\miulgou.dll
2013-01-19 20:06 - 2010-02-04 07:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-01-19 20:06 - 2010-02-04 07:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-01-19 20:06 - 2010-02-04 07:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-01-19 20:06 - 2010-02-04 07:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-01-19 20:06 - 2010-02-04 07:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-01-19 20:06 - 2010-02-04 07:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-01-19 20:06 - 2009-09-04 14:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-01-19 20:06 - 2009-09-04 14:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-01-19 20:06 - 2009-09-04 14:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-01-19 20:06 - 2009-09-04 14:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-01-19 20:06 - 2009-09-04 14:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-01-19 20:06 - 2009-09-04 14:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-01-19 20:06 - 2009-09-04 14:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-01-19 20:06 - 2009-09-04 14:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-01-19 20:06 - 2009-09-04 14:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-01-19 20:06 - 2009-09-04 14:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-01-19 20:06 - 2009-09-04 14:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-01-19 20:06 - 2009-09-04 14:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-01-19 20:06 - 2009-09-04 14:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-01-19 20:06 - 2009-09-04 14:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-01-19 20:06 - 2009-09-04 14:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-01-19 20:06 - 2009-09-04 14:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-01-19 20:06 - 2009-03-16 11:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-01-19 20:06 - 2009-03-16 11:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-01-19 20:06 - 2009-03-16 11:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-01-19 20:06 - 2009-03-09 12:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-01-19 20:06 - 2009-03-09 12:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-01-19 20:06 - 2009-03-09 12:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2013-01-19 20:06 - 2009-03-09 12:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-01-19 20:06 - 2009-03-09 12:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2013-01-19 20:06 - 2009-03-09 12:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-01-19 20:06 - 2008-10-27 07:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-01-19 20:06 - 2008-10-27 07:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-01-19 20:06 - 2008-10-27 07:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-01-19 20:06 - 2008-10-27 07:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-01-19 20:06 - 2008-10-27 07:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-01-19 20:06 - 2008-10-27 07:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-01-19 20:06 - 2008-10-27 07:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-01-19 20:06 - 2008-10-27 07:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-01-19 20:06 - 2008-10-15 03:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-01-19 20:06 - 2008-10-15 03:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-01-19 20:06 - 2008-10-15 03:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-01-19 20:06 - 2008-10-15 03:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-01-19 20:06 - 2008-10-15 03:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-01-19 20:04 - 2013-01-19 20:04 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-01-19 20:04 - 2009-03-16 11:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-01-19 20:04 - 2009-03-16 11:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-01-19 20:04 - 2009-03-16 11:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-01-17 13:28 - 2013-01-17 13:28 - 06168335 ____A C:\Users\Owner\Downloads\nick_mrfoster_040811_11893-L4D2.zip
2013-01-17 13:26 - 2013-01-17 13:26 - 10522427 ____A C:\Users\Owner\Downloads\the_end_of_the_battle_death_music_121212_22174-L4D2 (2).zip
2013-01-17 13:24 - 2013-01-17 13:24 - 22599137 ____A C:\Users\Owner\Downloads\intensetankmusic_150113_22876-L4D2.zip
2013-01-17 13:22 - 2013-01-17 13:22 - 07933736 ____A C:\Users\Owner\Downloads\nostalgia_charger_200512_17540-L4D2.zip
2013-01-17 13:20 - 2013-01-17 13:20 - 02572583 ____A C:\Users\Owner\Downloads\mod_infected_sfx_witch_110512_17306-L4D2.zip
2013-01-17 13:18 - 2013-01-17 13:18 - 00524032 ____A C:\Users\Owner\Downloads\mod_tipgraphic_beta_260512_15667-L4D2.zip
2013-01-17 13:16 - 2013-01-17 13:16 - 01643068 ____A C:\Users\Owner\Downloads\mod_map_previews_150512_17288-L4D2.zip
2013-01-15 04:04 - 2013-01-15 04:04 - 00000000 ____D C:\Users\Owner\Downloads\New folder (2)
2013-01-15 04:04 - 2013-01-15 04:04 - 00000000 ____D C:\Users\Owner\Downloads\New folder
2013-01-11 03:29 - 2013-01-11 03:29 - 38312284 ____A C:\Users\Owner\Downloads\nazi_zombies_ndu_130112_9504-L4D2 (6).zip
2013-01-09 03:44 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-09 03:44 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-09 03:43 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-09 03:43 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-09 03:43 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-09 03:43 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-09 03:43 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-09 03:43 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-09 03:43 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-09 03:43 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-09 03:43 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-09 03:43 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-09 03:43 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-09 03:43 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-09 03:43 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-09 03:43 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-09 03:43 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-09 03:43 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-09 03:43 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-09 03:43 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-09 03:43 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-09 03:43 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-09 03:43 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-09 03:43 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-09 03:43 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 03:43 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-09 03:43 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-09 03:43 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-09 03:43 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-09 03:42 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-09 03:42 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-09 03:42 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-09 03:42 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-09 03:42 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-09 03:42 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-09 