VIIRUS REMOVAL (PLEASE HELP)

Anomosity

Anomosity

New Member
Thread author
Mar 16, 2013
4
Hello world,this ya boy Anomosity and im a rapper from oakland,ca.
I f anybody out there reading this i could use some major assistance.I just bought a HP Audio Beats 64bit with all the fixings for a artist.I'm talking studio (Cubase 5),all kinds of software and hacks. Anyway,i let a virus in thinking it was a patch and now my desktop is missing.It takes forever to even start after i put my password in. Now I've tried a number of programs such as 'Rougue Killer,AVG from piratebay,trojan killer you name it,nothings working.
I can still go online from crl+alt+delete.Then i run a service. Can anybody give me a real solution to this problem.

Holla back
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

Also download Listparts 64 bit and save it to the USB/flash drive also.

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Back in the command prompt, type <><span style="color: #ff0000;">e</span>:\listparts64.exe</> and press <>Enter</>
<li>ListParts will start to run. Check the box beside List BCD and click Scan
<li>When finished scanning it will make a log Result.txt on the flash drive
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>
 
Last edited by a moderator:
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
If you are able to access your PC then do this.

Download OTL by Old Timer from here and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Click the Scan All Users checkbox.
  • Check the boxes beside LOP Check and Purity Check
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
heres my scan results


