My pc has been infected by the FBI Greendot moneypak virus.

Corrine · March 31, 2013, 10:52:41 PM

Thank you.

Before you do this next step, please move ComboFix.exe from your downloads folder to your desktop.

1. Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code Select


ClearJavaCache::

Folder::
C:\Program Files (x86)\Deal Boat
C:\Program Files (x86)\RadioPI_4e

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

2. Rescan with ESET but this time change the option "Remove found threats" to checked. The Scan Archives option should remain checked.

Please post both logs.

Annoula · April 01, 2013, 03:39:13 AM

ComboFix 13-03-31.01 - Owner 03/31/2013 23:26:57.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1741 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Deal Boat
c:\program files (x86)\Deal Boat\background.html
c:\program files (x86)\Deal Boat\ButtonUtil.dll
c:\program files (x86)\Deal Boat\Deal Boat-bg.exe
c:\program files (x86)\Deal Boat\Deal Boat.dll
c:\program files (x86)\Deal Boat\Deal Boat.exe
c:\program files (x86)\Deal Boat\Deal Boat.ico
c:\program files (x86)\Deal Boat\Deal Boat.ini
c:\program files (x86)\Deal Boat\Installer.log
c:\program files (x86)\RadioPI_4e
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eauxstb.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebarsvc.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebrmon.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebrstub.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4edatact.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4edlghk.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4edyn.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4efeedmg.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ehighin.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ehtml.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ehtmlmu.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ehttpct.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eidle.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eieovr.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eimpipe.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4emedint.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4emlbtn.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4emsg.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ePlugin.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eradio.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eregfft.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eregiet.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4escript.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eskin.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eskplay.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4etpinst.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4euabtn.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\RadioPI_4e\bar\1.bin\chrome\4effxtbr.jar
c:\program files (x86)\RadioPI_4e\bar\1.bin\INSTALL.RDF
c:\program files (x86)\RadioPI_4e\bar\1.bin\LOGO.BMP
c:\program files (x86)\RadioPI_4e\bar\1.bin\NP4eStub.dll
c:\program files (x86)\RadioPI_4e\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\RadioPI_4e\bar\Message\COMMON.T8S
c:\program files (x86)\RadioPI_4e\bar\Settings\s_pid.dat
.
.

Annoula · April 01, 2013, 03:19:39 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=03bf2758fa1a914ea9161d3c2b7bcd60
# engine=13523
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-01 02:53:02
# local_time=2013-04-01 10:53:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 116371432 0 0
# scanned=393234
# found=7
# cleaned=6
# scan_time=40255
sh=83A83EF479B0DB620853DEA0EBCE5DC13274C94E ft=1 fh=b9bfd0becc449980 vn="a variant of Win32/Kryptik.AXQX trojan" ac=I fn="C:\Users\All Users\Microsoft\Windows\DRM\602C.tmp.dat"
sh=CB624A724F070F01D43AEC97D3F4BE3ECC9F8A5B ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\G Drive - Dell HD\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\20\2ee45794-4a5116ad"
sh=0643D18DDE7AE0095EBE9F74F65BD56EEEB2C963 ft=0 fh=0000000000000000 vn="Java/Exploit.Bytverify trojan (cleaned by deleting - quarantined)" ac=C fn="C:\G Drive - Dell HD\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-459d615-3848446f.zip"
sh=B1D308A3AA3D332DF2A88BC658B063D7FB9B4295 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NAL trojan (cleaned by deleting - quarantined)" ac=C fn="C:\G Drive - Dell HD\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IAKCMWO7\lyqdx[1].jar"
sh=83A83EF479B0DB620853DEA0EBCE5DC13274C94E ft=1 fh=b9bfd0becc449980 vn="a variant of Win32/Kryptik.AXQX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Microsoft\Windows\DRM\602C.tmp.dat"
sh=3DCAEFFA4D03C7FD08809FD4F714B1D735AEE423 ft=0 fh=0000000000000000 vn="Win32/Boaxxe.U trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Default\aadcgedagcdbdhdidhdhdhdhdegedddc\ContentScript.js"
sh=C9A9456312F95380C7C55C62172924DAA7DDA26E ft=1 fh=d9e823d675d1f5ad vn="a variant of Win32/Adware.iBryte.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\Setup (1).exe"

Corrine · April 01, 2013, 03:23:53 PM

Good job, Annoula. The only thing is your ComboFix log got cut off. Copy/paste it again, please.

