Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Redirects to 63.209.69.107 and other locations


  • This topic is locked This topic is locked
26 replies to this topic

#1 MikeJensen

MikeJensen

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 10 December 2011 - 02:02 PM

Hello!

I'm getting redirects in firefox every once and a while to different websites including the IP 63.209.69.107. Other sites pop up in new windows with about 10 tabs at a time. I installed noscript but I think that's just alleviating the symptoms and not the cause.

I'm running x64 windows here is my DDS text:


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Mike at 10:52:10 on 2011-12-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16352.11164 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Switcher\Switcher.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Mike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\Pixologic\ZBrush 4R2\ZBrush.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Mike\Downloads\Firefox\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Switcher] "C:\Program Files (x86)\Switcher\Switcher.exe" /quiet
uRun: [AdobeBridge]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TOGGLE~1.LNK - C:\Windows\ToggleHiddenFiles.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8CAED177-AC9B-4CF7-85FF-ECDF639B9CC7} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\HmelyoffLabs\VHToolkit\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
IE-X64: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: G:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: G:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-25 381248]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-4 17152]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ekrn;ESET Service;"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" --> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176]
S2 VRaySpawner 2011;VRaySpawner 2011;C:\Program Files\Autodesk\3ds Max 2012\vrayspawner2012.exe --> C:\Program Files\Autodesk\3ds Max 2012\vrayspawner2012.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-22 79360]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-15 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
.
=============== Created Last 30 ================
.
2011-12-05 05:44:17 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-05 05:44:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-04 15:57:29 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-12-04 15:38:54 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2011-12-04 15:38:07 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-04 11:48:00 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-12-04 10:07:18 -------- d-----w- C:\Program Files\ESET
2011-12-04 09:17:14 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-12-04 09:15:15 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-12-04 09:15:08 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-12-04 08:36:03 -------- d--h--w- C:\ckis
2011-12-04 08:36:03 -------- d-----w- C:\Program Files\Kaspersky Lab
2011-12-04 08:29:27 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-12-04 08:27:31 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2011-11-30 12:54:38 -------- d-----w- C:\Users\Mike\AppData\Local\UtilCommonpnp
2011-11-30 09:22:11 -------- d-----we C:\Windows\system64
2011-11-23 07:18:04 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2011-11-23 07:17:42 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2011-11-23 07:17:40 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2011-11-23 07:17:38 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-11-23 07:17:38 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-11-23 07:17:38 2873820 ------w- C:\Windows\SysWow64\Sens_oal.dll
2011-11-23 07:17:38 1908736 ------w- C:\Windows\System32\Sens_oal.dll
2011-11-23 07:17:38 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-11-23 07:17:38 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-11-23 07:17:26 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2011-11-23 07:17:16 -------- d-----w- C:\Program Files\Creative
2011-11-23 07:16:40 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2011-11-23 07:16:40 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2011-11-23 07:16:40 190976 ----a-w- C:\Windows\System32\APOMgr64.DLL
2011-11-23 07:16:40 148480 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2011-11-23 07:16:17 11264 ----a-w- C:\Windows\SysWow64\INRES.DLL
2011-11-23 07:16:17 10752 ----a-w- C:\Windows\System32\INRES.DLL
2011-11-23 07:16:16 -------- d-----w- C:\Program Files (x86)\Creative
2011-11-11 08:14:05 -------- d-----w- C:\Users\Mike\AppData\Local\Skyrim
.
==================== Find3M ====================
.
2011-12-09 21:59:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 23:41:41 53248 ----a-w- C:\Windows\SysWow64\nvTextureToolsUtil.dll
2011-11-05 23:41:41 40960 ----a-w- C:\Windows\SysWow64\nvISWOW64.dll
2011-11-05 23:41:41 151552 ----a-w- C:\Windows\SysWow64\nvRegDev.dll
2011-10-03 13:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-25 23:15:40 307008 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 10:53:16.82 ===============


Thanks a million! =)

Edited by RPMcMurphy, 10 December 2011 - 05:14 PM.
Removed code tags


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 10 December 2011 - 05:16 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 10 December 2011 - 06:02 PM

Hey RPMcMurphy!

