Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Fake player update @ Hulu got me, now I'm ridin' dirty.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 18th, 2014, 11:44 am

Hello misfit21ca,

I do not yet notice any change in the behavior of the computer. I've noticed I apparently no longer know how to use internet explorer at all (lol), and my desktop is filling up with tools and scan files :p
We are not finished yet and let the presence of a large number of such files will be your biggest problem! ;)

Please do the following:

ComboFix Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press I Agree to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    ComboFix may reboot your computer allow this and follow all directions given.
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.


** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ComboFix.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 18th, 2014, 8:09 pm

I had a small problem executing the instructions. I didn't know Windows Defender was automatically running, so I shut down my AV, and then my firewall and ran ComboFix. In the ComboFix report I saw Windows defender running, so I shut it down and ran ComboFix again. I'll post both logs since there could possibly be something in one that's not in the other.

ComboFix 14-09-18.01 - Joshua 09/18/2014 19:21:16.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.2102 [GMT -4:00]
Running from: c:\users\Joshua\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-08-18 to 2014-09-18 )))))))))))))))))))))))))))))))
.
.
2014-09-18 23:26 . 2014-09-18 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-18 02:06 . 2014-09-18 02:08 -------- d-----w- C:\FRST
2014-09-18 01:55 . 2014-09-18 01:55 0 ----a-w- c:\windows\ativpsrm.bin
2014-09-16 21:24 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7ACB42D5-65C1-4B4C-BBC3-53A3B4E26E4B}\mpengine.dll
2014-09-16 01:18 . 2014-09-18 23:26 -------- d-----w- c:\users\Joshua\AppData\Local\Temp
2014-09-16 01:04 . 2014-09-16 01:16 -------- d-----w- C:\zoek_backup
2014-09-14 22:36 . 2014-09-14 22:36 -------- d-----w- C:\_OTL
2014-09-14 18:07 . 2014-09-14 23:46 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 18:06 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-14 18:06 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-14 18:06 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-14 18:06 . 2014-09-14 18:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-14 18:06 . 2014-09-14 18:06 -------- d-----w- c:\programdata\Malwarebytes
2014-09-13 00:09 . 2014-09-13 00:09 -------- d-----w- c:\windows\ERUNT
2014-09-12 23:40 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-12 23:39 . 2014-09-14 23:26 -------- d-----w- C:\AdwCleaner
2014-09-11 22:43 . 2014-09-11 22:43 -------- d-----w- c:\program files (x86)\Techsnab
2014-09-10 07:06 . 2014-08-18 23:02 871936 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-09-10 07:00 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 07:00 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 03:10 . 2014-09-10 03:10 10036224 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-10 02:00 . 2014-09-10 02:00 -------- d-----w- c:\users\Joshua\AppData\Roaming\Lavasoft
2014-09-10 01:46 . 2014-09-10 01:46 -------- d-----w- c:\program files\Lavasoft
2014-09-10 01:45 . 2014-09-10 01:45 -------- d-----w- c:\program files\Common Files\Lavasoft
2014-09-10 01:44 . 2014-09-10 01:44 -------- d-----w- c:\programdata\Lavasoft
2014-09-10 01:35 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 01:35 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 01:34 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 01:34 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 01:34 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 01:34 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 01:34 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 01:33 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 01:33 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 01:33 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 01:33 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-08 23:36 . 2014-09-11 00:31 -------- d--h--w- c:\users\Public\Temp
2014-08-29 00:32 . 2014-08-29 00:32 -------- d-----w- c:\users\Joshua\AppData\Local\Adobe
2014-08-28 00:46 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 00:46 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 00:46 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 07:01 . 2013-09-28 14:58 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-10 03:10 . 2013-09-29 13:04 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 03:10 . 2013-09-29 13:04 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-25 10:53 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-12 21:32 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-12 21:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-12 21:29 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-12 21:29 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-10 18:09 . 2014-07-10 18:09 389240 ----a-w- c:\windows\system32\drivers\Trufos.sys
2014-07-09 02:03 . 2014-08-12 21:32 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-12 21:32 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-12 21:32 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-12 21:32 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-12 21:32 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-12 21:32 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-12 21:32 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24 . 2014-08-13 02:52 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-13 02:52 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-12 21:31 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-25 1245752]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys;c:\windows\SYSNATIVE\DRIVERS\NVAMACPI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [x]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-13 02:50 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-29 03:11]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29 13:04]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29 13:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe" [2014-08-27 8886592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}: NameServer = 81.218.119.15,199.203.35.75
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-18 19:28:36
ComboFix-quarantined-files.txt 2014-09-18 23:28
.
Pre-Run: 195,670,220,800 bytes free
Post-Run: 195,266,707,456 bytes free
.
- - End Of File - - 2980BA6EC27D9B40A6C9ACB245B7FB5D
A36C5E4F47E84449FF07ED3517B43A31
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 18th, 2014, 8:10 pm