Annoula · April 01, 2013, 03:43:22 PM

this is what the log contained.

ClearJavaCache::

Folder::
C:\Program Files (x86)\Deal Boat
C:\Program Files (x86)\RadioPI_4e

Annoula · April 01, 2013, 04:07:37 PM

oops! :embarrassed: sorry Here it is:

ComboFix 13-03-31.01 - Owner 03/31/2013 23:26:57.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1741 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Deal Boat
c:\program files (x86)\Deal Boat\background.html
c:\program files (x86)\Deal Boat\ButtonUtil.dll
c:\program files (x86)\Deal Boat\Deal Boat-bg.exe
c:\program files (x86)\Deal Boat\Deal Boat.dll
c:\program files (x86)\Deal Boat\Deal Boat.exe
c:\program files (x86)\Deal Boat\Deal Boat.ico
c:\program files (x86)\Deal Boat\Deal Boat.ini
c:\program files (x86)\Deal Boat\Installer.log
c:\program files (x86)\RadioPI_4e
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eauxstb.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebarsvc.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebrmon.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebrstub.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4edatact.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4edlghk.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4edyn.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4efeedmg.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ehighin.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ehtml.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ehtmlmu.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ehttpct.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eidle.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eieovr.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eimpipe.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4emedint.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4emlbtn.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4emsg.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4ePlugin.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eradio.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eregfft.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eregiet.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4escript.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eskin.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eskplay.exe
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4etpinst.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\4euabtn.dll
c:\program files (x86)\RadioPI_4e\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\RadioPI_4e\bar\1.bin\chrome\4effxtbr.jar
c:\program files (x86)\RadioPI_4e\bar\1.bin\INSTALL.RDF
c:\program files (x86)\RadioPI_4e\bar\1.bin\LOGO.BMP
c:\program files (x86)\RadioPI_4e\bar\1.bin\NP4eStub.dll
c:\program files (x86)\RadioPI_4e\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\RadioPI_4e\bar\Message\COMMON.T8S
c:\program files (x86)\RadioPI_4e\bar\Settings\s_pid.dat
.
.
((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 03:34 . 2013-04-01 03:34   --------   d-----w-   c:\users\Donny\AppData\Local\temp
2013-04-01 03:34 . 2013-04-01 03:34   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-03-31 17:00 . 2013-03-31 17:00   76232   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAF09F29-2F47-4C45-9398-85A27E785A79}\offreg.dll
2013-03-31 03:06 . 2013-03-31 03:06   --------   d-----w-   c:\users\Owner\AppData\Roaming\Malwarebytes
2013-03-30 00:05 . 2013-03-30 00:05   --------   d-----w-   c:\program files (x86)\ESET
2013-03-29 23:03 . 2013-03-29 23:03   412   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-03-29 21:37 . 2013-03-15 06:28   9311288   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAF09F29-2F47-4C45-9398-85A27E785A79}\mpengine.dll
2013-03-29 02:50 . 2013-03-29 02:50   --------   d-s---w-   c:\windows\SysWow64\Microsoft
2013-03-29 02:41 . 2013-03-29 02:41   --------   d-----w-   C:\components
2013-03-29 02:29 . 2013-03-06 10:38   770384   ----a-w-   c:\windows\SysWow64\msvcr100.dll
2013-03-29 02:29 . 2013-03-06 10:38   421200   ----a-w-   c:\windows\SysWow64\msvcp100.dll
2013-03-28 15:16 . 2013-03-31 02:11   --------   d-----w-   c:\program files (x86)\Emsisoft Anti-Malware
2013-03-27 00:51 . 2013-03-27 00:51   --------   d-----w-   c:\users\Donny\AppData\Roaming\Malwarebytes
2013-03-27 00:50 . 2013-03-27 00:50   --------   d-----w-   c:\programdata\Malwarebytes
2013-03-27 00:50 . 2013-03-27 00:51   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-27 00:50 . 2012-12-14 20:49   24176   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-03-27 00:50 . 2013-03-27 00:50   --------   d-----w-   c:\users\Donny\AppData\Local\Programs
2013-03-26 22:06 . 2013-03-26 22:06   --------   d-----w-   c:\windows\Sun
2013-03-26 21:40 . 2013-03-28 18:10   --------   d-----w-   c:\users\Owner\AppData\Local\LogMeIn Rescue Applet
2013-03-24 04:25 . 2013-03-24 04:25   --------   d-----w-   c:\program files (x86)\MP3 Rocket Downloader
2013-03-23 03:15 . 2013-03-23 03:15   150528   ----a-w-   c:\programdata\Microsoft\Windows\DRM\602C.tmp.dat
2013-03-22 23:47 . 2013-03-22 23:47   --------   d-----w-   c:\programdata\ptekmjlryvlwadr
2013-03-13 17:18 . 2013-02-12 04:12   19968   ----a-w-   c:\windows\system32\drivers\usb8023x.sys
2013-03-13 17:18 . 2013-02-12 04:12   19968   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-03-13 12:14 . 2013-03-13 12:14   --------   d-----w-   c:\program files\Microsoft Silverlight
2013-03-13 12:14 . 2013-03-13 12:14   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 17:59 . 2012-03-31 21:50   693976   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 17:59 . 2011-06-02 18:57   73432   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 12:18 . 2010-01-26 16:01   72013344   ----a-w-   c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 05:14   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 05:14   308736   ----a-w-   c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 05:14   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 05:14   111104   ----a-w-   c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 05:14   474112   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 05:14   2176512   ----a-w-   c:\windows\apppatch\AcGenral.dll