Thanks for such a fast reply =). Here's my combofix log.txt

ComboFix 11-12-10.01 - Mike 12/10/2011 14:34:48.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16352.10447 [GMT -8:00]
Running from: c:\users\Mike\Downloads\Firefox\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mike\g2mdlhlpx.exe
c:\windows\box.exe
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\srrstr.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\system32\termsrv.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 22:46 . 2011-12-10 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-05 05:44 . 2011-12-05 05:44 -------- d-----w- c:\programdata\Malwarebytes
2011-12-05 05:44 . 2011-12-05 05:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-04 15:57 . 2011-12-04 15:57 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-12-04 15:38 . 2011-12-04 15:38 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2011-12-04 15:38 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 11:48 . 2011-12-04 09:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-04 10:07 . 2011-12-04 10:07 -------- d-----w- c:\program files\ESET
2011-12-04 09:17 . 2011-12-04 09:17 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-04 09:15 . 2011-11-03 20:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-04 09:15 . 2011-12-04 09:15 -------- d-----w- c:\programdata\Lavasoft
2011-12-04 09:15 . 2011-12-04 09:15 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-04 08:36 . 2011-12-04 08:36 -------- d-----w- c:\program files\Kaspersky Lab
2011-12-04 08:36 . 2008-02-08 01:10 -------- d-----w- C:\ckis
2011-12-04 08:29 . 2011-12-10 22:50 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-04 08:27 . 2011-12-04 08:27 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-11-30 12:54 . 2011-12-04 15:52 -------- d-----w- c:\users\Mike\AppData\Local\UtilCommonpnp
2011-11-30 09:22 . 2011-11-30 09:22 -------- d-----we c:\windows\system64
2011-11-23 07:18 . 2003-06-13 07:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2011-11-23 07:17 . 2011-11-23 07:17 -------- d-----w- c:\program files (x86)\Common Files\Creative
2011-11-23 07:17 . 2011-11-23 07:17 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2011-11-23 07:17 . 2011-11-23 07:17 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-11-23 07:17 . 2011-11-23 07:17 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-11-23 07:17 . 2011-11-23 07:17 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-11 08:14 . 2011-11-11 08:14 -------- d-----w- c:\users\Mike\AppData\Local\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 21:59 . 2011-06-16 06:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 23:41 . 2011-11-05 23:41 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2011-11-05 23:41 . 2011-11-05 23:41 53248 ----a-w- c:\windows\SysWow64\nvTextureToolsUtil.dll
2011-11-05 23:41 . 2011-11-05 23:41 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2011-10-03 13:06 . 2011-07-02 03:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-25 23:59 . 2011-10-20 23:46 809792 ----a-w- c:\windows\system32\nv3dappshext.dll
2011-09-25 23:59 . 2011-10-20 23:46 741184 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-09-25 23:59 . 2011-10-20 23:46 63296 ----a-w- c:\windows\system32\nvshext.dll
2011-09-25 23:59 . 2011-10-20 23:46 6320448 ----a-w- c:\windows\system32\nvcpl.dll
2011-09-25 23:59 . 2011-10-20 23:46 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2011-09-25 23:59 . 2011-10-20 23:46 3044160 ----a-w- c:\windows\system32\nvsvc64.dll
2011-09-25 23:59 . 2011-10-20 23:46 2562368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-09-25 23:59 . 2011-10-20 23:46 119616 ----a-w- c:\windows\system32\nvmctray.dll
2011-09-25 23:59 . 2011-10-20 23:46 1020224 ----a-w- c:\windows\system32\nvvsvc.exe
2011-09-25 23:59 . 2011-10-20 23:46 8872768 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-09-25 23:59 . 2011-10-20 23:46 7132480 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-25 23:59 . 2011-10-20 23:46 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-25 23:59 . 2011-10-20 23:46 6561088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-09-25 23:59 . 2011-10-20 23:46 59712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-09-25 23:59 . 2011-10-20 23:46 5306176 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-09-25 23:59 . 2011-10-20 23:46 2946368 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-25 23:59 . 2011-10-20 23:46 2806592 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-09-25 23:59 . 2011-10-20 23:46 2653504 ----a-w- c:\windows\system32\nvapi64.dll
2011-09-25 23:59 . 2011-10-20 23:46 2344256 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-09-25 23:59 . 2011-10-20 23:46 22308160 ----a-w- c:\windows\system32\nvoglv64.dll
2011-09-25 23:59 . 2011-10-20 23:46 2215232 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-25 23:59 . 2011-10-20 23:46 2084672 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-09-25 23:59 . 2011-10-20 23:46 18584896 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-25 23:59 . 2011-10-20 23:46 16474432 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-09-25 23:59 . 2011-10-20 23:46 15245120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-09-25 23:59 . 2011-10-20 23:46 1497920 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-09-25 23:59 . 2011-10-20 23:46 1452352 ----a-w- c:\windows\system32\nvgenco6420103.dll
2011-09-25 23:59 . 2011-10-20 23:46 13392704 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-25 23:59 . 2011-10-20 23:46 13013312 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-09-25 23:59 . 2011-10-20 23:46 12010816 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-09-25 23:15 . 2011-09-25 23:15 307008 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-13 1242448]
"Switcher"="c:\program files (x86)\Switcher\Switcher.exe" [2007-10-28 425984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]
ToggleHiddenFiles - Shortcut.lnk - c:\windows\ToggleHiddenFiles.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2011-8-29 286720]
Orbit.lnk - c:\program files (x86)\Orbitdownloader\orbitdm.exe [2011-7-13 1843000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 136176]
R2 VRaySpawner 2011;VRaySpawner 2011;c:\program files\Autodesk\3ds Max 2012\vrayspawner2012.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-23 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-16 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-25 381248]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-04 17152]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 05:59]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 05:59]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902735967-1162547028-479086117-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 13:43]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902735967-1162547028-479086117-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 13:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1694016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-JScreenFix - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1902735967-1162547028-479086117-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{221BBDF1-5EBB-CFCC-D8F3-3099AD4AFA66}*]
"hakeikkclcgjjmah"=hex:63,62,68,62,66,64,68,70,6e,64,64,68,65,6f,70,6e,69,67,
6c,62,68,68,6f,6a,64,69,62,6c,66,6e,65,69,66,6a,6c,6f,62,68,00,00
"iaaehlcijmmpidjiab"=hex:63,62,68,62,66,64,68,70,6e,64,64,68,65,6f,66,6f,6a,66,
66,69,6c,69,6c,61,6d,62,68,65,70,61,67,62,69,65,6e,6e,64,62,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"PackageTag"=dword:6090e758
"ScannerVersion"="Locked/open ESET for status."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Digsby\lib\digsby-app.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Orbitdownloader\orbitnet.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-12-10 14:58:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-10 22:58
.
Pre-Run: 78,703,403,008 bytes free
Post-Run: 107,806,281,728 bytes free
.
- - End Of File - - EFB6081E77903D77FC4DB2B01F3DA2CB

Edited by RPMcMurphy, 10 December 2011 - 06:20 PM.
Removed code tags


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 10 December 2011 - 11:31 PM

MikeJensen:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DirLook::

DirLook::
C:\ckis
Suspect::[131]
c:\windows\system32\slwga.dll
c:\windows\system32\srrstr.dll
c:\windows\system32\systemcpl.dll
c:\windows\system32\termsrv.dll

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 11 December 2011 - 01:40 AM

Thanks for the continued help! Below are the logs you requested. I'll separate them by code tags.