03:42 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-09 03:42 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-09 03:42 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-09 03:42 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-09 03:42 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 03:42 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-09 03:42 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-09 03:42 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 03:42 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-09 03:42 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-09 03:41 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-09 03:41 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-08 16:21 - 2013-01-08 16:21 - 16369160 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-01-06 14:36 - 2010-06-02 01:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-01-06 14:36 - 2010-06-02 01:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-01-06 14:36 - 2010-06-02 01:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-01-06 14:36 - 2010-06-02 01:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-01-06 14:36 - 2010-05-26 08:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-01-06 14:36 - 2010-05-26 08:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-01-06 14:36 - 2010-05-26 08:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-01-06 14:36 - 2010-05-26 08:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-01-06 14:36 - 2010-05-26 08:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-01-06 14:36 - 2010-05-26 08:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-01-06 14:36 - 2010-02-04 07:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-01-06 14:36 - 2010-02-04 07:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-01-04 19:11 - 2013-01-04 19:11 - 01228229 ____A C:\Users\Owner\Downloads\merry_christmas_231212_22437-L4D2.zip
2013-01-03 03:41 - 2013-01-03 03:41 - 04431963 ____A C:\Users\Owner\Downloads\logan_nick_020113_22628-L4D2.zip
2013-01-02 15:50 - 2013-01-02 15:50 - 05775777 ____A C:\Users\Owner\Downloads\cedathelaststand_280912_20744-L4D2.zip
2013-01-02 15:46 - 2013-01-02 15:46 - 10522427 ____A C:\Users\Owner\Downloads\the_end_of_the_battle_death_music_121212_22174-L4D2 (1).zip
2013-01-02 15:39 - 2013-01-02 15:39 - 00074993 ____A C:\Users\Owner\Downloads\walking_corpses_010113_22528-L4D2.zip
==================== One Month Modified Files and Folders =======
2013-01-28 22:45 - 2013-01-28 22:45 - 00000000 ____D C:\FRST
2013-01-28 19:34 - 2013-01-28 03:38 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
2013-01-28 19:34 - 2013-01-28 03:36 - 00006528 ____A C:\Users\Owner\AppData\Local\045b083c-7415-4a22-ba9e-7a63e54675f8.crx
2013-01-28 19:34 - 2012-07-06 19:35 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Hamachi
2013-01-28 19:34 - 2012-04-08 08:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-01-28 19:33 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-28 19:33 - 2009-07-13 20:51 - 00053559 ____A C:\Windows\setupact.log
2013-01-28 09:52 - 2013-01-28 09:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-01-28 09:51 - 2013-01-28 09:31 - 00000365 ____A C:\Windows\System32\avgrep.txt
2013-01-28 09:31 - 2012-12-12 12:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg2013
2013-01-28 09:20 - 2012-04-13 13:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-28 09:18 - 2009-07-13 20:45 - 00015824 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-28 09:18 - 2009-07-13 20:45 - 00015824 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-28 09:16 - 2012-02-25 08:31 - 00000000 ____D C:\Users\All Users\MFAData
2013-01-28 09:14 - 2012-02-24 10:26 - 01379032 ____A C:\Windows\WindowsUpdate.log
2013-01-28 09:12 - 2012-02-25 08:27 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886674033-3501889395-2250448632-1000UA.job
2013-01-28 03:43 - 2012-02-25 08:27 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886674033-3501889395-2250448632-1000Core.job
2013-01-28 03:41 - 2013-01-28 03:41 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-01-28 03:38 - 2012-02-25 08:28 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-28 03:37 - 2013-01-28 03:37 - 00365568 ____A () C:\Users\Owner\AppData\Roaming\nrvrs.dll
2013-01-28 03:36 - 2013-01-28 03:36 - 00598016 ____A (S3 Graphics Co., Ltd.) C:\Users\Owner\AppData\Roaming\winpr.dll
2013-01-28 03:33 - 2013-01-28 03:33 - 00152576 ____A (Syntek Corporation) C:\Users\Owner\AppData\Roaming\crlob.dll
2013-01-28 03:33 - 2013-01-28 03:33 - 00017408 ____A C:\Users\Owner\AppData\Local\miulgou.dll
2013-01-27 19:00 - 2012-02-25 08:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-01-27 10:09 - 2012-09-13 15:32 - 00000000 ____D C:\Users\Owner\AppData\Local\ArmA 2 OA
2013-01-19 20:06 - 2012-08-20 15:40 - 00097269 ____A C:\Windows\DirectX.log
2013-01-19 20:04 - 2013-01-19 20:04 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-01-17 13:28 - 2013-01-17 13:28 - 06168335 ____A C:\Users\Owner\Downloads\nick_mrfoster_040811_11893-L4D2.zip
2013-01-17 13:26 - 2013-01-17 13:26 - 10522427 ____A C:\Users\Owner\Downloads\the_end_of_the_battle_death_music_121212_22174-L4D2 (2).zip
2013-01-17 13:24 - 2013-01-17 13:24 - 22599137 ____A C:\Users\Owner\Downloads\intensetankmusic_150113_22876-L4D2.zip
2013-01-17 13:22 - 2013-01-17 13:22 - 07933736 ____A C:\Users\Owner\Downloads\nostalgia_charger_200512_17540-L4D2.zip
2013-01-17 13:20 - 2013-01-17 13:20 - 02572583 ____A C:\Users\Owner\Downloads\mod_infected_sfx_witch_110512_17306-L4D2.zip
2013-01-17 13:18 - 2013-01-17 13:18 - 00524032 ____A C:\Users\Owner\Downloads\mod_tipgraphic_beta_260512_15667-L4D2.zip
2013-01-17 13:16 - 2013-01-17 13:16 - 01643068 ____A C:\Users\Owner\Downloads\mod_map_previews_150512_17288-L4D2.zip
2013-01-15 04:04 - 2013-01-15 04:04 - 00000000 ____D C:\Users\Owner\Downloads\New folder (2)
2013-01-15 04:04 - 2013-01-15 04:04 - 00000000 ____D C:\Users\Owner\Downloads\New folder
2013-01-15 03:57 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-11 03:29 - 2013-01-11 03:29 - 38312284 ____A C:\Users\Owner\Downloads\nazi_zombies_ndu_130112_9504-L4D2 (6).zip
2013-01-10 04:27 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-10 03:37 - 2012-02-24 08:35 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-08 16:22 - 2012-04-13 13:16 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-08 16:22 - 2012-02-25 08:27 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-08 16:21 - 2013-01-08 16:21 - 16369160 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-01-06 14:37 - 2012-02-25 08:51 - 00000000 ____D C:\Users\Owner\Documents\My Games
2013-01-06 14:35 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-01-04 19:11 - 2013-01-04 19:11 - 01228229 ____A C:\Users\Owner\Downloads\merry_christmas_231212_22437-L4D2.zip
2013-01-03 03:41 - 2013-01-03 03:41 - 04431963 ____A C:\Users\Owner\Downloads\logan_nick_020113_22628-L4D2.zip
2013-01-02 15:50 - 2013-01-02 15:50 - 05775777 ____A C:\Users\Owner\Downloads\cedathelaststand_280912_20744-L4D2.zip
2013-01-02 15:46 - 2013-01-02 15:46 - 10522427 ____A C:\Users\Owner\Downloads\the_end_of_the_battle_death_music_121212_22174-L4D2 (1).zip
2013-01-02 15:39 - 2013-01-02 15:39 - 00074993 ____A C:\Users\Owner\Downloads\walking_corpses_010113_22528-L4D2.zip