ComboFix 14-09-18.01 - Joshua 09/18/2014 19:33:28.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.1985 [GMT -4:00]
Running from: c:\users\Joshua\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-08-18 to 2014-09-18 )))))))))))))))))))))))))))))))
.
.
2014-09-18 23:37 . 2014-09-18 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-18 02:06 . 2014-09-18 02:08 -------- d-----w- C:\FRST
2014-09-18 01:55 . 2014-09-18 01:55 0 ----a-w- c:\windows\ativpsrm.bin
2014-09-16 21:24 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7ACB42D5-65C1-4B4C-BBC3-53A3B4E26E4B}\mpengine.dll
2014-09-16 01:18 . 2014-09-18 23:37 -------- d-----w- c:\users\Joshua\AppData\Local\Temp
2014-09-16 01:04 . 2014-09-16 01:16 -------- d-----w- C:\zoek_backup
2014-09-14 22:36 . 2014-09-14 22:36 -------- d-----w- C:\_OTL
2014-09-14 18:07 . 2014-09-14 23:46 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 18:06 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-14 18:06 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-14 18:06 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-14 18:06 . 2014-09-14 18:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-14 18:06 . 2014-09-14 18:06 -------- d-----w- c:\programdata\Malwarebytes
2014-09-13 00:09 . 2014-09-13 00:09 -------- d-----w- c:\windows\ERUNT
2014-09-12 23:40 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-12 23:39 . 2014-09-14 23:26 -------- d-----w- C:\AdwCleaner
2014-09-11 22:43 . 2014-09-11 22:43 -------- d-----w- c:\program files (x86)\Techsnab
2014-09-10 07:06 . 2014-08-18 23:02 871936 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-09-10 07:00 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 07:00 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 03:10 . 2014-09-10 03:10 10036224 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-10 02:00 . 2014-09-10 02:00 -------- d-----w- c:\users\Joshua\AppData\Roaming\Lavasoft
2014-09-10 01:46 . 2014-09-10 01:46 -------- d-----w- c:\program files\Lavasoft
2014-09-10 01:45 . 2014-09-10 01:45 -------- d-----w- c:\program files\Common Files\Lavasoft
2014-09-10 01:44 . 2014-09-10 01:44 -------- d-----w- c:\programdata\Lavasoft
2014-09-10 01:35 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 01:35 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 01:34 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 01:34 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 01:34 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 01:34 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 01:34 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 01:33 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 01:33 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 01:33 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 01:33 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-08 23:36 . 2014-09-11 00:31 -------- d--h--w- c:\users\Public\Temp
2014-08-29 00:32 . 2014-08-29 00:32 -------- d-----w- c:\users\Joshua\AppData\Local\Adobe
2014-08-28 00:46 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 00:46 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 00:46 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 07:01 . 2013-09-28 14:58 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-10 03:10 . 2013-09-29 13:04 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 03:10 . 2013-09-29 13:04 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-25 10:53 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-12 21:32 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-12 21:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-12 21:29 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-12 21:29 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-10 18:09 . 2014-07-10 18:09 389240 ----a-w- c:\windows\system32\drivers\Trufos.sys
2014-07-09 02:03 . 2014-08-12 21:32 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-12 21:32 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-12 21:32 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-12 21:32 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-12 21:32 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-12 21:32 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-12 21:32 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24 . 2014-08-13 02:52 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-13 02:52 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-12 21:31 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-25 1245752]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys;c:\windows\SYSNATIVE\DRIVERS\NVAMACPI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [x]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-13 02:50 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-29 03:11]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29 13:04]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29 13:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe" [2014-08-27 8886592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}: NameServer = 81.218.119.15,199.203.35.75
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-18 19:39:52
ComboFix-quarantined-files.txt 2014-09-18 23:39
ComboFix2.txt 2014-09-18 23:28
.
Pre-Run: 195,332,898,816 bytes free
Post-Run: 195,268,460,544 bytes free
.
- - End Of File - - 98589C3D4D86F52F03C89FC86401333A
A36C5E4F47E84449FF07ED3517B43A31
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 18th, 2014, 8:17 pm