2013-01-25 01:47 . 2013-01-25 01:54   721909   ----a-w-   c:\windows\unins000.exe
2013-01-17 05:28 . 2010-01-23 01:29   273840   ------w-   c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-27 15:14   9728   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 15:14   2560   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 15:14   10752   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 15:14   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:14   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:14   5632   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:14   5632   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:14   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:14   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 15:14   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 15:14   2560   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 15:14   10752   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 15:14   3584   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:14   4096   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:14   5632   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:14   3072   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:14   5632   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:14   3072   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:13   1247744   ----a-w-   c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 15:14   1988096   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 15:14   293376   ----a-w-   c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 15:13   249856   ----a-w-   c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 15:14   220160   ----a-w-   c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 15:13   1504768   ----a-w-   c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 15:13   1643520   ----a-w-   c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 15:13   1175552   ----a-w-   c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 15:14   604160   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 15:13   207872   ----a-w-   c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 15:14   187392   ----a-w-   c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 15:14   2565120   ----a-w-   c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 15:14   363008   ----a-w-   c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 15:14   161792   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 15:13   1080832   ----a-w-   c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 15:13   1230336   ----a-w-   c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 15:13   333312   ----a-w-   c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 15:13   1887232   ----a-w-   c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 15:13   296960   ----a-w-   c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 15:13   3419136   ----a-w-   c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 15:13   245248   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 15:14   648192   ----a-w-   c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 15:14   221184   ----a-w-   c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 15:14   194560   ----a-w-   c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 15:13   1238528   ----a-w-   c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 15:13   1424384   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 15:13   3928064   ----a-w-   c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 15:14   417792   ----a-w-   c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 15:14   364544   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 15:14   465920   ----a-w-   c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 15:14   522752   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 15:13   1158144   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 15:13   1682432   ----a-w-   c:\windows\system32\XpsPrint.dll
2013-01-05 05:53 . 2013-02-13 22:48   5553512   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 22:48   3967848   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 22:48   3913064   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 15:14   2284544   ----a-w-   c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-27 15:14   2776576   ----a-w-   c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-13 22:48   215040   ----a-w-   c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 22:48   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 22:48   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 22:48   3153408   ----a-w-   c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 22:48   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 22:48   7680   ----a-w-   c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 22:48   2048   ----a-w-   c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 22:48   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 22:48   1913192   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 22:48   288088   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41   120104   ----a-w-   c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34}]
2010-11-05 01:58   297808   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-06-22 16712]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iXL_MiddleWare"="c:\program files (x86)\Fisher-Price\iXL\iXL.Middleware.exe" [2011-08-04 56376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-02 296096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2013-03-28 3363752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 X5XS64Ex;X5XS64Ex;c:\program files (x86)\Free Ride Games\X5XS64Ex.Sys