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3886674033-3501889395-2250448632-1000\$9055f4d06b32151c09042282ba5bfa9a
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-01-19 20:04:32
Restore point made on: 2013-01-19 20:05:30
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 2933.86 MB
Available physical RAM: 2413.94 MB
Total Pagefile: 2932.01 MB
Available Pagefile: 2407.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:287.75 GB) (Free:35.81 GB) NTFS
4 Drive g: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (HDDRECOVERY) (Fixed) (Total:10.34 GB) (Free:0.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 492 MB 0 B
Partitions of Disk 0:
===============
Disk ID: C047B9AB
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 287 GB 1024 KB
Partition 2 Primary 10 GB 287 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 287 GB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY NTFS Partition 10 GB Healthy
=========================================================
Partitions of Disk 2:
===============
Disk ID: 00000000
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 491 MB 16 KB
==================================================================================
Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 491 MB Healthy
=========================================================
Last Boot: 2012-09-07 13:34

 

[familyman14]

Can just open to his wallpaper, no icons.

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally and see if your computer is running better.

If so....

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[familyman14]

I plug in the flashdrive with DL'ed fixlist.txt , press power on button and it goes to "starting windows" then welcome screen to white screen then to the fbi screen. Tried in safe mode and safe mode with networking and they both load up then log off and back to fbi screen.

 

[familyman14]

I tinkered with the laptop and pressed cont+alt+del and to task manager to shutdown. As it was waiting to force backround programs to close I clicked cancel and before it shutdown I was able to click on malwarebytes. My avg expired. will post results of malware when done scanning.

 

[familyman14]

I am now using the infected laptop
Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|crlob (Trojan.Medfos) -> Data: rundll32.exe "C:\Users\Owner\AppData\Roaming\crlob.dll",GetDllMajorVersion -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nrvrs (Trojan.RedirRdll2.Gen) -> Data: "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\nrvrs.dll",CheckReadBuffer -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 13
C:\Users\Owner\AppData\Roaming\crlob.dll (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a\n (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a\U\800000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3886674033-3501889395-2250448632-1000\$9055f4d06b32151c09042282ba5bfa9a\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3886674033-3501889395-2250448632-1000\$9055f4d06b32151c09042282ba5bfa9a\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3886674033-3501889395-2250448632-1000\$9055f4d06b32151c09042282ba5bfa9a\U\800000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\0M7S1QYI0.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\~!#C24.tmp (Trojan.Winlock) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\~!#E771.tmp (Backdoor.Bot.ED) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\~!#EEF0.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\skype.dat (Trojan.Winlock) -> Quarantined and deleted successfully.

(end)

 

[Broni]

I don't think you ran FRST fix correctly.
You're supposed to boot back to System Recovery Options and run the fix from there.

In any case since you can boot normally....
MBAM log is incomplete.
Re-run it one more time.

Then I still need DDS logs.

