Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting random browser popup advertisements with voice ads


  • This topic is locked This topic is locked
60 replies to this topic

#1 gocaps

gocaps

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 04 April 2012 - 02:53 PM

When I have IE open (and sometimes not) I get a browser popup advertisement with a voice over. I've run Microsoft Security Essentials and it removed several issues. I also ran Malwarebytes Anti-Malware and it also detected and removed several issues, but I still get the popup ads.

The browser that pops-up with the advertisement doesnt have any toolbars, address bar, can't resize and displays "Internet Explorer 8.00.7600.16385" in the browser title bar. I've attached a screenshot of the popup ad.

I've attached the Attach.txt file and here is the dds log:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Mike Nguyen at 15:43:49 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.933 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Users\Mike Nguyen\AppData\Roaming\Mikogo 4\M4-Service.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Users\Mike Nguyen\AppData\Roaming\Mikogo 4\M4-Capture.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Mike Nguyen\AppData\Local\AppCore\ACFinder\ACFinder.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.washingtonpost.com/
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ACFinder] "C:\Users\Mike Nguyen\AppData\Local\AppCore\ACFinder\ACFinder.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\MIKENG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Mike Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
StartupFolder: C:\Users\MIKENG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: army.mil\www.us
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.29 192.168.1.19 192.168.5.41 192.168.5.46
TCP: Interfaces\{0F92C0EA-8147-4069-89AD-8439C86378C3} : DhcpNameServer = 192.168.1.29 192.168.1.19 192.168.5.41 192.168.5.46
TCP: Interfaces\{7CC69D9B-1E64-492F-A13C-9B3F98EED2B6} : DhcpNameServer = 192.168.1.29 192.168.1.19 192.168.5.41 192.168.5.46
TCP: Interfaces\{CFCABEBF-F97B-4DE8-9915-391962397FEF} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CFCABEBF-F97B-4DE8-9915-391962397FEF}\14365727160234573747F6D65627 : DhcpNameServer = 68.105.28.16 68.105.29.16
TCP: Interfaces\{CFCABEBF-F97B-4DE8-9915-391962397FEF}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CFCABEBF-F97B-4DE8-9915-391962397FEF}\B45697D696E64675140513 : DhcpNameServer = 192.168.1.29 192.168.1.19 192.168.5.41 192.168.5.46
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\btmoiaw9.default\
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Mike Nguyen\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike Nguyen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mike Nguyen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-9-20 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-4-10 9663848]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 M4-Service;M4-Service;C:\Users\Mike Nguyen\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-1-16 1007472]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-18 91456]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [?]
R3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);C:\Windows\system32\DRIVERS\dlcdbus.sys --> C:\Windows\system32\DRIVERS\dlcdbus.sys [?]
R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\system32\DRIVERS\ITECIRfilter.sys --> C:\Windows\system32\DRIVERS\ITECIRfilter.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys --> C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-17 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-24 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-17 136176]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
.
=============== Created Last 30 ================
.
2012-04-03 17:45:05 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B41523B-914F-463C-9257-11DE0FEA41D0}\offreg.dll
2012-04-03 17:43:57 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B41523B-914F-463C-9257-11DE0FEA41D0}\mpengine.dll
2012-04-03 02:16:52 -------- d-----w- C:\Users\Mike Nguyen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-03 02:02:23 -------- d-----w- C:\Users\Mike Nguyen\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2012-04-02 23:56:48 -------- d-----w- C:\Program Files\iPod
2012-04-02 23:56:47 -------- d-----w- C:\Program Files\iTunes
2012-04-02 21:59:56 -------- d-----w- C:\MoTemp
2012-03-30 18:55:46 -------- d-----w- C:\Users\Mike Nguyen\AppData\Roaming\PACE Anti-Piracy
2012-03-30 18:55:46 -------- d-----w- C:\Users\Mike Nguyen\AppData\Local\PACE Anti-Piracy
2012-03-30 18:55:46 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-03-30 16:38:55 -------- d-----w- C:\Pub_inc
2012-03-30 02:46:30 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-30 02:46:30 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-30 02:24:47 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-03-29 23:22:01 -------- d-----w- C:\Users\Mike Nguyen\Adobe Flash Builder 4.5
2012-03-29 23:13:17 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-03-29 23:13:17 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-03-29 23:13:16 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-03-29 21:17:35 -------- d-----w- C:\Users\Mike Nguyen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-29 21:16:45 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-03-29 20:58:16 152 ----a-w- C:\Users\Mike Nguyen\AppData\Roaming\2hipwscn0.bat
2012-03-29 20:58:06 -------- d-----w- C:\Users\Mike Nguyen\AppData\Local\AppCore
2012-03-23 18:10:47 -------- d-----w- C:\Users\Mike Nguyen\AppData\Local\Evernote
2012-03-23 18:10:27 -------- d-----w- C:\Program Files (x86)\Evernote
2012-03-19 19:41:32 44544 ----a-w- C:\Windows\SysWow64\agremove.exe
2012-03-19 19:37:39 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-03-17 17:58:00 -------- d-----r- C:\Program Files (x86)\Skype
2012-03-16 23:35:15 -------- d-----w- C:\MAGICDVDCOPY_TEMP
2012-03-16 23:34:46 -------- d-----w- C:\Program Files (x86)\MagicDVDCopier
2012-03-16 15:03:00 -------- d-----w- C:\Users\Mike Nguyen\AppData\Roaming\DVDFab
2012-03-15 07:03:39 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 07:03:38 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:03:38 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-15 02:22:16 -------- d-----w- C:\ProgramData\MagicSoftware
2012-03-15 02:22:02 -------- d-----w- C:\Users\Mike Nguyen\AppData\Local\MagicSoftware
2012-03-15 02:22:00 -------- d-----w- C:\Program Files (x86)\MagicDVDRipper
2012-03-14 21:34:20 -------- d-----w- C:\Users\Mike Nguyen\AppData\Roaming\MoveFab
2012-03-14 20:59:55 -------- d-----w- C:\ProgramData\dvdfab
2012-03-14 20:29:12 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt
2012-03-14 12:37:02 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 12:37:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 12:37:01 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 12:36:18 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 12:36:18 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 12:36:18 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 12:36:10 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 12:36:10 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 12:36:10 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 12:36:10 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-11 20:14:13 -------- d-----w- C:\Users\Mike Nguyen\AppData\Roaming\NeroDigital™
2012-03-11 02:17:15 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-11 02:17:15 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-11 02:17:15 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-11 02:16:33 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-11 02:16:33 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-11 02:14:32 -------- d-----w- C:\Program Files\Bonjour
2012-03-11 02:14:32 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2012-02-23 18:38:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 15:45:15.08 ===============