ComboFix 13-03-17.01 - Anomosity 03/21/2013 21:41:45.2.4 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6092.4575 [GMT -7:00]
Running from: c:\users\Anomosity\Downloads\ComboFix.exe
AV: AVG Anti-Virus *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 )))))))))))))))))))))))))))))))
.
.
2013-03-22 04:45 . 2013-03-22 04:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-22 04:32 . 2013-03-22 04:32 -------- d-----w- c:\programdata\CLSoft LTD
2013-03-22 04:32 . 2013-03-22 04:32 -------- d-----w- c:\programdata\Premium
2013-03-22 04:32 . 2013-03-22 04:32 -------- d-----w- c:\programdata\MaiginiPiCC
2013-03-22 04:32 . 2013-03-22 04:32 -------- d-----w- c:\programdata\InstallMate
2013-03-21 22:18 . 2013-03-21 22:18 -------- d-----w- c:\programdata\Simply Super Software
2013-03-18 23:44 . 2012-11-09 13:37 177680 ----a-w- c:\windows\system32\mfevtps.exe
2013-03-18 20:47 . 2013-03-21 22:36 -------- d-----w- c:\program files (x86)\Loaris
2013-03-18 20:40 . 2006-06-19 20:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2013-03-18 20:40 . 2006-05-25 22:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2013-03-18 20:40 . 2005-08-26 08:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2013-03-18 20:40 . 2003-02-03 03:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2013-03-18 20:40 . 2002-03-06 08:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2013-03-18 20:05 . 2013-03-21 22:21 -------- d-----w- c:\program files (x86)\Trojan Remover
2013-03-18 19:38 . 2013-03-18 19:38 -------- d-----w- c:\program files (x86)\MP3 Rocket Downloader
2013-03-18 09:43 . 2013-03-18 21:38 -------- d-----w- c:\programdata\MMAAgneiiPicc
2013-03-17 21:31 . 2013-03-17 21:31 -------- d-----w- c:\programdata\Malwarebytes
2013-03-17 09:58 . 2013-03-17 10:04 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2013-03-17 09:58 . 2013-03-18 23:44 -------- d-----w- c:\program files\Common Files\McAfee
2013-03-17 09:26 . 2013-03-18 23:44 -------- d-----w- c:\programdata\McAfee
2013-03-16 20:48 . 2013-03-16 20:48 -------- d-sh--w- c:\windows\BitLockerDiscoveryVolumeContents
2013-03-16 20:48 . 2013-03-16 20:48 -------- d-----w- c:\windows\RemotePackages
2013-03-16 20:23 . 2013-03-16 20:23 -------- d-----w- c:\program files (x86)\HP
2013-03-16 19:04 . 2013-03-22 03:49 -------- d-----w- C:\$AVG8.VAULT$
2013-03-16 18:53 . 2013-03-16 19:23 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-03-16 16:14 . 2013-03-16 16:14 -------- d-----w- c:\windows\SysWow64\drivers\avg
2013-03-16 16:11 . 2009-10-22 19:54 40464 ----a-w- c:\windows\system32\drivers\90053972.sys
2013-03-16 16:11 . 2009-10-10 05:30 352784 ----a-w- c:\windows\system32\drivers\9005397.sys
2013-03-16 16:11 . 2009-09-25 23:59 157712 ----a-w- c:\windows\system32\drivers\90053971.sys
2013-03-16 16:10 . 2013-03-16 16:10 -------- d-----w- c:\programdata\CyberLink
2013-03-16 13:42 . 2013-03-18 21:54 12464 ----a-w- c:\windows\system32\avgrssta.dll
2013-03-16 13:42 . 2013-03-18 21:54 14856 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-03-16 13:42 . 2013-03-16 13:42 133640 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-03-16 13:42 . 2013-03-21 16:59 -------- d-----w- c:\windows\system32\drivers\Avg
2013-03-16 13:42 . 2013-03-18 21:54 33416 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-03-16 13:42 . 2013-03-18 21:54 427016 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-03-16 13:42 . 2013-03-18 04:23 -------- d-----w- c:\programdata\avg8
2013-03-16 13:42 . 2013-03-16 13:42 -------- d-----w- c:\program files (x86)\AVG
2013-03-15 22:20 . 2013-03-15 22:20 -------- d-----w- c:\programdata\install_clap
2013-03-15 22:13 . 2013-03-15 22:27 -------- d-----w- c:\programdata\ParetoLogic
2013-03-15 01:05 . 2013-03-15 01:05 -------- d-----w- c:\program files (x86)\TeamViewer
2013-03-14 20:41 . 2009-10-22 19:54 40464 ----a-w- c:\windows\system32\drivers\85268082.sys
2013-03-14 20:41 . 2009-10-10 05:30 352784 ----a-w- c:\windows\system32\drivers\8526808.sys
2013-03-14 20:41 . 2009-09-25 23:59 157712 ----a-w- c:\windows\system32\drivers\85268081.sys
2013-03-14 20:07 . 2013-03-16 14:29 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2013-03-14 18:42 . 2013-03-14 18:42 -------- d-----w- c:\program files\Portable
2013-03-14 17:30 . 2013-03-18 21:25 -------- d-----w- c:\programdata\AltrixSoft
2013-03-14 17:30 . 2013-03-14 17:30 -------- d-----w- c:\program files (x86)\Common Files\AltrixSoft
2013-03-14 17:00 . 2013-03-21 18:56 -------- d-----w- c:\program files (x86)\Portable
2013-03-14 15:57 . 2013-03-16 16:11 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-14 15:57 . 2009-10-22 19:54 40464 ----a-w- c:\windows\system32\drivers\23883872.sys
2013-03-14 15:57 . 2009-10-10 05:30 352784 ----a-w- c:\windows\system32\drivers\2388387.sys
2013-03-14 15:57 . 2009-09-25 23:59 157712 ----a-w- c:\windows\system32\drivers\23883871.sys
2013-03-14 15:11 . 2013-03-14 15:11 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2013-03-14 13:43 . 2010-05-14 01:34 14232 ----a-w- c:\windows\SysWow64\sh4native.exe
2013-03-14 13:41 . 2013-03-16 14:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-03-14 13:41 . 2013-03-14 13:41 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-03-14 13:40 . 2013-03-14 13:40 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-03-14 13:40 . 2013-03-14 13:40 -------- d-----w- c:\program files (x86)\Norton 360
2013-03-14 13:24 . 2013-03-14 13:24 -------- d-----w- c:\programdata\PCSettings
2013-03-14 05:35 . 2013-03-14 05:35 -------- d-----w- c:\programdata\Logs
2013-03-14 05:26 . 2013-03-14 05:26 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-03-14 05:10 . 2013-03-14 05:10 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-14 04:40 . 2013-03-14 04:40 -------- d-----w- C:\MediaServer
2013-03-14 04:36 . 2013-03-14 04:36 -------- d-----w- c:\programdata\IDM
2013-03-14 03:17 . 2011-02-25 06:19 3116032 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2013-03-14 02:18 . 2013-03-16 19:39 -------- d-----w- c:\windows\system32\Taskman
2013-03-14 02:13 . 2013-03-14 02:21 -------- d-----w- c:\program files (x86)\7tsp
2013-03-14 01:58 . 2013-03-16 14:29 -------- d-----w- c:\windows\Icons
2013-03-14 01:56 . 2012-09-17 18:56 37216 ----a-w- c:\windows\system32\uxtuneup.dll
2013-03-14 01:56 . 2012-09-17 18:56 29536 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-03-14 01:20 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2013-03-14 01:20 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup
2013-03-14 01:20 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2013-03-14 00:00 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 22:41 . 2013-03-15 01:41 -------- d-----w- c:\program files\1880d184dc650473ba
2013-03-13 21:46 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-03-12 00:32 . 2013-03-12 00:32 -------- d-----w- c:\programdata\Synaptics
2013-03-12 00:28 . 2013-03-12 00:28 -------- d-----w- c:\windows\SysWow64\Wat
2013-03-12 00:28 . 2013-03-12 00:28 -------- d-----w- c:\windows\system32\Wat
2013-03-12 00:07 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-03-12 00:02 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-12 00:02 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-12 00:02 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-03-12 00:02 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-12 00:02 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-12 00:02 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-03-12 00:02 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-12 00:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-03-12 00:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-03-11 23:37 . 2012-09-17 18:56 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2013-03-11 23:37 . 2012-09-17 18:56 25952 ----a-w- c:\windows\system32\authuitu.dll
2013-03-11 23:37 . 2012-09-17 18:56 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-03-11 23:32 . 2013-03-21 21:47 -------- d-----w- c:\programdata\TuneUp Software
2013-03-11 23:29 . 2013-03-13 22:41 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-11 23:27 . 2013-03-12 00:27 -------- d-s---w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-03-11 17:25 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-11 17:25 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-03-11 17:25 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-11 17:25 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-11 17:20 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-11 17:20 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-11 17:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-11 17:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-11 17:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-11 17:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-11 17:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-11 17:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-11 17:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-11 17:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-11 17:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-11 17:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-11 17:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-11 17:15 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-11 17:15 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-11 17:15 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-11 17:15 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-03-11 17:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-03-11 10:21 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-03-11 10:20 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2013-03-11 10:19 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2013-03-11 10:18 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2013-03-11 10:18 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-03-11 10:18 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-03-11 10:18 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 05:25 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-03-14 05:25 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-03-11 00:27 . 2010-06-24 18:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-02-12 05:45 . 2013-03-13 21:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 21:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 21:46 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 21:46 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 21:46 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 21:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-11 10:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2428BA97-C3D2-6581-FA80-D958017E391A}]
2013-03-22 05:05 118272 ----a-w- c:\programdata\MaiginiPiCC\514be6b43b973.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Loaris Trojan Remover"="c:\program files (x86)\Loaris\Trojan Remover 1.2\ltr12.exe" [2013-03-18 4862464]
"uTorrent"="c:\users\Anomosity\AppData\Roaming\uTorrent\uTorrent.exe" [2013-02-19 1051984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2013-03-18 427016]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2013-03-18 33416]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys [2012-11-16 168096]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130321.001\IDSvia64.sys [2013-03-13 513184]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS [2012-11-16 224416]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1403000.024\SYMNETS.SYS [2013-01-31 432800]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/03/13 21:40];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-13 203776]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~2\AVG\AVG8\avgemc.exe [2013-03-16 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~2\AVG\AVG8\avgwdsvc.exe [2013-03-16 298776]
R2 BBSvc;BingBar Service; [x]
R2 CleanMyPCService;CleanMyPC Watcher;c:\program files\Portable\CleanMyPC v1.5.7 (x64)\CleanMyPCService.exe [2012-07-06 87392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-04-25 31000]
R2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-03-22 261632]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-03-22 261632]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-20 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-16 138912]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2011-04-08 29800]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 250984]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-12 1255736]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-04-26 42392]
R4 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-14 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2013-03-18 14856]
S0 FixZeroAccess;Zero Access Fixtool driver;c:\windows\system32\drivers\FixZeroAccess.sys [2013-03-14 27256]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800]
S1 AvgTdiA;AVG8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2013-03-16 133640]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-17 06:12 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-11 00:21]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11 00:42]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11 00:42]
.
2013-03-22 c:\windows\Tasks\MagniPicUpdaterTask{42D8956F-0545-4163-91F1-93353E73F284}.job
- c:\programdata\Premium\MagniPic\MagniPic.exe [2013-03-22 09:39]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://searchou.com/?affil=7&uid=6e371ac7-92a9-11e2-8712-101f74f2c75a
mStart Page = hxxp://searchou.com/?affil=7&uid=6e371ac7-92a9-11e2-8712-101f74f2c75a
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.7.254
FF - ProfilePath - c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\
FF - prefs.js: browser.search.selectedEngine - Privitize VPN
FF - prefs.js: browser.startup.homepage - hxxp://searchou.com/?affil=7&uid=6e371ac7-92a9-11e2-8712-101f74f2c75a
FF - prefs.js: keyword.URL - hxxp://searchou.com/?affil=7&uid=6e371ac7-92a9-11e2-8712-101f74f2c75a&q=
FF - ExtSQL: 2013-03-10 19:44; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn
FF - ExtSQL: 2013-03-10 22:41; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn
FF - ExtSQL: 2013-03-10 22:57; jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi
FF - ExtSQL: 2013-03-10 23:31; {c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi
FF - ExtSQL: 2013-03-10 23:41; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-03-10 23:48; {ea61041c-1e22-4400-99a0-aea461e69d04}; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi
FF - ExtSQL: 2013-03-10 23:50; {64161300-e22b-11db-8314-0800200c9a66}; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2013-03-10 23:52; adblockpopups@jessehakanen.net; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-03-11 06:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-11 07:08; gmailnoads@mywebber.com; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-03-11 07:09; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF - ExtSQL: 2013-03-11 07:13; elemhidehelper@adblockplus.org; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\elemhidehelper@adblockplus.org.xpi
FF - ExtSQL: 2013-03-11 07:16; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: 2013-03-11 07:19; jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack.xpi
FF - ExtSQL: 2013-03-11 07:20; translator@zoli.bod; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\translator@zoli.bod.xpi
FF - ExtSQL: 2013-03-11 07:21; donottrackplus@abine.com; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\donottrackplus@abine.com
FF - ExtSQL: 2013-03-11 07:22; idme@abine.com; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\idme@abine.com
FF - ExtSQL: 2013-03-11 07:25; firefox-extension@shareaholic.com; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\firefox-extension@shareaholic.com.xpi
FF - ExtSQL: 2013-03-11 07:26; uss-button@uploadscreenshot.com; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\uss-button@uploadscreenshot.com.xpi
FF - ExtSQL: 2013-03-11 09:37; {023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi
FF - ExtSQL: 2013-03-16 06:42; {3f963a5b-e555-4543-90e2-c3908898db71}; c:\program files (x86)\AVG\AVG8\Firefox
FF - ExtSQL: 2013-03-18 15:53; q54d@pooou-.edu; c:\users\Anomosity\AppData\Roaming\Mozilla\Firefox\Profiles\9ei7cnc7.default\ext​ensions\q54d@pooou-.edu
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-SP_008a99b9 - c:\program files (x86)\MagniPic\uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-21 21:47:40
ComboFix-quarantined-files.txt 2013-03-22 04:47
.
Pre-Run: 20,203,487,232 bytes free
Post-Run: 19,916,849,152 bytes free
.
- - End Of File - - 28686197E69F5A580CCAA9FF3BC24580
Click to expand...

Do you have internet on your PC? Also, do the OTL scan. If you have internet,

Upload a File to Virustotal
Please visit Virustotal.com
  • Click the Choose file... button
  • Navigate to the file c:\windows\system32\drivers\90053972.sys
  • Click the Open button
  • Click the Scan It button
  • Copy and paste the results back here.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top