My avg expired

Uninstall it using AVG Remover: http://www.avg.com/us-en/utilities

Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Update, run full scan, report on any findings.

 

[familyman14]

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.29.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-TOSHIBA [administrator]

1/29/2013 10:56:58 PM
mbam-log-2013-01-29 (22-56-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209917
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[familyman14]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/24/2012 10:31:51 AM
System Uptime: 1/29/2013 10:39:38 PM (1 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | CPU | 1179/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 35.885 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\QCI0701\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\QCI0701\2&DABA3FF&1
Service:
.
==== System Restore Points ===================
.
RP59: 1/19/2013 11:04:06 PM - Installed DirectX
RP60: 1/19/2013 11:05:03 PM - Installed DirectX
RP61: 1/29/2013 5:46:40 PM - avast! Free Antivirus Setup
RP62: 1/29/2013 10:51:12 PM - Installed Java 7 Update 11
.
==== Installed Programs ======================
.
7-zip v9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Aion
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
Ask Toolbar
Ask Toolbar Updater
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
BattlEye for OA Uninstall
BattlEye Uninstall
Best Buy pc app
Chivalry: Medieval Warfare
DayZ Commander
Dual-Core Optimizer
Fallen Earth
Fallout Mod Manager 0.13.21
GamersFirst LIVE!
Garry's Mod
Garry's Mod 13 Beta
GCFScape 1.8.2
Google Chrome
Horizon v2.5.9.0
InstallIQ Updater
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 31
JavaFX 2.1.0
Left 4 Dead 2
LogMeIn Hamachi
Magicka
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Moonbase Alpha
Mount & Blade Demo
NCsoft Launcher
NVIDIA PhysX v8.10.29
Pando Media Booster
PlanetSide 2
PricePeep
QuickTime
Realm of the Mad God
SavetheChildren Reminder by We-Care.com v4.1.17.4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Sendori
Skype Click to Call
Skype™ 6.0
SMPlayer 0.6.9
Steam
swMSM
System Requirements Lab CYRI
Team Fortress 2
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.0
Wajam
WinRAR 4.11 (64-bit)
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
1/29/2013 5:36:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.
1/29/2013 5:35:55 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
1/29/2013 3:00:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr Wanarpv6
1/29/2013 3:00:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/29/2013 3:00:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/29/2013 3:00:05 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
1/29/2013 2:47:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
1/29/2013 2:47:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/29/2013 2:47:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/29/2013 2:47:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/29/2013 2:47:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/29/2013 2:47:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/29/2013 2:47:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/29/2013 2:47:33 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/29/2013 2:47:33 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/29/2013 2:47:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/29/2013 10:45:34 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
1/29/2013 10:45:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
1/29/2013 10:44:03 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.
1/29/2013 10:42:19 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/29/2013 10:42:16 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/29/2013 10:42:16 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/29/2013 10:34:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.
1/29/2013 10:34:34 PM, Error: Service Control Manager [7000] - The Service Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/29/2013 10:33:47 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753636.
1/29/2013 10:33:47 PM, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.
1/28/2013 12:38:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/28/2013 12:37:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service sndappv2 with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
1/28/2013 12:31:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/28/2013 12:31:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/28/2013 12:31:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/28/2013 12:31:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/28/2013 12:31:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/23/2013 2:58:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

 