I haven't yet noticed any difference in the behavior of my computer. As a matter fact, I encountered 22 popups reading, executing and replying to the directions here on the forum. 7 of which were after Combofix running twice.

The very first popup after running ComboFix was a page that said Java Update Required! Automatically redirecting to a page to update Java!, which it redirected me to a page called Javbrowser .com located at Kyle.mxp4117 .com and it was a "stuck in Loop" type popup, when you tried to close or navigate away it blew the small box warning and automatically redirected. I had to Control/alt/delete, open task manager and kill the tasks faster than they were popping up. Again this was the first popup from this page after running ComboFix. All the other popups were from Ad's previously mentioned.

Thank you for your efforts thus far!
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 19th, 2014, 11:40 am

Hello misfit21ca,

Step 1.
Router check
  1. Please open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    @echo off
    >Log1.txt (
    ipconfig /all
    nslookup google.com
    nslookup oracle.com
    ping -n 2 google.com
    ping -n 2 oracle.com
    route print
    )
    start Log1.txt
    del %0
    
  2. Go to File -> Save as.
  3. Save this as router.bat
  4. Choose to Save as type - All Files and save it to your Desktop
  5. Close the Notepad file.
  6. Double-click on router.bat to run it. It should look like this: Image
  7. It will open notepad when done. Post the results in your next reply.

Step 2.
Your logs indicate that your computer is connected to a server in Israel, is this something you are aware of?

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Results after router checking
  3. Answer to my question about connection to server in Israel

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 19th, 2014, 5:42 pm

No problems executing the instructions.


Windows IP Configuration

Host Name . . . . . . . . . . . . : 700GR
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-16-76-05-AF-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::584c:86c9:f15a:db80%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, September 19, 2014 5:22:16 PM
Lease Expires . . . . . . . . . . : Saturday, September 20, 2014 5:22:17 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-D7-FC-C2-00-16-76-05-AF-B3
DNS Servers . . . . . . . . . . . : 81.218.119.15
199.203.35.75
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: UnKnown
Address: 81.218.119.15

Name: google.com
Addresses: 2a00:1450:4017:800::1002
212.179.180.110
212.179.180.90
212.179.180.91
212.179.180.113
212.179.180.101
212.179.180.117
212.179.180.106
212.179.180.112
212.179.180.88
212.179.180.123
212.179.180.102
212.179.180.95
212.179.180.80
212.179.180.84
212.179.180.99
212.179.180.121

Server: UnKnown
Address: 81.218.119.15

Name: oracle.com
Address: 137.254.120.50


Pinging google.com [212.179.180.106] with 32 bytes of data:
Reply from 212.179.180.106: bytes=32 time=178ms TTL=44
Reply from 212.179.180.106: bytes=32 time=182ms TTL=44

Ping statistics for 212.179.180.106:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 178ms, Maximum = 182ms, Average = 180ms

Pinging oracle.com [137.254.120.50] with 32 bytes of data:
Reply from 137.254.120.50: bytes=32 time=43ms TTL=241
Reply from 137.254.120.50: bytes=32 time=42ms TTL=241

Ping statistics for 137.254.120.50:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 43ms, Average = 42ms
===========================================================================
Interface List
11...00 16 76 05 af b3 ......Intel(R) PRO/100 VE Network Connection
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::584c:86c9:f15a:db80/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
-----------------------------------------------------------------------------------------

No, I was not aware of being connected to a server in Israel. Nor do I think I want to be connected to a server in Israel. Isn't there one closer!? Is Homeland Security gonna show up at my door and demand my Adware!? They can have it, so far its been a pain~ Some sites it even creates an overlay that covers most of the page! =(

Anyway, Thank you for your time and attention as always! It's much appreciated.