ComboFix 11-12-10.01 - Mike 12/10/2011 20:37:12.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16352.13576 [GMT -8:00]
Running from: c:\users\Mike\Downloads\Firefox\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\slwga.dll
c:\windows\system32\srrstr.dll
c:\windows\system32\systemcpl.dll
c:\windows\system32\termsrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 04:47 . 2011-12-11 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-05 05:44 . 2011-12-05 05:44 -------- d-----w- c:\programdata\Malwarebytes
2011-12-05 05:44 . 2011-12-05 05:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-04 15:57 . 2011-12-04 15:57 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-12-04 15:38 . 2011-12-04 15:38 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2011-12-04 15:38 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 11:48 . 2011-12-04 09:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-04 10:07 . 2011-12-04 10:07 -------- d-----w- c:\program files\ESET
2011-12-04 09:17 . 2011-12-04 09:17 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-04 09:15 . 2011-11-03 20:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-04 09:15 . 2011-12-04 09:15 -------- d-----w- c:\programdata\Lavasoft
2011-12-04 09:15 . 2011-12-04 09:15 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-04 08:36 . 2011-12-04 08:36 -------- d-----w- c:\program files\Kaspersky Lab
2011-12-04 08:36 . 2008-02-08 01:10 -------- d-----w- C:\ckis
2011-12-04 08:29 . 2011-12-11 04:54 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-04 08:27 . 2011-12-04 08:27 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-11-30 12:54 . 2011-12-04 15:52 -------- d-----w- c:\users\Mike\AppData\Local\UtilCommonpnp
2011-11-30 09:22 . 2011-11-30 09:22 -------- d-----we c:\windows\system64
2011-11-23 07:18 . 2003-06-13 07:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2011-11-23 07:17 . 2011-11-23 07:17 -------- d-----w- c:\program files (x86)\Common Files\Creative
2011-11-23 07:17 . 2011-11-23 07:17 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2011-11-23 07:17 . 2011-11-23 07:17 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-11-23 07:17 . 2011-11-23 07:17 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-11-23 07:17 . 2011-11-23 07:17 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-11 08:14 . 2011-11-11 08:14 -------- d-----w- c:\users\Mike\AppData\Local\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 21:59 . 2011-06-16 06:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 23:41 . 2011-11-05 23:41 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2011-11-05 23:41 . 2011-11-05 23:41 53248 ----a-w- c:\windows\SysWow64\nvTextureToolsUtil.dll
2011-11-05 23:41 . 2011-11-05 23:41 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2011-10-03 13:06 . 2011-07-02 03:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-25 23:59 . 2011-10-20 23:46 809792 ----a-w- c:\windows\system32\nv3dappshext.dll
2011-09-25 23:59 . 2011-10-20 23:46 741184 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-09-25 23:59 . 2011-10-20 23:46 63296 ----a-w- c:\windows\system32\nvshext.dll
2011-09-25 23:59 . 2011-10-20 23:46 6320448 ----a-w- c:\windows\system32\nvcpl.dll
2011-09-25 23:59 . 2011-10-20 23:46 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2011-09-25 23:59 . 2011-10-20 23:46 3044160 ----a-w- c:\windows\system32\nvsvc64.dll
2011-09-25 23:59 . 2011-10-20 23:46 2562368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-09-25 23:59 . 2011-10-20 23:46 119616 ----a-w- c:\windows\system32\nvmctray.dll
2011-09-25 23:59 . 2011-10-20 23:46 1020224 ----a-w- c:\windows\system32\nvvsvc.exe
2011-09-25 23:59 . 2011-10-20 23:46 8872768 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-09-25 23:59 . 2011-10-20 23:46 7132480 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-25 23:59 . 2011-10-20 23:46 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-25 23:59 . 2011-10-20 23:46 6561088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-09-25 23:59 . 2011-10-20 23:46 59712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-09-25 23:59 . 2011-10-20 23:46 5306176 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-09-25 23:59 . 2011-10-20 23:46 2946368 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-25 23:59 . 2011-10-20 23:46 2806592 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-09-25 23:59 . 2011-10-20 23:46 2653504 ----a-w- c:\windows\system32\nvapi64.dll
2011-09-25 23:59 . 2011-10-20 23:46 2344256 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-09-25 23:59 . 2011-10-20 23:46 22308160 ----a-w- c:\windows\system32\nvoglv64.dll
2011-09-25 23:59 . 2011-10-20 23:46 2215232 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-25 23:59 . 2011-10-20 23:46 2084672 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-09-25 23:59 . 2011-10-20 23:46 18584896 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-25 23:59 . 2011-10-20 23:46 16474432 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-09-25 23:59 . 2011-10-20 23:46 15245120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-09-25 23:59 . 2011-10-20 23:46 1497920 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-09-25 23:59 . 2011-10-20 23:46 1452352 ----a-w- c:\windows\system32\nvgenco6420103.dll
2011-09-25 23:59 . 2011-10-20 23:46 13392704 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-25 23:59 . 2011-10-20 23:46 13013312 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-09-25 23:59 . 2011-10-20 23:46 12010816 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-09-25 23:15 . 2011-09-25 23:15 307008 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\ckis ----
.
2011-12-04 08:36 . 2006-05-14 09:02 112504 ---ha-r- c:\ckis\crack.lst
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-10_22.50.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-12-11 04:55 46292 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-11 04:55 36296 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-16 19:34 . 2011-12-11 04:55 10794 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1902735967-1162547028-479086117-1000_UserData.bin
- 2011-07-08 20:52 . 2011-12-10 22:49 14933 c:\windows\system64\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2011-07-08 20:52 . 2011-12-11 04:48 14933 c:\windows\system64\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2010-11-21 03:09 . 2011-12-11 04:55 46292 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-11 04:55 36296 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-16 19:34 . 2011-12-11 04:55 10794 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1902735967-1162547028-479086117-1000_UserData.bin
- 2011-07-08 20:52 . 2011-12-10 22:49 14933 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2011-07-08 20:52 . 2011-12-11 04:48 14933 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
- 2011-06-16 19:19 . 2011-12-10 22:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 19:19 . 2011-12-11 04:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 19:19 . 2011-12-11 04:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-16 19:19 . 2011-12-10 22:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-16 19:19 . 2011-12-11 04:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-16 19:19 . 2011-12-10 22:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-16 19:19 . 2011-12-10 22:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 19:19 . 2011-12-11 04:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-16 19:19 . 2011-12-10 22:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-16 19:19 . 2011-12-11 04:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-11 04:48 . 2011-12-11 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-10 22:49 . 2011-12-10 22:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-11 04:48 . 2011-12-11 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-10 22:49 . 2011-12-10 22:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-12-10 22:53 737280 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-11 04:48 737280 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2011-12-10 22:47 470044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-11 04:47 470044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-16 10:28 . 2011-12-10 22:47 1047440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1902735967-1162547028-479086117-1000-12288.dat
+ 2011-06-16 10:28 . 2011-12-11 04:47 1047440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1902735967-1162547028-479086117-1000-12288.dat
- 2009-07-14 04:54 . 2011-12-10 22:49 14106624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-11 04:48 14106624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-10 22:49 12976128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-11 04:48 12976128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-13 1242448]
"Switcher"="c:\program files (x86)\Switcher\Switcher.exe" [2007-10-28 425984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]
ToggleHiddenFiles - Shortcut.lnk - c:\windows\ToggleHiddenFiles.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2011-8-29 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 136176]
R2 VRaySpawner 2011;VRaySpawner 2011;c:\program files\Autodesk\3ds Max 2012\vrayspawner2012.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-23 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-16 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-25 381248]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-04 17152]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 05:59]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 05:59]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902735967-1162547028-479086117-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 13:43]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902735967-1162547028-479086117-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 13:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1694016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1902735967-1162547028-479086117-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{221BBDF1-5EBB-CFCC-D8F3-3099AD4AFA66}*]
"hakeikkclcgjjmah"=hex:63,62,68,62,66,64,68,70,6e,64,64,68,65,6f,70,6e,69,67,
6c,62,68,68,6f,6a,64,69,62,6c,66,6e,65,69,66,6a,6c,6f,62,68,00,00
"iaaehlcijmmpidjiab"=hex:63,62,68,62,66,64,68,70,6e,64,64,68,65,6f,66,6f,6a,66,
66,69,6c,69,6c,61,6d,62,68,65,70,61,67,62,69,65,6e,6e,64,62,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"PackageTag"=dword:6090e758
"ScannerVersion"="Locked/open ESET for status."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Digsby\lib\digsby-app.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Digsby\lib\aspell\bin\aspell.exe
.
**************************************************************************
.
Completion time: 2011-12-10 21:01:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 05:01
ComboFix2.txt 2011-12-10 22:58
.
Pre-Run: 92,510,515,200 bytes free
Post-Run: 93,429,760,000 bytes free
.
- - End Of File - - 2F89D7239F2146871773BC6F4841655E
Upload was successful