[familyman14]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.4.1
Run by Owner at 23:06:58 on 2013-01-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.1368 [GMT -5:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.genieo.com/?v=w3i8
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [PlayNC Launcher] <no file>
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Windows\System32\Sendori.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E} : NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}\131364850313234373238383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}\34F6272656474737 : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}\3554253544D27455543545 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}\C496E6B6379737 : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}\C496E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}\C696E6B6379737 : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-29 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-29 370288]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-29 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-29 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-29 44808]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2010-4-28 932384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-25 59392]
S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-24 1255736]
.
=============== Created Last 30 ================
.
2013-01-30 03:52:3295648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-29 22:48:4154072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2013-01-29 22:48:38984144----a-w-C:\Windows\System32\drivers\aswSnx.sys
2013-01-29 22:48:3271600----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2013-01-29 22:47:5041224----a-w-C:\Windows\avastSS.scr
2013-01-29 22:47:30--------d-----w-C:\ProgramData\AVAST Software
2013-01-29 22:47:30--------d-----w-C:\Program Files\AVAST Software
2013-01-29 06:45:53--------d-----w-C:\FRST
2013-01-28 17:52:12--------d-----w-C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-01-28 11:41:48--------d-sh--w-C:\Windows\System32\%APPDATA%
2013-01-28 11:37:07365568----a-w-C:\Users\Owner\AppData\Roaming\nrvrs.dll
2013-01-28 11:36:43598016----a-w-C:\Users\Owner\AppData\Roaming\winpr.dll
2013-01-28 11:33:4917408----a-w-C:\Users\Owner\AppData\Local\miulgou.dll
2013-01-20 04:04:56517448----a-w-C:\Windows\SysWow64\XAudio2_4.dll
2013-01-20 04:04:56235352----a-w-C:\Windows\SysWow64\xactengine3_4.dll
2013-01-20 04:04:5522360----a-w-C:\Windows\SysWow64\X3DAudio1_6.dll
2013-01-20 04:04:02--------d-----w-C:\Program Files (x86)\Microsoft XNA
2013-01-09 11:44:10750592----a-w-C:\Windows\System32\win32spl.dll
2013-01-09 11:44:10492032----a-w-C:\Windows\SysWow64\win32spl.dll
2013-01-09 11:42:28424448----a-w-C:\Windows\System32\KernelBase.dll
2013-01-09 11:41:4968608----a-w-C:\Windows\System32\taskhost.exe
2013-01-09 11:41:473149824----a-w-C:\Windows\System32\win32k.sys
2013-01-09 00:21:5216369160----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-01-06 22:36:5477656----a-w-C:\Windows\System32\XAPOFX1_5.dll
2013-01-06 22:36:5474072----a-w-C:\Windows\SysWow64\XAPOFX1_5.dll
2013-01-06 22:36:53527192----a-w-C:\Windows\SysWow64\XAudio2_7.dll
2013-01-06 22:36:53518488----a-w-C:\Windows\System32\XAudio2_7.dll
2013-01-06 22:36:492526056----a-w-C:\Windows\System32\D3DCompiler_43.dll
2013-01-06 22:36:492106216----a-w-C:\Windows\SysWow64\D3DCompiler_43.dll
2013-01-06 22:36:45276832----a-w-C:\Windows\System32\d3dx11_43.dll
2013-01-06 22:36:45248672----a-w-C:\Windows\SysWow64\d3dx11_43.dll
2013-01-06 22:36:382401112----a-w-C:\Windows\System32\D3DX9_43.dll
2013-01-06 22:36:381998168----a-w-C:\Windows\SysWow64\D3DX9_43.dll
2013-01-06 22:36:3324920----a-w-C:\Windows\System32\X3DAudio1_7.dll
2013-01-06 22:36:3322360----a-w-C:\Windows\SysWow64\X3DAudio1_7.dll
.
==================== Find3M ====================
.
2013-01-09 00:22:0474248----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 00:22:04697864----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:2246080----a-w-C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03367616----a-w-C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28295424----a-w-C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:2034304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:2824176----a-w-C:\Windows\System32\drivers\mbam.sys
2012-12-10 23:01:54321384----a-w-C:\Windows\SysWow64\Sendori.dll
2012-12-07 13:20:16441856----a-w-C:\Windows\System32\Wpc.dll
2012-12-07 13:15:312746368----a-w-C:\Windows\System32\gameux.dll
2012-12-07 12:26:17308736----a-w-C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:432576384----a-w-C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:0430720----a-w-C:\Windows\System32\usk.rs
2012-12-07 11:20:0343520----a-w-C:\Windows\System32\csrr.rs
2012-12-07 11:20:0323552----a-w-C:\Windows\System32\oflc.rs
2012-12-07 11:20:0145568----a-w-C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:0144544----a-w-C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:0120480----a-w-C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:0020480----a-w-C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:5920480----a-w-C:\Windows\System32\pegi.rs
2012-12-07 11:19:5846592----a-w-C:\Windows\System32\fpb.rs
2012-12-07 11:19:5740960----a-w-C:\Windows\System32\cob-au.rs
2012-12-07 11:19:5721504----a-w-C:\Windows\System32\grb.rs
2012-12-07 11:19:5715360----a-w-C:\Windows\System32\djctq.rs
2012-12-07 11:19:5655296----a-w-C:\Windows\System32\cero.rs
2012-12-07 11:19:5551712----a-w-C:\Windows\System32\esrb.rs
2012-11-30 05:45:35362496----a-w-C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35243200----a-w-C:\Windows\System32\wow64.dll
2012-11-30 05:45:3513312----a-w-C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14215040----a-w-C:\Windows\System32\winsrv.dll
2012-11-30 05:43:1216384----a-w-C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:005120----a-w-C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48338432----a-w-C:\Windows\System32\conhost.exe
2012-11-30 02:44:0625600----a-w-C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:047680----a-w-C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:0414336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:032048----a-w-C:\Windows\SysWow64\user.exe
2012-11-30 02:38:596144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:594608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:593584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:593072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 05:44:23800768----a-w-C:\Windows\System32\usp10.dll
2012-11-22 04:45:03626688----a-w-C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49307200----a-w-C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09220160----a-w-C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:442312704----a-w-C:\Windows\System32\jscript9.dll
2012-11-14 06:04:111392128----a-w-C:\Windows\System32\wininet.dll
2012-11-14 06:02:491494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46599040----a-w-C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:402382848----a-w-C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:221800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:151427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:371129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:422382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:092048----a-w-C:\Windows\System32\tzres.dll
2012-11-09 04:42:492048----a-w-C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11478208----a-w-C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31376832----a-w-C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:422002432----a-w-C:\Windows\System32\msxml6.dll
2012-11-01 05:43:421882624----a-w-C:\Windows\System32\msxml3.dll
2012-11-01 04:47:541389568----a-w-C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:541236992----a-w-C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 23:07:48.12 ===============

 

[Broni]

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[familyman14]

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 01/30/2013 10:07:51
| ARK || MBR |