Ps. if my computer is doing something super cool and 'spy' like in isreal, tell me....that would be a fun story!
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 19th, 2014, 11:57 pm

Hello misfit21ca,

No, I was not aware of being connected to a server in Israel. Nor do I think I want to be connected to a server in Israel.
Thank you! Let fix it...

Step 1.
Let’s try to Reset your Router to its default configuration.
  1. This can be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router.
  2. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  3. If you don’t know your router's default password, you can look it up. HERE
  4. You will need to reconfigure any security settings you had in place prior to the reset.
  5. You may also need to ask your Internet Service Provider (ISP) which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This should help to stop your router from being hijacked again.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}: NameServer = 81.218.119.15,199.203.35.75
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
Router check
  1. Please open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    @echo off
    >Log1.txt (
    ipconfig /all
    nslookup google.com
    nslookup oracle.com
    ping -n 2 google.com
    ping -n 2 oracle.com
    route print
    )
    start Log1.txt
    del %0
    
  2. Go to File -> Save as.
  3. Save this as router.bat
  4. Choose to Save as type - All Files and save it to your Desktop
  5. Close the Notepad file.
  6. Double-click on router.bat to run it. It should look like this: Image
  7. It will open notepad when done. Post the results in your next reply.

Step 4.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Results after router checking
  4. Contents of a OTL.txt log file after OTL fresh scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 20th, 2014, 9:20 am

Ok, I need a little more direction first. I have two boxes inline with my cable internet. the first thing out of the wall is an Arris TM902. The wall cable goes into it, as does a dead phone line ( we no longer bundle with this company, just internet alone but still have this box ) then an Ethernet cable comes out of that box and goes to my personal Netgear N300 wireless router. Which leads me to a couple questions;
1) which box do you need me to reset?
2) where do I find the username and password for the Arris, it's not on the list.
3) my Netgear doesn't have a cable jack, so I still need this Telephony Router to convert Charter's signal to Ethernet so I can pump it around with my Netgear?

Thank you, and sorry for the delay.
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 20th, 2014, 5:09 pm

Hello misfit21ca,

Ok, I need a little more direction first. I have two boxes inline with my cable internet. the first thing out of the wall is an Arris TM902. The wall cable goes into it, as does a dead phone line ( we no longer bundle with this company, just internet alone but still have this box ) then an Ethernet cable comes out of that box and goes to my personal Netgear N300 wireless router. Which leads me to a couple questions;
1) which box do you need me to reset?
The Arris TM902 is not smart (programmable) cable modem which can transfer Internet signal directly by Ethenrnet wire to one computer or to router such as occurred here - to your Netgear N300. It means that you need to reset Netgear N300. It looks like you need to use admin/password as login and password, if you did not changed it before. How to change router password after all you can find in Netger N300 Manual.

2) where do I find the username and password for the Arris, it's not on the list.
As I wrote, the Arris TM902 is not smart and you don't need to reset it as well as change password for it.

3) my Netgear doesn't have a cable jack, so I still need this Telephony Router to convert Charter's signal to Ethernet so I can pump it around with my Netgear?
Sure, you don't need to touch the Arris TM902 at all. When you reset the Netgear N300, it automatically gets the signal from the modem and transfers it to wire or wireless Internet signal which will be received by your computer.

Please proceed to steps from my previous post...