MBAM Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8351

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/10/2011 10:38:47 PM
mbam-log-2011-12-10 (22-38-47).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|)
Objects scanned: 479139
Time elapsed: 1 hour(s), 34 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by RPMcMurphy, 11 December 2011 - 11:39 AM.
Removed code tags


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 11 December 2011 - 11:49 AM

MikeJensen:

It looks like you tinkered with a crack for Kaspersky last week. Messing with those types of files is not only illegal, but they are a major source of malware, thus we strongly recommend staying away from activity like that.

Please do this next:

Posted Image Click Start > Run or Press the Windows Key + R. copy and paste the following text into the run box that opens and press OK:
C:\Qoobox\Add-Remove Programs.txt

Post the contents of the text file that opens in your next reply.

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Folder::

Folder::
c:\ckis

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:
  • Add/remove Programs list
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 11 December 2011 - 04:19 PM

Hey RPMcMurphy thanks for the quick reply and the advice. I'll make sure to stay away from such files.

Here's my current programs installed. Keep in mind the Kaspersky installed currently is the trial version. Thanks a ton! =)

µTorrent
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
Autodesk Backburner 2012.0.0
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Camtasia Studio 7
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Cheat Engine 6.1
Click to Call with Skype
Crazybump (remove only)
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Deus Ex - Human Revolution version 1.0
Digsby
FileZilla Client 3.5.1
Forest Pack Pro 3.6.2
FXAA Post Process Injector
GOM Player
GOMTV Streamer
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GoToMeeting 4.8.0.723
HiDownloadPlatinum
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
Kaspersky Internet Security 2012
LAME v3.98.3 for Audacity
Launchy 2.1.2
Left 4 Dead 2
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 8.0 (x86 en-US)
NVIDIA 3D Vision Controller Driver
NVIDIA Stereoscopic 3D Driver
NVIDIA Texture Tools 2 - 64 bit
Oblivion
Oblivion mod manager 1.1.12
PDF Settings CS5
Picasa 3
Portal 2
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Sculptris Alpha 6
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Skype™ 5.5
SplitMediaLabs VH Screen Capture Driver (x86)
StarCraft II
Steam
Switcher 2.0.0
Team Fortress 2
The Elder Scrolls V: Skyrim
UDPixel.exe
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Ventrilo Client
VH Toolkit 1.0.44.0
VirtualCloneDrive
VLC media player 1.1.10
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
WinPcap 4.1.1
XSplit
YABOT Build Order Editor version 1.0
ZBrush 4
ZBrush 4R2