R2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 10240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-03-28 26176]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/09/19 01:42];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 03:45 146928]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-03-28 3089856]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2011-01-08 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S2 RadioPI_4eService;RadioPI Service;c:\progra~2\RADIOP~2\bar\1.bin\4ebarsvc.exe
S2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [2012-08-02 56136]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-06-21 14336]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 12:34   1629648   ----a-w-   c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:59]
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 11:41]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 11:41]
.
2013-03-08 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2013-03-31 c:\windows\Tasks\ReclaimerUpdateFiles_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-31 01:56]
.
2013-04-01 c:\windows\Tasks\ReclaimerUpdateXML_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-31 01:56]
.
2013-03-31 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-31 01:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-08 487424]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{35fd2bab-ab2b-494f-b5bf-8755ec043784} - c:\progra~2\RADIOP~2\bar\1.bin\4ebar.dll
BHO-{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - c:\program files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll
Toolbar-{92926b63-5116-4c6f-a33e-378767b8d15f} - c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll
Wow6432Node-HKLM-Run-RadioPI_4e Browser Plugin Loader - c:\progra~2\RADIOP~2\bar\1.bin\4ebrmon.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Deal Boat - c:\program files (x86)\Deal Boat\Uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-31 23:36:40
ComboFix-quarantined-files.txt 2013-04-01 03:36
ComboFix2.txt 2013-03-29 04:04
.
Pre-Run: 313,588,973,568 bytes free
Post-Run: 313,386,663,936 bytes free
.
- - End Of File - - 41E6EA17C38176490FE99A1ECF9D586E

Corrine · April 01, 2013, 07:40:38 PM

Thank you.

My apology for missing this this file in your log. I don't want to leave it behind so please do the following:

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code Select


Folder::
c:\programdata\ptekmjlryvlwadr

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Annoula · April 01, 2013, 08:46:45 PM