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Results after router checking
  4. Contents of a OTL.txt log file after OTL fresh scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 21st, 2014, 3:31 pm

I had a little difficulty with this step. Changing password on my router didn't seem to change my access. My devices still automatically connected so I had to do a bit more. It took some work but I think I've renamed my network, and given it a new password. Seems my devices are finally asking for the new connection when I turn them on, so I think were reset.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}\\NameServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joshua\Downloads\cmd.bat deleted successfully.
C:\Users\Joshua\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: dub_cm_auto

User: Joshua
->Flash cache emptied: 6778 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: dub_cm_auto

User: Joshua

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dub_cm_auto
->Temp folder emptied: 0 bytes

User: Joshua
->Temp folder emptied: 5722775 bytes
->Temporary Internet Files folder emptied: 317491044 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8348 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 308.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09212014_145957

Files\Folders moved on Reboot...
C:\Users\Joshua\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1XNXRN15\liverail[1].xml not found!
C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 21st, 2014, 3:32 pm

Windows IP Configuration

Host Name . . . . . . . . . . . . : 700GR
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-16-76-05-AF-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::584c:86c9:f15a:db80%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 21, 2014 3:03:34 PM
Lease Expires . . . . . . . . . . : Monday, September 22, 2014 3:03:34 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-D7-FC-C2-00-16-76-05-AF-B3
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:806::1004
74.125.228.35
74.125.228.34
74.125.228.39
74.125.228.38
74.125.228.46
74.125.228.37
74.125.228.36
74.125.228.40
74.125.228.32
74.125.228.33
74.125.228.41

Server: UnKnown
Address: 192.168.1.1

Name: oracle.com
Address: 137.254.120.50


Pinging google.com [74.125.228.195] with 32 bytes of data:
Reply from 74.125.228.195: bytes=32 time=38ms TTL=54
Reply from 74.125.228.195: bytes=32 time=33ms TTL=54

Ping statistics for 74.125.228.195:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 38ms, Average = 35ms

Pinging oracle.com [137.254.120.50] with 32 bytes of data:
Reply from 137.254.120.50: bytes=32 time=42ms TTL=241
Reply from 137.254.120.50: bytes=32 time=42ms TTL=241

Ping statistics for 137.254.120.50:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 42ms, Average = 42ms
===========================================================================
Interface List
11...00 16 76 05 af b3 ......Intel(R) PRO/100 VE Network Connection
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::584c:86c9:f15a:db80/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 21st, 2014, 3:32 pm