Attached Files


Edited by gocaps, 04 April 2012 - 02:55 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 05 April 2012 - 01:55 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gocaps

gocaps
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 05 April 2012 - 10:48 AM

Thanks for helping me again Gringo! You were a tremendous help last time around.

I will get started on this as soon as I get home from work today, thanks!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 05 April 2012 - 11:03 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gocaps

gocaps
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 05 April 2012 - 04:38 PM

I had to reboot my system after running Combofix and here is the log:

I haven't noticed any popups yet, but it has been pretty random in the past, so I can't immendiately tell. Let click around a bit and see how it goes.

----------

ComboFix 12-04-05.06 - Mike Nguyen 04/05/2012 16:50:06.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.2002 [GMT -4:00]
Running from: c:\users\Mike Nguyen\Desktop\Malware Fixing 2\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Mike Nguyen\Desktop\Internet Explorer.lnk
c:\users\Mike Nguyen\GoToAssistDownloadHelper.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 00:29 . 2012-04-05 00:29 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F812A783-EA96-49B5-AB6A-4C51870F6C1D}\offreg.dll
2012-04-04 23:36 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F812A783-EA96-49B5-AB6A-4C51870F6C1D}\mpengine.dll
2012-04-03 02:16 . 2012-04-03 02:16 -------- d-----w- c:\users\Mike Nguyen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-03 02:02 . 2012-04-03 02:02 -------- d-----w- c:\users\Mike Nguyen\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2012-04-02 23:56 . 2012-04-02 23:56 -------- d-----w- c:\program files\iPod
2012-04-02 23:56 . 2012-04-02 23:57 -------- d-----w- c:\program files\iTunes
2012-04-02 21:59 . 2012-04-02 21:59 -------- d-----w- C:\MoTemp
2012-03-30 18:55 . 2012-03-30 18:55 -------- d-----w- c:\users\Mike Nguyen\AppData\Roaming\PACE Anti-Piracy
2012-03-30 18:55 . 2012-03-30 18:55 -------- d-----w- c:\users\Mike Nguyen\AppData\Local\PACE Anti-Piracy
2012-03-30 18:55 . 2012-03-30 18:55 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-03-30 16:38 . 2012-03-30 16:38 -------- d-----w- C:\Pub_inc
2012-03-30 02:46 . 2012-03-30 02:46 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-30 02:46 . 2012-03-30 02:46 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-30 02:24 . 2012-03-30 16:41 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-29 23:22 . 2012-03-29 23:22 -------- d-----w- c:\users\Mike Nguyen\Adobe Flash Builder 4.5
2012-03-29 23:13 . 2009-06-23 07:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-03-29 23:13 . 2009-06-23 07:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-03-29 23:13 . 2012-03-29 23:13 -------- d-----w- c:\program files (x86)\My Company Name
2012-03-29 21:17 . 2012-03-29 21:17 -------- d-----w- c:\users\Mike Nguyen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-29 21:16 . 2012-03-29 21:16 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-03-29 20:58 . 2012-03-29 20:58 152 ----a-w- c:\users\Mike Nguyen\AppData\Roaming\2hipwscn0.bat
2012-03-29 20:58 . 2012-03-29 20:58 -------- d-----w- c:\users\Mike Nguyen\AppData\Local\AppCore
2012-03-23 18:10 . 2012-03-23 18:10 -------- d-----w- c:\users\Mike Nguyen\AppData\Local\Evernote
2012-03-23 18:10 . 2012-03-23 18:10 -------- d-----w- c:\program files (x86)\Evernote
2012-03-19 19:41 . 2012-03-19 19:41 44544 ----a-w- c:\windows\SysWow64\agremove.exe
2012-03-19 19:37 . 2012-03-19 19:37 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-17 17:58 . 2012-03-28 02:40 -------- d-----w- c:\users\Mike Nguyen\AppData\Roaming\Skype
2012-03-17 17:58 . 2012-03-17 17:58 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-17 17:58 . 2012-03-17 17:58 -------- d-----r- c:\program files (x86)\Skype
2012-03-17 17:57 . 2012-03-17 17:57 -------- d-----w- c:\programdata\Skype