ComboFix 13-04-01.01 - Owner 04/01/2013 16:29:19.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1705 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ptekmjlryvlwadr
c:\programdata\ptekmjlryvlwadr\arr-next.gif
c:\programdata\ptekmjlryvlwadr\b-sep.gif
c:\programdata\ptekmjlryvlwadr\btn-sq.gif
c:\programdata\ptekmjlryvlwadr\btn.png
c:\programdata\ptekmjlryvlwadr\cam-place.bmp
c:\programdata\ptekmjlryvlwadr\card.bmp
c:\programdata\ptekmjlryvlwadr\green-l.png
c:\programdata\ptekmjlryvlwadr\green-r.png
c:\programdata\ptekmjlryvlwadr\ie7.css
c:\programdata\ptekmjlryvlwadr\larr.gif
c:\programdata\ptekmjlryvlwadr\lock.png
c:\programdata\ptekmjlryvlwadr\locked-text-en.png
c:\programdata\ptekmjlryvlwadr\logo-img.png
c:\programdata\ptekmjlryvlwadr\logo-text.gif
c:\programdata\ptekmjlryvlwadr\main.html
c:\programdata\ptekmjlryvlwadr\mainbg.gif
c:\programdata\ptekmjlryvlwadr\mcafee-lock.png
c:\programdata\ptekmjlryvlwadr\money.gif
c:\programdata\ptekmjlryvlwadr\moneypak.png
c:\programdata\ptekmjlryvlwadr\payments-en.png
c:\programdata\ptekmjlryvlwadr\side-block.png
c:\programdata\ptekmjlryvlwadr\step.gif
c:\programdata\ptekmjlryvlwadr\step.png
c:\programdata\ptekmjlryvlwadr\style.css
c:\programdata\ptekmjlryvlwadr\wait.html
.
.
((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 20:36 . 2013-04-01 20:36   --------   d-----w-   c:\users\Donny\AppData\Local\temp
2013-04-01 20:36 . 2013-04-01 20:36   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-03-31 17:00 . 2013-03-31 17:00   76232   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAF09F29-2F47-4C45-9398-85A27E785A79}\offreg.dll
2013-03-31 03:06 . 2013-03-31 03:06   --------   d-----w-   c:\users\Owner\AppData\Roaming\Malwarebytes
2013-03-30 00:05 . 2013-03-30 00:05   --------   d-----w-   c:\program files (x86)\ESET
2013-03-29 23:03 . 2013-03-29 23:03   412   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-03-29 21:37 . 2013-03-15 06:28   9311288   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAF09F29-2F47-4C45-9398-85A27E785A79}\mpengine.dll
2013-03-29 02:50 . 2013-03-29 02:50   --------   d-s---w-   c:\windows\SysWow64\Microsoft
2013-03-29 02:41 . 2013-03-29 02:41   --------   d-----w-   C:\components
2013-03-29 02:29 . 2013-03-06 10:38   770384   ----a-w-   c:\windows\SysWow64\msvcr100.dll
2013-03-29 02:29 . 2013-03-06 10:38   421200   ----a-w-   c:\windows\SysWow64\msvcp100.dll
2013-03-28 15:16 . 2013-03-31 02:11   --------   d-----w-   c:\program files (x86)\Emsisoft Anti-Malware
2013-03-27 00:51 . 2013-03-27 00:51   --------   d-----w-   c:\users\Donny\AppData\Roaming\Malwarebytes
2013-03-27 00:50 . 2013-03-27 00:50   --------   d-----w-   c:\programdata\Malwarebytes
2013-03-27 00:50 . 2013-03-27 00:51   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-27 00:50 . 2012-12-14 20:49   24176   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-03-27 00:50 . 2013-03-27 00:50   --------   d-----w-   c:\users\Donny\AppData\Local\Programs
2013-03-26 22:06 . 2013-03-26 22:06   --------   d-----w-   c:\windows\Sun
2013-03-26 21:40 . 2013-03-28 18:10   --------   d-----w-   c:\users\Owner\AppData\Local\LogMeIn Rescue Applet
2013-03-24 04:25 . 2013-03-24 04:25   --------   d-----w-   c:\program files (x86)\MP3 Rocket Downloader
2013-03-13 17:18 . 2013-02-12 04:12   19968   ----a-w-   c:\windows\system32\drivers\usb8023x.sys
2013-03-13 17:18 . 2013-02-12 04:12   19968   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-03-13 12:14 . 2013-03-13 12:14   --------   d-----w-   c:\program files\Microsoft Silverlight
2013-03-13 12:14 . 2013-03-13 12:14   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 17:59 . 2012-03-31 21:50   693976   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 17:59 . 2011-06-02 18:57   73432   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 12:18 . 2010-01-26 16:01   72013344   ----a-w-   c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 05:14   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 05:14   308736   ----a-w-   c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 05:14   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 05:14   111104   ----a-w-   c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 05:14   474112   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 05:14   2176512   ----a-w-   c:\windows\apppatch\AcGenral.dll
2013-01-25 01:47 . 2013-01-25 01:54   721909   ----a-w-   c:\windows\unins000.exe
2013-01-17 05:28 . 2010-01-23 01:29   273840   ------w-   c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-27 15:14   9728   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 15:14   2560   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 15:14   10752   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 15:14   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:14   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:14   5632   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:14   5632   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:14   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:14   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 15:14   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 15:14   2560   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 15:14   10752   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 15:14   3584   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:14   4096   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:14   5632   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:14   3072   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:14   5632   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:14   3072   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:13   1247744   ----a-w-   c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 15:14   1988096   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 15:14   293376   ----a-w-   c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 15:13   249856   ----a-w-   c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 15:14   220160   ----a-w-   c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 15:13   1504768   ----a-w-   c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 15:13   1643520   ----a-w-   c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 15:13   1175552   ----a-w-   c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 15:14   604160   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 15:13   207872   ----a-w-   c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 15:14   187392   ----a-w-   c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 15:14   2565120   ----a-w-   c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 15:14   363008   ----a-w-   c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 15:14   161792   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 15:13   1080832   ----a-w-   c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 15:13   1230336   ----a-w-   c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 15:13   333312   ----a-w-   c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 15:13   1887232   ----a-w-   c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 15:13   296960   ----a-w-   c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 15:13   3419136   ----a-w-   c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 15:13   245248   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 15:14   648192   ----a-w-   c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 15:14   221184   ----a-w-   c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 15:14   194560   ----a-w-   c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 15:13   1238528   ----a-w-   c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 15:13   1424384   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 15:13   3928064   ----a-w-   c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 15:14   417792   ----a-w-   c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 15:14   364544   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 15:14   465920   ----a-w-   c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 15:14   522752   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 15:13   1158144   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 15:13   1682432   ----a-w-   c:\windows\system32\XpsPrint.dll
2013-01-05 05:53 . 2013-02-13 22:48   5553512   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 22:48   3967848   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 22:48   3913064   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 15:14   2284544   ----a-w-   c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-27 15:14   2776576   ----a-w-   c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-13 22:48   215040   ----a-w-   c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 22:48   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 22:48   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 22:48   3153408   ----a-w-   c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 22:48   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 22:48   7680   ----a-w-   c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 22:48   2048   ----a-w-   c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 22:48   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 22:48   1913192   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 22:48   288088   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{35fd2bab-ab2b-494f-b5bf-8755ec043784}]
c:\progra~2\RADIOP~2\bar\1.bin\4ebar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}]
c:\program files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41   120104   ----a-w-   c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34}]
2010-11-05 01:58   297808   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{92926b63-5116-4c6f-a33e-378767b8d15f}"= "c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{92926b63-5116-4c6f-a33e-378767b8d15f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-06-22 16712]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iXL_MiddleWare"="c:\program files (x86)\Fisher-Price\iXL\iXL.Middleware.exe" [2011-08-04 56376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-02 296096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2013-03-28 3363752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 X5XS64Ex;X5XS64Ex;c:\program files (x86)\Free Ride Games\X5XS64Ex.Sys

R2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 10240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-03-28 26176]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/09/19 01:42];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 03:45 146928]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-03-28 3089856]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2011-01-08 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S2 RadioPI_4eService;RadioPI Service;c:\progra~2\RADIOP~2\bar\1.bin\4ebarsvc.exe
S2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [2012-08-02 56136]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-06-21 14336]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 12:34   1629648   ----a-w-   c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:59]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 11:41]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 11:41]
.
2013-03-08 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2013-03-31 c:\windows\Tasks\ReclaimerUpdateFiles_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-31 01:56]
.
2013-04-01 c:\windows\Tasks\ReclaimerUpdateXML_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-31 01:56]
.
2013-03-31 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-31 01:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-08 487424]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Deal Boat - c:\program files (x86)\Deal Boat\Uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-01 16:38:11
ComboFix-quarantined-files.txt 2013-04-01 20:38
ComboFix2.txt 2013-04-01 03:36
ComboFix3.txt 2013-03-29 04:04
.
Pre-Run: 312,253,857,792 bytes free
Post-Run: 312,182,116,352 bytes free
.
- - End Of File - - 99E8FC087C97B20DF849671686E326C8

Corrine · April 01, 2013, 10:13:33 PM

Perfect, thank you.

Is your computer back to normal now? If so, I'll provide the information needed to finalize things.

Annoula · April 01, 2013, 11:46:49 PM

Well the virus isnt popping up anymore, but I havent done anything on the computer but what you've told me. It seems to be ok but I don't know for sure.

Corrine · April 02, 2013, 12:39:30 AM

Thank you. In that case, I think we can take care of removing the programs I had you download.

You can delete SecurityCheck from your desktop and uninstall ESET. In addition, please do the following:

Please do the following to uninstall AdwCleaner.

Double-click AdwCleaner.exe to run the tool.
Click Uninstall
Confirm with yes

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

Microsoft Security updates, an antivirus software program and firewall are not sufficient to protect your computer from malware. It is also important to keep third-party software programs updated. See the recommendations in "So how did I get infected in the first place?".

Let me know if you have any questions or run into additional problems.

Annoula · April 02, 2013, 02:52:40 AM

thank you so much for all of your help. Quick question, do i keeo the emsisoft? :dance: :dance:

Corrine · April 02, 2013, 02:42:19 PM

Hi, Annoula. You are very welcome. I'm glad we were able to get that nasty ransomware off your computer!

Yes, you can keep Emsisoft. You downloaded the freeware version so can periodically scan your computer with it. Just be sure to check for definition updates prior to scanning.