¤¤¤ Bad processes : 5 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Owner\AppData\Local\miulgou.dll -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Owner\AppData\Local\miulgou.dll -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Owner\AppData\Roaming\winpr.dll -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Owner\AppData\Roaming\winpr.dll -> KILLED [TermProc]
[SUSP PATH] ReminderHelper.exe -- C:\ProgramData\WeCareReminder\ReminderHelper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : miulgou (rundll32 "C:\Users\Owner\AppData\Local\miulgou.dll",miulgou) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : winpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\winpr.dll",set_rows) -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E} : NameServer (216.146.35.240,216.146.36.240,192.168.1.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E} : NameServer (216.146.35.240,216.146.36.240,192.168.1.1) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3886674033-3501889395-2250448632-1000\$9055f4d06b32151c09042282ba5bfa9a\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3886674033-3501889395-2250448632-1000\$9055f4d06b32151c09042282ba5bfa9a\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3886674033-3501889395-2250448632-1000\$9055f4d06b32151c09042282ba5bfa9a\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3886674033-3501889395-2250448632-1000\$9055f4d06b32151c09042282ba5bfa9a\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3265GSXN ATA Device +++++
--- User ---
[MBR] 60d2d1aac8e9121be320f785cfa6f44a
[BSP] c35e88aa5278cbec57153136e1a5917d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 294659 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 603463680 | Size: 10585 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01302013_02d1007.txt >>
RKreport[1]_S_01302013_02d1007.txt ; RKreport[2]_D_01302013_02d1007.txt

 

[familyman14]

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.01.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-TOSHIBA [administrator]

1/30/2013 11:00:31 AM
mbar-log-2013-01-30 (11-00-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28449
Time elapsed: 20 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[familyman14]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3076374528, free: 1984856064
------------ Kernel report ------------
01/30/2013 10:15:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\user32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800550a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xfffffa80045b8350
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80032e5740
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800315a060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.01.30.05
Downloaded database version: v2013.01.23.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80032e5740, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80032e5190, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80032e5740, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800315a060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a002ab8770, 0xfffffa80032e5740, 0xfffffa8002a73790
Lower DeviceData: 0xfffff8a00d8cd110, 0xfffffa800315a060, 0xfffffa8002cfba90
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C047B9AB
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 603461632
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 603463680 Numsec = 21678080
Partition file system is NTFS
Partition is bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800550a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80045be380, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800550a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80045b8350, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$9055f4d06b32151c09042282ba5bfa9a --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-3886674033-3501889395-2250448632-1000\$9055f4d06b32151c09042282ba5bfa9a --> [Trojan.Siredef.C]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3076374528, free: 1841958912
------------ Kernel report ------------
01/30/2013 10:40:15
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\user32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800550a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xfffffa80045b8350
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8003058090
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80032e5740
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800315a060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa8002cfba90
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80032e5740, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80032e5190, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80032e5740, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800315a060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a00b391460, 0xfffffa80032e5740, 0xfffffa8002a73790
Lower DeviceData: 0xfffff8a00af81460, 0xfffffa800315a060, 0xfffffa8002cfba90
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C047B9AB
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 603461632
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 603463680 Numsec = 21678080
Partition file system is NTFS
Partition is bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800550a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80045be380, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800550a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80045b8350, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

 

[Broni]

Very good

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=========================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[familyman14]

This is the msg I get trying to make restore point.
"The restore point could not be created because of the following reason: The creation of a shadow copy has timed out. Try this operation again. (0x81000101)

 

[Broni]

Skip that step.

 

[familyman14]

Was able to run rkill and immediately ran combofix which froze a third of the way through. Should I force shutdown as option to x out isnt there?

 

[Broni]

Go ahead.

 

[familyman14]

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/30/2013 11:08:29 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Owner\Desktop\rkill\rkill-01-30-2013-11-08-42.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* COM+ Event System (MpsSvc) is not Running.
Startup Type set to: Automatic

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* NetIO Legacy TDI Support Driver (tdx) is not Running.
Startup Type set to: System

* iphlpsvc [Missing Service]

* MpsSvc [Missing ImagePath]
* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/30/2013 11:08:53 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)

 

[familyman14]

ComboFix 13-01-30.04 - Owner 01/30/2013 23:53:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.1750 [GMT -5:00]
Running from: C:\Users\Owner\Desktop\sean.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Owner\AppData\Local\assembly\tmp
C:\Users\Owner\AppData\Local\miulgou.dll
C:\Users\Owner\AppData\Roaming\nrvrs.dll
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Users\Owner\AppData\Roaming\winpr.dll


((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))


2013-01-31 05:08:07 . 2013-01-31 05:08:07--------d-----w-C:\Users\Default\AppData\Local\temp
2013-01-30 03:53:42 . 2013-01-30 03:53:42--------d-----w-C:\Windows\Sun
2013-01-30 03:52:32 . 2013-01-12 08:30:1895648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-29 22:48:52 . 2012-10-30 23:51:5325232----a-w-C:\Windows\system32\drivers\aswFsBlk.sys
2013-01-29 22:48:51 . 2012-10-30 23:51:55370288----a-w-C:\Windows\system32\drivers\aswSP.sys
2013-01-29 22:48:41 . 2012-10-15 16:59:2854072----a-w-C:\Windows\system32\drivers\aswRdr2.sys
2013-01-29 22:48:39 . 2012-10-30 23:51:5659728----a-w-C:\Windows\system32\drivers\aswTdi.sys
2013-01-29 22:48:38 . 2012-10-30 23:51:55984144----a-w-C:\Windows\system32\drivers\aswSnx.sys
2013-01-29 22:48:32 . 2012-10-30 23:51:5571600----a-w-C:\Windows\system32\drivers\aswMonFlt.sys
2013-01-29 22:48:31 . 2012-10-30 23:50:30285328----a-w-C:\Windows\system32\aswBoot.exe
2013-01-29 22:47:50 . 2012-10-30 23:51:0741224----a-w-C:\Windows\avastSS.scr
2013-01-29 22:47:49 . 2012-10-30 23:50:59227648----a-w-C:\Windows\SysWow64\aswBoot.exe
2013-01-29 22:47:30 . 2013-01-29 22:47:30--------d-----w-C:\ProgramData\AVAST Software
2013-01-29 22:47:30 . 2013-01-29 22:47:30--------d-----w-C:\Program Files\AVAST Software
2013-01-29 06:45:53 . 2013-01-29 06:45:53--------d-----w-C:\FRST
2013-01-28 17:52:12 . 2013-01-28 17:52:12--------d-----w-C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-01-28 11:41:48 . 2013-01-28 11:41:48--------d-sh--w-C:\Windows\system32\%APPDATA%
2013-01-20 04:04:56 . 2009-03-16 19:18:32517448----a-w-C:\Windows\SysWow64\XAudio2_4.dll
2013-01-20 04:04:56 . 2009-03-16 19:18:32235352----a-w-C:\Windows\SysWow64\xactengine3_4.dll
2013-01-20 04:04:55 . 2009-03-16 19:18:3222360----a-w-C:\Windows\SysWow64\X3DAudio1_6.dll
2013-01-20 04:04:02 . 2013-01-20 04:04:02--------d-----w-C:\Program Files (x86)\Microsoft XNA
2013-01-09 11:44:10 . 2012-11-09 05:45:32750592----a-w-C:\Windows\system32\win32spl.dll
2013-01-09 11:44:10 . 2012-11-09 04:43:04492032----a-w-C:\Windows\SysWow64\win32spl.dll
2013-01-09 11:42:28 . 2012-11-30 05:41:07424448----a-w-C:\Windows\system32\KernelBase.dll
2013-01-09 11:41:49 . 2012-11-23 03:13:5768608----a-w-C:\Windows\system32\taskhost.exe
2013-01-09 11:41:47 . 2012-11-23 03:26:313149824----a-w-C:\Windows\system32\win32k.sys
2013-01-09 00:21:52 . 2013-01-09 00:21:5216369160----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-01-06 22:36:54 . 2010-06-02 09:55:3077656----a-w-C:\Windows\system32\XAPOFX1_5.dll
2013-01-06 22:36:54 . 2010-06-02 09:55:3074072----a-w-C:\Windows\SysWow64\XAPOFX1_5.dll
2013-01-06 22:36:53 . 2010-06-02 09:55:30527192----a-w-C:\Windows\SysWow64\XAudio2_7.dll
2013-01-06 22:36:53 . 2010-06-02 09:55:30518488----a-w-C:\Windows\system32\XAudio2_7.dll
2013-01-06 22:36:49 . 2010-05-26 16:41:022526056----a-w-C:\Windows\system32\D3DCompiler_43.dll
2013-01-06 22:36:49 . 2010-05-26 16:41:022106216----a-w-C:\Windows\SysWow64\D3DCompiler_43.dll
2013-01-06 22:36:45 . 2010-05-26 16:41:02276832----a-w-C:\Windows\system32\d3dx11_43.dll
2013-01-06 22:36:45 . 2010-05-26 16:41:02248672----a-w-C:\Windows\SysWow64\d3dx11_43.dll
2013-01-06 22:36:38 . 2010-05-26 16:41:021998168----a-w-C:\Windows\SysWow64\D3DX9_43.dll
2013-01-06 22:36:38 . 2010-05-26 16:41:002401112----a-w-C:\Windows\system32\D3DX9_43.dll
2013-01-06 22:36:33 . 2010-02-04 15:01:1424920----a-w-C:\Windows\system32\X3DAudio1_7.dll
2013-01-06 22:36:33 . 2010-02-04 15:01:1422360----a-w-C:\Windows\SysWow64\X3DAudio1_7.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-01-10 11:37:36 . 2012-02-24 16:35:5667599240----a-w-C:\Windows\system32\MRT.exe
2013-01-09 00:22:04 . 2012-04-13 21:16:06697864----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-09 00:22:04 . 2012-02-25 16:27:5774248----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11:22 . 2012-12-22 00:07:3046080----a-w-C:\Windows\system32\atmlib.dll
2012-12-16 14:45:03 . 2012-12-22 00:07:29367616----a-w-C:\Windows\system32\atmfd.dll
2012-12-16 14:13:28 . 2012-12-22 00:07:29295424----a-w-C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 . 2012-12-22 00:07:3134304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28 . 2012-02-25 16:31:0824176----a-w-C:\Windows\system32\drivers\mbam.sys
2012-12-10 23:01:54 . 2012-10-13 02:41:20321384----a-w-C:\Windows\SysWow64\Sendori.dll
2012-11-30 04:45:10 . 2013-01-09 11:42:1944032----a-w-C:\Windows\apppatch\acwow64.dll
2012-11-14 07:06:18 . 2012-12-14 11:09:0217811968----a-w-C:\Windows\system32\mshtml.dll
2012-11-14 06:32:33 . 2012-12-14 11:09:0110925568----a-w-C:\Windows\system32\ieframe.dll
2012-11-14 06:11:44 . 2012-12-14 11:09:152312704----a-w-C:\Windows\system32\jscript9.dll
2012-11-14 06:04:44 . 2012-12-14 11:09:161346048----a-w-C:\Windows\system32\urlmon.dll
2012-11-14 06:04:11 . 2012-12-14 11:09:131392128----a-w-C:\Windows\system32\wininet.dll
2012-11-14 06:02:49 . 2012-12-14 11:09:151494528----a-w-C:\Windows\system32\inetcpl.cpl
2012-11-14 06:02:04 . 2012-12-14 11:09:18237056----a-w-C:\Windows\system32\url.dll
2012-11-14 05:59:52 . 2012-12-14 11:09:1085504----a-w-C:\Windows\system32\jsproxy.dll
2012-11-14 05:58:36 . 2012-12-14 11:09:09816640----a-w-C:\Windows\system32\jscript.dll
2012-11-14 05:57:46 . 2012-12-14 11:09:09599040----a-w-C:\Windows\system32\vbscript.dll
2012-11-14 05:57:35 . 2012-12-14 11:09:19173056----a-w-C:\Windows\system32\ieUnatt.exe
2012-11-14 05:55:45 . 2012-12-14 11:09:082144768----a-w-C:\Windows\system32\iertutil.dll
2012-11-14 05:55:26 . 2012-12-14 11:09:15729088----a-w-C:\Windows\system32\msfeeds.dll
2012-11-14 05:53:22 . 2012-12-14 11:09:2696768----a-w-C:\Windows\system32\mshtmled.dll
2012-11-14 05:52:40 . 2012-12-14 11:09:272382848----a-w-C:\Windows\system32\mshtml.tlb
2012-11-14 05:46:25 . 2012-12-14 11:09:20248320----a-w-C:\Windows\system32\ieui.dll
2012-11-14 02:09:22 . 2012-12-14 11:09:101800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 . 2012-12-14 11:09:161427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 . 2012-12-14 11:09:131129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 . 2012-12-14 11:09:19142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 . 2012-12-14 11:09:24420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 . 2012-12-14 11:09:272382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 . 2012-12-13 11:19:042048----a-w-C:\Windows\system32\tzres.dll
2012-11-09 04:42:49 . 2012-12-13 11:19:042048----a-w-C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 . 2012-12-13 11:18:30478208----a-w-C:\Windows\system32\dpnet.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-17 04:46:28 1521352]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-17 04:46:281521352----a-w-C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
2012-09-25 18:02:28497008----a-w-C:\Program Files (x86)\PricePeep\pricepeep.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-07-31 17:19:21194928----a-w-C:\Program Files (x86)\Yontoo\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-17 04:46:28 1521352]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe" [2012-12-03 20:04:04 1354736]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 13:10:42 843712]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 01:28:32 59240]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-19 00:56:22 421888]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 13:04:54 252848]
"Sendori Tray"="C:\Program Files (x86)\Sendori\SendoriTray.exe" [2012-12-10 23:01:54 82792]
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [2012-10-17 04:46:34 1573576]
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 18:53:10 77824]
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 22:29:46 2254768]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-10-30 23:50:59 4297136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe [2012-4-29 2647664]
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 16:21:24 160944]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 06:45:02 227232]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-05 15:08:42 109064]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-24 17:32:51 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 23:01:54 118632]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 23:51:55 71600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 22:29:46 2465712]
S2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-12-10 23:01:54 14696]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 19:26:20 3290896]
S2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-12-10 23:01:54 3569512]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-18 00:54:54 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 14:24:56 169584]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 08:32:20 932384]


Contents of the 'Scheduled Tasks' folder

2013-01-31 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:16:06 . 2013-01-09 00:22:04]

2013-01-28 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886674033-3501889395-2250448632-1000Core.job
- C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 16:26:59 . 2010-09-01 06:15:55]

2013-01-31 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886674033-3501889395-2250448632-1000UA.job
- C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 16:26:59 . 2010-09-01 06:15:55]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50:24133400----a-w-C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-01-11 03:43:30 167704]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-01-11 03:43:08 392984]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-01-11 03:43:26 417560]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://yahoo.genieo.com/?v=w3i8
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}\C496E6B6379737: NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{B62143FB-A54D-4B79-952B-12D76346D51E}\C696E6B6379737: NameServer = 75.75.75.75,75.75.76.76

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BattlEye for A2 - C:\Program Files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe



--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)