And here's the ComboFix Log 3:
ComboFix 11-12-10.01 - Mike 12/11/2011  12:42:59.3.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16352.12425 [GMT -8:00]
Running from: c:\users\Mike\Downloads\Firefox\ComboFix.exe
Command switches used :: c:\users\Mike\Downloads\Firefox\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\ckis
c:\ckis\crack.lst
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-11 to 2011-12-11  )))))))))))))))))))))))))))))))
.
.
2011-12-11 20:50 . 2011-12-11 20:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-05 05:44 . 2011-12-05 05:44	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-05 05:44 . 2011-12-05 05:44	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-04 15:57 . 2011-12-04 15:57	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2011-12-04 15:38 . 2011-12-04 15:38	--------	d-----w-	c:\users\Mike\AppData\Roaming\Malwarebytes
2011-12-04 15:38 . 2011-09-01 01:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-04 11:48 . 2011-12-04 09:17	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-12-04 10:07 . 2011-12-04 10:07	--------	d-----w-	c:\program files\ESET
2011-12-04 09:17 . 2011-12-04 09:17	55384	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-12-04 09:15 . 2011-11-03 20:06	69376	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-12-04 09:15 . 2011-12-04 09:15	--------	d-----w-	c:\programdata\Lavasoft
2011-12-04 09:15 . 2011-12-04 09:15	--------	d-----w-	c:\program files (x86)\Lavasoft
2011-12-04 08:36 . 2011-12-04 08:36	--------	d-----w-	c:\program files\Kaspersky Lab
2011-12-04 08:29 . 2011-12-11 20:55	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-12-04 08:27 . 2011-12-04 08:27	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2011-11-30 12:54 . 2011-12-04 15:52	--------	d-----w-	c:\users\Mike\AppData\Local\UtilCommonpnp
2011-11-30 09:22 . 2011-11-30 09:22	--------	d-----we	c:\windows\system64
2011-11-23 07:18 . 2003-06-13 07:25	7062	----a-w-	c:\windows\SysWow64\audiopid.vxd
2011-11-23 07:17 . 2011-11-23 07:17	--------	d-----w-	c:\program files (x86)\Common Files\Creative
2011-11-23 07:17 . 2011-11-23 07:17	--------	d--h--w-	c:\program files (x86)\Creative Installation Information
2011-11-23 07:17 . 2011-11-23 07:17	419840	----a-w-	c:\windows\system32\wrap_oal.dll
2011-11-23 07:17 . 2011-11-23 07:17	413696	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2011-11-23 07:17 . 2011-11-23 07:17	133632	----a-w-	c:\windows\system32\OpenAL32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 21:59 . 2011-06-16 06:24	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 23:41 . 2011-11-05 23:41	151552	----a-w-	c:\windows\SysWow64\nvRegDev.dll
2011-11-05 23:41 . 2011-11-05 23:41	53248	----a-w-	c:\windows\SysWow64\nvTextureToolsUtil.dll
2011-11-05 23:41 . 2011-11-05 23:41	40960	----a-w-	c:\windows\SysWow64\nvISWOW64.dll
2011-10-03 13:06 . 2011-07-02 03:17	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-09-25 23:59 . 2011-10-20 23:46	809792	----a-w-	c:\windows\system32\nv3dappshext.dll
2011-09-25 23:59 . 2011-10-20 23:46	741184	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2011-09-25 23:59 . 2011-10-20 23:46	63296	----a-w-	c:\windows\system32\nvshext.dll
2011-09-25 23:59 . 2011-10-20 23:46	6320448	----a-w-	c:\windows\system32\nvcpl.dll
2011-09-25 23:59 . 2011-10-20 23:46	55616	----a-w-	c:\windows\system32\nv3dappshextr.dll
2011-09-25 23:59 . 2011-10-20 23:46	3044160	----a-w-	c:\windows\system32\nvsvc64.dll
2011-09-25 23:59 . 2011-10-20 23:46	2562368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-09-25 23:59 . 2011-10-20 23:46	119616	----a-w-	c:\windows\system32\nvmctray.dll
2011-09-25 23:59 . 2011-10-20 23:46	1020224	----a-w-	c:\windows\system32\nvvsvc.exe
2011-09-25 23:59 . 2011-10-20 23:46	8872768	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-09-25 23:59 . 2011-10-20 23:46	7132480	----a-w-	c:\windows\system32\nvcuda.dll
2011-09-25 23:59 . 2011-10-20 23:46	68928	----a-w-	c:\windows\system32\OpenCL.dll
2011-09-25 23:59 . 2011-10-20 23:46	6561088	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-09-25 23:59 . 2011-10-20 23:46	59712	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-09-25 23:59 . 2011-10-20 23:46	5306176	----a-w-	c:\windows\SysWow64\nvcuda.dll
2011-09-25 23:59 . 2011-10-20 23:46	2946368	----a-w-	c:\windows\system32\nvcuvid.dll
2011-09-25 23:59 . 2011-10-20 23:46	2806592	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2011-09-25 23:59 . 2011-10-20 23:46	2653504	----a-w-	c:\windows\system32\nvapi64.dll
2011-09-25 23:59 . 2011-10-20 23:46	2344256	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-09-25 23:59 . 2011-10-20 23:46	22308160	----a-w-	c:\windows\system32\nvoglv64.dll
2011-09-25 23:59 . 2011-10-20 23:46	2215232	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-09-25 23:59 . 2011-10-20 23:46	2084672	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2011-09-25 23:59 . 2011-10-20 23:46	18584896	----a-w-	c:\windows\system32\nvcompiler.dll
2011-09-25 23:59 . 2011-10-20 23:46	16474432	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2011-09-25 23:59 . 2011-10-20 23:46	15245120	----a-w-	c:\windows\system32\nvd3dumx.dll
2011-09-25 23:59 . 2011-10-20 23:46	1497920	----a-w-	c:\windows\system32\nvdispco6420150.dll
2011-09-25 23:59 . 2011-10-20 23:46	1452352	----a-w-	c:\windows\system32\nvgenco6420103.dll
2011-09-25 23:59 . 2011-10-20 23:46	13392704	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-09-25 23:59 . 2011-10-20 23:46	13013312	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2011-09-25 23:59 . 2011-10-20 23:46	12010816	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2011-09-25 23:15 . 2011-09-25 23:15	307008	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-12-10_22.50.30   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-12-11 20:55	46768              c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-11 20:55	36352              c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-16 19:34 . 2011-12-11 20:55	10858              c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1902735967-1162547028-479086117-1000_UserData.bin
- 2011-07-08 20:52 . 2011-12-10 22:49	14933              c:\windows\system64\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2011-07-08 20:52 . 2011-12-11 20:53	14933              c:\windows\system64\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2010-11-21 03:09 . 2011-12-11 20:55	46768              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-11 20:55	36352              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-16 19:34 . 2011-12-11 20:55	10858              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1902735967-1162547028-479086117-1000_UserData.bin
- 2011-07-08 20:52 . 2011-12-10 22:49	14933              c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2011-07-08 20:52 . 2011-12-11 20:53	14933              c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
- 2011-06-16 19:19 . 2011-12-10 22:51	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 19:19 . 2011-12-11 20:55	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 19:19 . 2011-12-11 20:55	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-16 19:19 . 2011-12-10 22:51	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-16 19:19 . 2011-12-11 20:55	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-16 19:19 . 2011-12-10 22:51	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-16 19:19 . 2011-12-10 22:51	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 19:19 . 2011-12-11 20:55	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-16 19:19 . 2011-12-10 22:51	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-16 19:19 . 2011-12-11 20:55	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-11 20:51 . 2011-12-11 20:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-10 22:49 . 2011-12-10 22:49	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-11 20:51 . 2011-12-11 20:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-10 22:49 . 2011-12-10 22:49	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-12-10 22:53	737280              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-11 20:51	737280              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2011-12-10 22:47	470044              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-11 20:50	470044              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-16 10:28 . 2011-12-10 22:47	1047440              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1902735967-1162547028-479086117-1000-12288.dat
+ 2011-06-16 10:28 . 2011-12-11 20:50	1047440              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1902735967-1162547028-479086117-1000-12288.dat
- 2009-07-14 04:54 . 2011-12-10 22:49	14106624              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-11 20:51	14106624              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-10 22:49	12976128              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-11 20:51	12976128              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-13 1242448]
"Switcher"="c:\program files (x86)\Switcher\Switcher.exe" [2007-10-28 425984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]
ToggleHiddenFiles - Shortcut.lnk - c:\windows\ToggleHiddenFiles.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2011-8-29 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 136176]
R2 VRaySpawner 2011;VRaySpawner 2011;c:\program files\Autodesk\3ds Max 2012\vrayspawner2012.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-23 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-16 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-25 381248]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-04 17152]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 05:59]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 05:59]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902735967-1162547028-479086117-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 13:43]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902735967-1162547028-479086117-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 13:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1694016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1902735967-1162547028-479086117-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{221BBDF1-5EBB-CFCC-D8F3-3099AD4AFA66}*]
"hakeikkclcgjjmah"=hex:63,62,68,62,66,64,68,70,6e,64,64,68,65,6f,70,6e,69,67,
   6c,62,68,68,6f,6a,64,69,62,6c,66,6e,65,69,66,6a,6c,6f,62,68,00,00
"iaaehlcijmmpidjiab"=hex:63,62,68,62,66,64,68,70,6e,64,64,68,65,6f,66,6f,6a,66,
   66,69,6c,69,6c,61,6d,62,68,65,70,61,67,62,69,65,6e,6e,64,62,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"PackageTag"=dword:6090e758
"ScannerVersion"="Locked/open ESET for status."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Digsby\lib\digsby-app.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-12-11  13:01:39 - machine was rebooted
ComboFix-quarantined-files.txt  2011-12-11 21:01
ComboFix2.txt  2011-12-11 05:02
ComboFix3.txt  2011-12-10 22:58
.
Pre-Run: 75,835,428,864 bytes free
Post-Run: 76,005,339,136 bytes free
.
- - End Of File - - C635379F92646F418EE78AC5BECD0D1C


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 11 December 2011 - 06:17 PM

MikeJensen:

How is the computer running now? Please do this next:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • MBAM log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 11 December 2011 - 08:51 PM

Hey RPMcMurphy!

Everything seems good now however the redirect didn't happen 100% of the time it's frequency is variable. Again thank you so much for your help!

Here's a copy of my latest mbam log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8351

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/11/2011 4:33:25 PM
mbam-log-2011-12-11 (16-33-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 443548
Time elapsed: 44 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And here is the ESET log:
C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe	a variant of Win32/HackTool.CheatEngine.AB application
C:\Users\Mike\Downloads\Firefox\CheatEngine61.exe	multiple threats
C:\Users\Mike\Downloads\Firefox\OrbitDownloaderSetup.exe	Win32/OpenCandy application

As far as cheat engine goes it's a memory scanner and a hex editor so I guess it would make sense that it would show up on the ESET list.
Anyways let me know what you think.
Thanks again!

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 11 December 2011 - 10:55 PM

MikeJensen:

OK, I won't worry about those ESET detections as long as you're familiar with the software and confident it's legit.

Your logs are looking good. All I have left for you is some very important cleanup:

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Edited by RPMcMurphy, 11 December 2011 - 10:55 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 12 December 2011 - 06:22 PM

Hey RPMcMurphy!

I was going to wait until today to follow your instructions and lucky I did - I got another redirect. As far as I can tell, in one window of firefox the redirect will happen and it's reproducible if I go back and try the same action. However if I create a new window,go to the same page, and then preform the action again, that particular window acts normally with no redirect.

I'm thinking I should create a new firefox profile and migrate all of my bookmarks but leave the cookies and just create all new cookies. Let me know what you think.