OTL logfile created on: 9/21/2014 3:10:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joshua\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 63.66% Memory free
6.49 Gb Paging File | 5.07 Gb Available in Paging File | 78.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345.76 Gb Total Space | 184.75 Gb Free Space | 53.43% Space Free | Partition Type: NTFS
Drive D: | 120.00 Gb Total Space | 114.94 Gb Free Space | 95.78% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 232.76 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: 700GR | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/14 14:03:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Downloads\OTL (1).exe
PRC - [2014/09/04 08:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/24 22:40:44 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/06/20 23:44:14 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014/08/27 12:32:26 | 000,706,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/16 16:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/09 23:11:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 08:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/10 14:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2014/07/10 14:09:30 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys -- (gzflt)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/16 15:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/26 06:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 15:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 15:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/16 19:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 17:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/16 05:59:42 | 000,199,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\efe5b32e.sys -- (E100B)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Joshua\Desktop
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes,DefaultScope = {012E1000-F331-11DB-8314-0800200C9A66}
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2014/07/21 21:29:05 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000..\Run: [Spotify Web Helper] C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/27 14:17:54 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/18 19:39:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/09/18 19:19:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/09/18 19:19:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/09/18 19:19:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/09/18 19:19:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/09/18 19:19:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/09/18 19:16:42 | 005,578,824 | R--- | C] (Swearware) -- C:\Users\Joshua\Desktop\ComboFix.exe
[2014/09/17 22:06:30 | 000,000,000 | ---D | C] -- C:\FRST
[2014/09/17 22:05:27 | 002,105,856 | ---- | C] (Farbar) -- C:\Users\Joshua\Desktop\FRST64.exe
[2014/09/15 21:18:41 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/09/15 21:18:41 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Temp
[2014/09/15 21:04:52 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/09/15 18:48:07 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joshua\Desktop\tdsskiller.exe
[2014/09/14 18:36:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/14 14:07:09 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/14 14:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/14 14:06:43 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/14 14:06:43 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/14 14:06:43 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/14 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/14 14:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/12 20:09:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/09/12 19:40:30 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/09/12 19:39:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/11 18:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Techsnab
[2014/09/10 03:07:10 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/10 03:07:10 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/10 03:07:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/10 03:07:07 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/10 03:07:07 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/10 03:07:07 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/10 03:07:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/10 03:07:07 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/10 03:07:07 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/10 03:07:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/10 03:07:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/10 03:07:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/10 03:07:06 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/10 03:07:06 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/10 03:07:06 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/10 03:07:05 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/10 03:07:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/10 03:07:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/10 03:07:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/10 03:07:04 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/10 03:07:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/10 03:07:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/10 03:07:03 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/10 03:07:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/10 03:07:01 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/10 03:07:01 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/10 03:07:01 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/10 03:07:01 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/10 03:07:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/10 03:07:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/10 03:07:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/10 03:07:00 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/10 03:06:56 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/10 03:06:55 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/10 03:06:55 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/10 03:00:57 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/10 03:00:57 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/09 23:10:19 | 010,036,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/09 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Lavasoft
[2014/09/09 21:47:23 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\LavasoftStatistics
[2014/09/09 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2014/09/09 21:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/09/09 21:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/09/09 21:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/09/09 21:35:43 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/09 21:35:43 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/09 21:34:52 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/09 21:33:38 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/09 21:33:36 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/09 21:33:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/28 20:32:17 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Adobe
[2014/08/27 20:46:51 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll

========== Files - Modified Within 30 Days ==========

[2014/09/21 15:10:42 | 000,033,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/21 15:10:42 | 000,033,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/21 15:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/21 15:03:50 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/09/21 15:03:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/21 15:03:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/21 15:03:25 | 2615,365,632 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/21 14:49:51 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/18 19:16:42 | 005,578,824 | R--- | M] (Swearware) -- C:\Users\Joshua\Desktop\ComboFix.exe
[2014/09/17 22:05:27 | 002,105,856 | ---- | M] (Farbar) -- C:\Users\Joshua\Desktop\FRST64.exe
[2014/09/17 21:55:26 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2014/09/15 21:57:42 | 000,001,887 | ---- | M] () -- C:\Users\Joshua\Desktop\New Rich Text Document.rtf
[2014/09/15 18:48:25 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joshua\Desktop\tdsskiller.exe
[2014/09/14 20:23:37 | 000,007,601 | ---- | M] () -- C:\Users\Joshua\AppData\Local\Resmon.ResmonCfg
[2014/09/14 19:46:27 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/14 18:35:43 | 000,001,474 | ---- | M] () -- C:\Users\Joshua\Desktop\OTL (1).exe - Shortcut.lnk
[2014/09/14 14:06:46 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/12 20:24:52 | 000,001,114 | ---- | M] () -- C:\Users\Joshua\Desktop\SystemLook_x64 - Shortcut.lnk
[2014/09/12 20:08:38 | 000,001,432 | ---- | M] () -- C:\Users\Joshua\Desktop\JRT - Shortcut.lnk
[2014/09/12 19:38:41 | 000,001,559 | ---- | M] () -- C:\Users\Joshua\Desktop\adwcleaner_3.310 - Shortcut.lnk
[2014/09/11 19:42:10 | 000,001,492 | ---- | M] () -- C:\Users\Joshua\Desktop\CKScanner.exe - Shortcut.lnk
[2014/09/10 03:38:36 | 000,782,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/10 03:38:36 | 000,662,158 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/10 03:38:36 | 000,122,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/10 03:05:33 | 000,774,132 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/09 23:10:29 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/09 23:10:29 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/09 23:10:19 | 010,036,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/08 21:20:43 | 000,000,534 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/09/08 19:47:17 | 000,001,455 | ---- | M] () -- C:\Users\Joshua\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/04 22:10:43 | 000,578,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/04 22:05:42 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/28 18:12:19 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/22 22:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll

========== Files Created - No Company Name ==========

[2014/09/18 19:19:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/09/18 19:19:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/09/18 19:19:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/09/18 19:19:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/09/18 19:19:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/09/17 21:55:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/09/14 20:23:37 | 000,007,601 | ---- | C] () -- C:\Users\Joshua\AppData\Local\Resmon.ResmonCfg
[2014/09/14 18:34:41 | 000,001,474 | ---- | C] () -- C:\Users\Joshua\Desktop\OTL (1).exe - Shortcut.lnk
[2014/09/14 14:06:46 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/12 20:24:24 | 000,001,114 | ---- | C] () -- C:\Users\Joshua\Desktop\SystemLook_x64 - Shortcut.lnk
[2014/09/12 19:59:53 | 000,001,432 | ---- | C] () -- C:\Users\Joshua\Desktop\JRT - Shortcut.lnk
[2014/09/12 19:38:33 | 000,001,559 | ---- | C] () -- C:\Users\Joshua\Desktop\adwcleaner_3.310 - Shortcut.lnk
[2014/09/11 19:40:00 | 000,001,492 | ---- | C] () -- C:\Users\Joshua\Desktop\CKScanner.exe - Shortcut.lnk
[2014/09/09 21:47:15 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/06/03 22:29:31 | 000,000,534 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/02/25 04:03:36 | 000,774,132 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/16 16:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/11/16 16:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/18 22:28:51 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Battle.net
[2013/09/29 00:33:51 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Guild Wars 2
[2014/09/16 19:39:44 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Opera Software
[2014/08/24 22:41:26 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Spotify
[2014/06/03 21:52:13 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\wi_upd

< End of report >
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 21st, 2014, 3:35 pm

Computer behavior is better. I received 3 popups navigating to the forum for instructions on the OTL Fix, and then I've yet to receive one after running the OTL Fix.
I was able to post my response much faster, without all the popups on this page!

As per norm, Thank you endlessly for your attention and assistance thus far!
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 21st, 2014, 8:59 pm

Ok, so maybe I don't have my network renamed and re-passworded. Spouse just came home and fired up the laptop and it automatically connected. I expected it to need the new network name and password entered before it would connect. Now I don't know what I've done or where to go from here with the network setup. #isuckatthis
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 22nd, 2014, 12:06 am

Hello misfit21ca,

I had a little difficulty with this step. Changing password on my router didn't seem to change my access. My devices still automatically connected so I had to do a bit more. It took some work but I think I've renamed my network, and given it a new password. Seems my devices are finally asking for the new connection when I turn them on, so I think were reset.
Any smart router (including yours) has two operational modes - default and advanced. And the both of them allow your computer to obtain an Internet access. Under default mode that access used default (factory) setting of the router. Under advanced mode you can make changes in default setting - open/close specific ports, prepare filters, etc.

Then to have possibility to make such changes you need to login to router and obtain router's interface. So you need to use login/password. If you not changed default password to your own one, any intruder can login to your router from outside by obtaining default login/password from any open list similar to one I gave you. It does not change your Internet access but can provide some or full control on router and create redirection and other undesirable actions - exactly as it happened in your case.

By the other words, you have to change the router's login password to maintain required level of Internet security.

Computer behavior is better.
I was able to post my response much faster, without all the popups on this page!
Nice to read it! :D

Ok, so maybe I don't have my network renamed and re-passworded. Spouse just came home and fired up the laptop and it automatically connected. I expected it to need the new network name and password entered before it would connect. Now I don't know what I've done or where to go from here with the network setup.
Network renaming and router resetting are two different independent processes and you don't need to mix them.

If your spouse's laptop could automatically connected to the network it means that you did not change anything yet. It is very good because it will allows me to complete cleaning your computer. Please refrain from any further attempt to change any setting of your network before the cleaning is done.

Let continue...

ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ESETScan.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware