BleepingComputer.com: Combofix Log Review for my badass new laptop

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Combofix Log Review for my badass new laptop

#1 User is offline   sweetog 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 03-June 11

Posted 03 June 2011 - 02:06 AM

Hey guys, I had network outage late last night with my servers and than internet issues in the office, I thought my sweet new m6500 hundred got infected with a virus, my brother took it upon himself to try and install CS5 for me and had run a keygen.exe but had it running on his computer for six months and said it was virus free, I didn't want to steal CS5 so he did not install, I ran Malwarebytes deep scan and it was clear, I watched all traffic with TCPView and verified any suspicious IPs and all clear there, I run HiJack this and Combofix and the logs looked good to me, I think I am good to go but I was wondering if someone good review my HijackTHis log and ComboFix log and give me the all clear. I attached the keygen that I used, I have even found online where people said it was virus free.



Thanks for what you guys do, rock on with your bad ass geek-self

ComboFix 11-06-02.02 - M6500 06/02/2011 22:23:05.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16308.13598 [GMT -7:00]
Running from: c:\users\M6500\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-03 05:26 . 2011-06-03 05:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-03 02:15 . 2011-06-03 02:15 -------- d-----w- c:\program files (x86)\Trend Micro
2011-06-02 23:27 . 2011-06-02 23:27 -------- d-----w- c:\programdata\Malwarebytes
2011-06-02 23:27 . 2011-05-29 16:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-02 23:27 . 2011-06-02 23:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-02 23:27 . 2011-05-29 16:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 03:33 . 2011-06-02 03:33 -------- d-----w- c:\program files\Microsoft.NET
2011-06-01 23:17 . 2011-06-01 23:17 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2011-06-01 23:14 . 2011-06-01 23:14 -------- d-----w- c:\programdata\Creative
2011-06-01 23:12 . 2011-06-01 23:13 -------- d-----w- c:\programdata\Skype Extras
2011-06-01 23:10 . 2011-06-01 23:10 -------- d-----r- c:\program files (x86)\Skype
2011-06-01 23:10 . 2011-06-01 23:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-06-01 23:10 . 2011-06-01 23:10 -------- d-----w- c:\programdata\Skype
2011-06-01 22:35 . 2011-06-01 22:35 -------- d-----w- c:\program files (x86)\ProcessExplorer
2011-06-01 22:23 . 2011-06-01 22:23 -------- d-----w- c:\program files (x86)\Fiddler2
2011-06-01 20:41 . 2011-06-01 20:43 -------- d-----w- c:\program files (x86)\FlashDevelop
2011-06-01 20:40 . 2011-06-01 20:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-01 20:40 . 2011-06-01 20:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-01 20:40 . 2011-06-01 20:40 -------- d-----w- c:\program files (x86)\Java
2011-06-01 20:07 . 2011-06-01 20:07 -------- d-----w- c:\windows\system32\SPReview
2011-06-01 20:07 . 2011-06-01 20:07 -------- d-----w- c:\windows\system32\EventProviders
2011-06-01 20:05 . 2010-11-20 13:27 44544 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2011-06-01 19:48 . 2011-06-01 19:48 -------- d-----w- c:\program files (x86)\Common Files\Roxio Shared
2011-06-01 19:48 . 2011-06-01 19:48 -------- d-----w- c:\program files (x86)\Roxio
2011-06-01 19:37 . 2011-06-01 19:37 -------- d-----w- c:\windows\system32\appmgmt
2011-06-01 18:56 . 2011-06-01 18:56 -------- d-----w- c:\program files\TortoiseSVN
2011-06-01 18:56 . 2011-06-01 18:56 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2011-06-01 08:01 . 2011-06-01 08:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-06-01 06:34 . 2011-06-01 08:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-06-01 03:33 . 2011-06-01 03:33 -------- d-----w- c:\programdata\CyberLink
2011-06-01 02:47 . 2011-06-01 02:47 -------- d-----w- c:\programdata\ALM
2011-06-01 02:44 . 2011-06-01 02:44 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-06-01 02:44 . 2011-06-01 02:44 -------- d-----w- c:\program files (x86)\My Company Name
2011-06-01 02:43 . 2011-06-01 02:48 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-01 02:43 . 2011-06-01 02:43 -------- d-----w- c:\windows\SysWow64\Macromed
2011-06-01 02:43 . 2011-06-01 02:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-06-01 02:22 . 2011-06-01 02:22 -------- d-----w- c:\program files\7-Zip
2011-06-01 02:16 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-06-01 02:16 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-06-01 02:16 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-06-01 02:16 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-06-01 02:15 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-06-01 01:13 . 2011-06-01 01:13 -------- d-----w- c:\program files\Axantum
2011-06-01 00:12 . 2011-06-01 00:12 -------- d-----w- c:\program files (x86)\Notepad++
2011-05-31 23:56 . 2011-05-31 23:56 -------- d-----w- c:\program files (x86)\AutoHotkey
2011-05-31 20:07 . 2011-06-02 03:31 -------- d-----w- c:\windows\system32\1033
2011-05-31 20:01 . 2011-06-02 03:31 -------- d-----w- c:\windows\SysWow64\1033
2011-05-31 19:44 . 2011-05-31 19:44 -------- d-----w- c:\program files\Microsoft SDKs
2011-05-31 19:44 . 2011-05-31 19:44 -------- d-----w- c:\program files\Business Objects
2011-05-31 19:44 . 2011-05-31 19:44 -------- d-----w- c:\windows\SysWow64\js
2011-05-31 19:44 . 2011-05-31 19:44 -------- d-----w- c:\windows\SysWow64\css
2011-05-31 19:44 . 2011-05-31 19:44 -------- d-----w- c:\program files (x86)\Business Objects
2011-05-31 19:42 . 2011-06-02 03:31 -------- d-----w- c:\program files\Microsoft SQL Server
2011-05-31 19:42 . 2011-06-02 10:02 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2011-05-31 19:42 . 2011-05-31 19:42 -------- d-----w- c:\program files\Microsoft Device Emulator
2011-05-31 19:42 . 2011-05-31 19:42 -------- d-----w- c:\program files (x86)\Microsoft Device Emulator
2011-05-31 19:39 . 2011-05-31 19:39 -------- d-----w- c:\programdata\PreEmptive Solutions
2011-05-31 19:38 . 2011-05-31 19:38 -------- d-----w- c:\windows\symbols
2011-05-31 19:38 . 2011-06-03 00:49 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2011-05-31 19:38 . 2011-06-02 03:32 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2011-05-31 19:38 . 2011-05-31 19:38 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2011-05-31 19:38 . 2011-05-31 19:38 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-05-31 19:38 . 2011-05-31 19:38 -------- d-----w- c:\program files (x86)\CE Remote Tools
2011-05-31 19:37 . 2011-05-31 19:37 -------- d-----w- c:\program files (x86)\Microsoft Web Designer Tools
2011-05-31 19:30 . 2011-05-31 19:30 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-31 19:30 . 2011-05-31 19:30 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2011-05-31 19:29 . 2011-05-31 19:30 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-05-31 19:29 . 2011-05-31 19:29 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-05-31 19:27 . 2011-02-18 10:56 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-05-31 19:27 . 2011-02-18 05:43 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-31 19:27 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76EA8880-9CBF-44C0-A757-A951F489B272}\mpengine.dll
2011-05-31 19:27 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-31 19:27 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-05-31 19:27 . 2011-03-03 03:52 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-05-31 19:27 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-31 19:27 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-05-31 19:27 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-05-31 19:27 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-05-27 18:48 . 2011-03-08 06:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-27 18:48 . 2011-03-08 05:28 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-05-27 18:47 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-05-27 18:47 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-05-27 18:47 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-05-27 18:47 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-05-27 18:47 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2011-05-27 18:47 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2011-05-27 18:47 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2011-05-27 18:47 . 2010-11-20 13:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2011-05-27 18:46 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-27 18:46 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-05-27 18:46 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-05-27 18:46 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
2011-05-27 18:46 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-27 18:46 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-27 18:46 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-27 18:46 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-27 18:46 . 2011-05-27 18:46 -------- d-----w- c:\windows\SysWow64\Wat
2011-05-27 18:46 . 2011-05-27 18:46 -------- d-----w- c:\windows\system32\Wat
2011-05-18 20:14 . 2011-05-25 00:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-18 20:09 . 2011-06-02 07:30 -------- d-----w- c:\users\M6500
2011-05-11 00:04 . 2011-05-11 01:01 -------- d-----w- c:\windows\Panther
2011-05-11 00:04 . 2011-06-01 20:16 -------- d-----w- C:\Boot
2011-05-10 23:59 . 2011-05-10 23:59 -------- d-----w- c:\windows\system32\oem
2011-05-10 23:54 . 2009-10-13 03:18 319488 ----atw- c:\windows\system32\drivers\tifm21.sys
2011-05-10 23:54 . 2009-08-07 10:24 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-05-10 23:54 . 2009-05-31 06:43 305192 ----a-w- c:\windows\system32\drivers\b57nd60a.sys
2011-05-10 23:54 . 2009-10-13 03:18 1919968 ----atw- c:\windows\system32\WdfCoInstaller01005.dll
2011-05-10 23:54 . 2009-10-24 16:14 5248 ----a-w- c:\windows\system32\drivers\qcfilterdl.sys
2011-05-10 23:54 . 2009-10-24 16:14 118272 ----a-w- c:\windows\system32\drivers\qcusbserdl.sys
2011-05-10 23:54 . 2009-10-13 03:18 487936 ----atw- c:\windows\system32\drivers\stwrt64.sys
2011-05-10 23:54 . 2009-10-13 03:18 431616 ----atw- c:\windows\system32\stcplx64.dll
2011-05-10 23:54 . 2009-10-13 03:18 1431552 ----atw- c:\windows\system32\stapo64.dll
2011-05-10 23:54 . 2009-10-13 03:18 604672 ------w- c:\windows\system32\stapi64.dll
2011-05-10 23:54 . 2009-10-13 03:18 209920 ----atw- c:\windows\system32\st646229.dll
2011-05-10 23:54 . 2011-05-11 01:07 -------- d-----w- C:\MININT
2011-05-10 23:07 . 2011-05-10 23:07 -------- d-----w- c:\program files\IDT
2011-05-10 23:07 . 2009-10-13 03:18 3683840 ----atw- c:\windows\system32\stlang64.dll
2011-05-10 23:07 . 2009-10-13 03:18 11923456 ----atw- c:\windows\system32\idtsg64.cpl
2011-05-10 23:07 . 2009-10-13 03:17 68608 ----atw- c:\windows\system32\AESTAR64.dll
2011-05-10 23:07 . 2009-10-13 03:17 444928 ----atw- c:\windows\system32\AESTEC64.dll
2011-05-10 23:07 . 2009-10-13 03:17 162304 ----atw- c:\windows\system32\AESTAC64.dll
2011-05-10 23:07 . 2011-05-10 23:07 -------- d-----w- c:\windows\system32\SRSLabs
2011-05-10 23:06 . 2011-06-03 05:27 -------- d-----w- c:\programdata\NVIDIA
2011-05-10 23:06 . 2011-05-10 23:06 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-05-10 23:06 . 2011-06-03 02:15 -------- d-sh--w- c:\windows\Installer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-01 20:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-01 20:09 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\M6500\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\M6500\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\M6500\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\M6500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AutoHotkey.exe - Shortcut.lnk - c:\program files (x86)\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]
Dropbox.lnk - c:\users\M6500\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 QCFilterdl;Dell Wireless 5600 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterdl.sys [x]
R3 qcusbserdl;Dell USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserdl.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\AESTSr64.exe [2009-10-13 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 1039776]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 31136]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-31 235624]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2139960091-761959846-5263450-1001Core.job
- c:\users\M6500\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 08:46]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2139960091-761959846-5263450-1001UA.job
- c:\users\M6500\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 08:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\M6500\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\M6500\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\M6500\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\M6500\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF8889.cfxxe" [X]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-29 1875048]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-07-31 283240]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-13 450048]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\M6500\AppData\Roaming\Mozilla\Firefox\Profiles\ggltrtrr.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2011-06-02 22:29:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-03 05:29
.
Pre-Run: 170,760,155,136 bytes free
Post-Run: 170,773,229,568 bytes free
.
- - End Of File - - F8CE372ED224F2CD267386EB5E7EE3C1



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:41:51 PM, on 6/2/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Users\M6500\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - Startup: AutoHotkey.exe - Shortcut.lnk = C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
O4 - Startup: Dropbox.lnk = C:\Users\M6500\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9175 bytes

This post has been edited by Andrew: 03 June 2011 - 02:16 AM
Reason for edit: Mod Edit: Removed Potentially Dangerous Link - AA

#2 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 11 June 2011 - 10:18 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.

  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!

  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.

  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!

  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!

  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.


____________________________________________________

Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 13 June 2011 - 12:52 PM

Hi!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?

Please Note: Unless notified in advance, threads with no response in 3 days get closed.

Thanks,
SweetTech.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#4 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 14 June 2011 - 01:48 PM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users