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 12 December 2011 - 08:05 PM

If we can, I'd be more comfortable finding out exactly what is causing the issue and removing it. Are these symptoms only occuring in Firefox? If your not sure, please do some testing with Internet Explorer and let me know if you have the same issues with that browser.

Run this for me too, please:

Posted Image Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A small window should open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 12 December 2011 - 10:06 PM

Hey RPMcMurphy!

Yeah I use Chrome sometimes (about 1/5th the time I use firefox) and and I have gotten 0 redirects while using chrome. Below is my MBR log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Ultimate Edition
Windows Information:		Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	MSI
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		MSI
System Product Name:		MS-7681
Logical Drives Mask:		0x000003fc

Kernel Drivers (total 168):
  0x03659000 \SystemRoot\system32\ntoskrnl.exe
  0x03610000 \SystemRoot\system32\hal.dll
  0x00B9F000 \SystemRoot\system32\kdcom.dll
  0x00C71000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00CC0000 \SystemRoot\system32\PSHED.dll
  0x00CD4000 \SystemRoot\system32\CLFS.SYS
  0x00D32000 \SystemRoot\system32\CI.dll
  0x00ED5000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F79000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F88000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FDF000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00FE8000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00E00000 \SystemRoot\system32\drivers\pci.sys
  0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E55000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00EC6000 \SystemRoot\system32\drivers\pciide.sys
  0x00C00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00C10000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00FF2000 \SystemRoot\system32\drivers\atapi.sys
  0x00C2A000 \SystemRoot\system32\drivers\ataport.SYS
  0x00C54000 \SystemRoot\system32\drivers\amdxata.sys
  0x010E7000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01133000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01147000 \SystemRoot\system32\DRIVERS\Lbd.sys
  0x0122E000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0115C000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013D1000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01000000 \SystemRoot\System32\Drivers\cng.sys
  0x013EC000 \SystemRoot\System32\drivers\pcw.sys
  0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0142C000 \SystemRoot\system32\drivers\ndis.sys
  0x0151F000 \SystemRoot\system32\drivers\NETIO.SYS
  0x0157F000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x0165E000 \SystemRoot\System32\drivers\tcpip.sys
  0x01862000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x018AC000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x018BC000 \SystemRoot\system32\drivers\volsnap.sys
  0x01908000 \SystemRoot\System32\Drivers\spldr.sys
  0x01910000 \SystemRoot\System32\drivers\rdyboost.sys
  0x0194A000 \SystemRoot\System32\Drivers\mup.sys
  0x01A42000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x021A1000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x021AA000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x021E4000 \SystemRoot\system32\drivers\disk.sys
  0x01A00000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x01984000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x04A08000 \SystemRoot\system32\DRIVERS\klif.sys
  0x04AAB000 \SystemRoot\System32\Drivers\Null.SYS
  0x04AB4000 \SystemRoot\System32\Drivers\Beep.SYS
  0x04ABB000 \SystemRoot\System32\drivers\vga.sys
  0x04AC9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x04AEE000 \SystemRoot\System32\drivers\watchdog.sys
  0x04AFE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x04B07000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x04B10000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x04B19000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x04B24000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x04B35000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x04B57000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x04B64000 \SystemRoot\system32\DRIVERS\kl2.sys
  0x04B6B000 \SystemRoot\system32\drivers\afd.sys
  0x019AE000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x04BF4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x01600000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x01626000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x0162F000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x0163E000 \SystemRoot\system32\DRIVERS\serial.sys
  0x015AA000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x015C5000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x01072000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x019F3000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x015D9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x015E4000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x015F0000 \SystemRoot\System32\drivers\discache.sys
  0x0480D000 \SystemRoot\system32\drivers\csc.sys
  0x04890000 \SystemRoot\System32\Drivers\dfsc.sys
  0x048AE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x048BF000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x048E5000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x05000000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x034EE000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x03400000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x03446000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x0346A000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x0347B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x034D1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x05E08000 \SystemRoot\system32\drivers\P17.sys
  0x05F87000 \SystemRoot\system32\drivers\portcls.sys
  0x05FC4000 \SystemRoot\system32\drivers\drmk.sys
  0x04935000 \SystemRoot\system32\drivers\ks.sys
  0x05FE6000 \SystemRoot\system32\drivers\ksthunk.sys
  0x04978000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x062E2000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x0634C000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x06358000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x06361000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x06377000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x06387000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
  0x0638A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x063A3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x063AC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x063C2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x063E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x06200000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x0622F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0624A000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x0626B000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x06285000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x06290000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x0629F000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x062AE000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x049B6000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x062BD000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x062BF000 \SystemRoot\system32\drivers\LGBusEnum.sys
  0x062C3000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x06805000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x0685F000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x0686C000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
  0x06874000 \SystemRoot\system32\DRIVERS\klmouflt.sys
  0x0687E000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x06893000 \SystemRoot\system32\drivers\AtihdW76.sys
  0x07A47000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x07CF5000 \SystemRoot\system32\drivers\MBfilt64.sys
  0x07D03000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x07D11000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x07D13000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x07D21000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x07D2D000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x07D36000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x07D49000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
  0x00010000 \SystemRoot\System32\win32k.sys
  0x07D52000 \SystemRoot\System32\drivers\Dxapi.sys
  0x07D5E000 \SystemRoot\System32\Drivers\usbaapl64.sys
  0x07D6F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x07D8A000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x07D98000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x07DB5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x004C0000 \SystemRoot\System32\TSDDD.dll
  0x00710000 \SystemRoot\System32\cdd.dll
  0x00880000 \SystemRoot\System32\ATMFD.DLL
  0x07DC3000 \SystemRoot\system32\drivers\luafv.sys
  0x07A00000 \SystemRoot\system32\drivers\WudfPf.sys
  0x07A21000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x07DE6000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x068D1000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x06907000 \SystemRoot\system32\drivers\HTTP.sys
  0x011BA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x069D0000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x0784C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x07879000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x078C7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x078EB000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x07954000 \SystemRoot\System32\DRIVERS\srv.sys
  0x079EC000 \SystemRoot\system32\drivers\npf.sys
  0x0985B000 \SystemRoot\system32\drivers\peauth.sys
  0x09901000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x0990C000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x0991E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x0994F000 \SystemRoot\system32\drivers\LGVirHid.sys
  0x099C3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x099CE000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
  0x099D5000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x0981B000 \SystemRoot\system32\drivers\usbaudio.sys
  0x77270000 \Windows\System32\ntdll.dll
  0x47AD0000 \Windows\System32\smss.exe
  0xFF590000 \Windows\System32\apisetschema.dll

Processes (total 84):
       0 System Idle Process
       4 System
     444 C:\Windows\System32\smss.exe
     652 csrss.exe
     728 C:\Windows\System32\wininit.exe
     748 csrss.exe
     784 C:\Windows\System32\services.exe
     808 C:\Windows\System32\lsass.exe
     816 C:\Windows\System32\lsm.exe
     932 C:\Windows\System32\svchost.exe
     992 C:\Windows\System32\nvvsvc.exe
    1016 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
     372 C:\Windows\System32\svchost.exe
     568 C:\Windows\System32\atiesrxx.exe
     812 C:\Windows\System32\winlogon.exe
    1040 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1268 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1328 C:\Windows\System32\svchost.exe
    1460 C:\Windows\System32\svchost.exe
    1624 C:\Windows\System32\atieclxx.exe
    1640 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    1672 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1840 C:\Windows\System32\spoolsv.exe
    1420 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1528 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1804 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    1108 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2076 C:\Windows\System32\svchost.exe
    2120 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
    2196 C:\Windows\System32\svchost.exe
    2240 C:\Windows\System32\Wacom_Tablet.exe
    2520 unsecapp.exe
    2600 WmiPrvSE.exe
    2908 WUDFHost.exe
    3372 C:\Windows\System32\SearchIndexer.exe
    3084 C:\Windows\System32\taskhost.exe
    3588 C:\Windows\System32\dwm.exe
    3008 C:\Windows\System32\WTablet\Wacom_TabletUser.exe
    2052 C:\Windows\System32\Wacom_Tablet.exe
    3876 C:\Windows\System32\svchost.exe
    1212 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    2568 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
     940 C:\Program Files (x86)\Switcher\Switcher.exe
    3436 C:\Program Files (x86)\Launchy\Launchy.exe
    2616 C:\Program Files (x86)\Digsby\lib\digsby-app.exe
    1384 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2180 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    2576 C:\Program Files (x86)\Winamp\winampa.exe
    2664 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3236 C:\Windows\SysWOW64\rundll32.exe
    3532 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    3524 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    4508 C:\Program Files\iPod\bin\iPodService.exe
    4808 C:\Windows\System32\svchost.exe
    1648 C:\Program Files\Windows Media Player\wmpnetwk.exe
     244 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    4392 C:\Windows\System32\wuauclt.exe
    3676 C:\Program Files (x86)\iTunes\iTunes.exe
    2884 C:\Windows\System32\audiodg.exe
    6116 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    5176 C:\Windows\System32\conhost.exe
    5208 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    3160 C:\Windows\System32\conhost.exe
    4716 C:\Windows\SysWOW64\dllhost.exe
    4524 C:\Windows\System32\rundll32.exe
    5752 C:\Program Files (x86)\Steam\Steam.exe
    5968 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    7752 C:\Windows\explorer.exe
    7084 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    2684 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    1688 C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
    8652 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    1052 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    4640 C:\Users\Mike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
     280 C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
    4668 C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    7412 C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamRecorder.exe
    3924 C:\Program Files (x86)\TechSmith\Camtasia Studio 7\TscHelp.exe
    7672 C:\Users\Mike\Downloads\Firefox\audacity-win-unicode-1.3.13\Audacity 1.3 Beta (Unicode)\audacity.exe
    4228 C:\Program Files (x86)\Pixologic\ZBrush 4R2\ZBrush.exe
    8636 C:\Users\Mike\Downloads\Firefox\MBRCheck.exe
    8624 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000  (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000  (NTFS)
\\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000  (NTFS)
\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000  (NTFS)

PhysicalDrive0 Model Number: WDCWD1001FALS-00K1B0, Rev: 05.00K05
PhysicalDrive1 Model Number: WDCWD1001FALS-00K1B0, Rev: 05.00K05
PhysicalDrive2 Model Number: WDCWD1001FALS-00K1B0, Rev: 05.00K05
PhysicalDrive3 Model Number: WDCWD1001FALS-00K1B0, Rev: 05.00K05

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB  \\.\PhysicalDrive2   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB  \\.\PhysicalDrive3   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 12 December 2011 - 10:31 PM

MikeJensen:

Please run this now:

Posted Image Please download GooredFixfrom one of the locations below and save it to your desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Please include the following in your next post:
  • GooredFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 12 December 2011 - 10:45 PM

Hey RPMcMurphy,

Thanks for the link. I ran the program here's the log you requested:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:42 on 12/12/2011 (Mike)
Firefox version 8.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [07:40 02/07/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:06 21/08/2011]
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [15:26 04/12/2011]

C:\Users\Mike\Application Data\Mozilla\Firefox\Profiles\lnlkirks.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [05:24 17/11/2011]

C:\Users\Mike\Application Data\Mozilla\Firefox\Profiles\r6zx8yuf.Other Acct\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [06:54 08/07/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"linkfilter@kaspersky.ru"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru" [15:57 04/12/2011]
"virtualKeyboard@kaspersky.ru"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru" [15:57 04/12/2011]
"KavAntiBanner@Kaspersky.ru"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru" [15:57 04/12/2011]

-=E.O.F=-





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users