2012-03-16 23:35 . 2012-03-17 13:34 -------- d-----w- C:\MAGICDVDCOPY_TEMP
2012-03-16 23:34 . 2012-03-16 23:35 -------- d-----w- c:\program files (x86)\MagicDVDCopier
2012-03-16 15:03 . 2012-03-16 15:03 -------- d-----w- c:\users\Mike Nguyen\AppData\Roaming\DVDFab
2012-03-15 07:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 07:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-15 02:22 . 2012-03-15 02:22 -------- d-----w- c:\programdata\MagicSoftware
2012-03-15 02:22 . 2012-03-16 23:34 -------- d-----w- c:\users\Mike Nguyen\AppData\Local\MagicSoftware
2012-03-15 02:22 . 2012-03-15 02:22 -------- d-----w- c:\program files (x86)\MagicDVDRipper
2012-03-14 21:34 . 2012-03-14 21:34 -------- d-----w- c:\users\Mike Nguyen\AppData\Roaming\MoveFab
2012-03-14 20:59 . 2012-03-14 20:59 -------- d-----w- c:\programdata\dvdfab
2012-03-14 20:29 . 2012-03-15 01:36 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt
2012-03-14 12:37 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:37 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:37 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:36 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:36 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:36 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:36 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:36 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:36 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:36 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 20:14 . 2012-03-11 20:14 -------- d-----w- c:\users\Mike Nguyen\AppData\Roaming\NeroDigital™
2012-03-11 02:17 . 2012-03-11 02:17 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-11 02:17 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-11 02:17 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-11 02:17 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-03-11 02:16 . 2012-04-02 23:57 -------- d-----w- c:\program files (x86)\iTunes
2012-03-11 02:16 . 2012-03-11 02:17 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-11 02:15 . 2012-03-11 02:15 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-11 02:14 . 2012-03-11 02:14 -------- d-----w- c:\program files\Common Files\Apple
2012-03-11 02:14 . 2012-03-11 02:14 -------- d-----w- c:\program files\Bonjour
2012-03-11 02:14 . 2012-03-11 02:14 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2011-05-25 13:25 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-23 18:38 . 2011-06-20 01:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-12 02:46 . 2012-02-12 02:47 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D92B033D-E3D8-408F-93F0-203E65D78A71}\gapaengine.dll
2012-02-06 22:02 . 2012-02-06 22:02 100168 ----a-w- c:\users\Mike Nguyen\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\en\Microsoft.Web.Deployment.UI.Client.resources.dll
2012-02-06 22:02 . 2012-02-06 22:02 603976 ----a-w- c:\users\Mike Nguyen\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\Microsoft.Web.Deployment.UI.Client.dll
2012-02-06 22:02 . 2012-02-06 22:02 117504 ----a-w- c:\users\Mike Nguyen\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.Rewrite.Client_7.2.2.1_31bf3856ad364e35\en\Microsoft.Web.Management.Rewrite.Client.resources.dll
2012-02-06 22:02 . 2012-02-06 22:02 547584 ----a-w- c:\users\Mike Nguyen\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.Rewrite.Client_7.2.2.1_31bf3856ad364e35\Microsoft.Web.Management.Rewrite.Client.dll
2012-01-31 12:44 . 2010-02-23 20:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-17 39408]
"ACFinder"="c:\users\Mike Nguyen\AppData\Local\AppCore\ACFinder\ACFinder.exe" [2012-03-29 47616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Mike Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-3-21 1014112]
hpqtra08.exe [2009-9-20 270336]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-22 984936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-25 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 Normandy;Normandy SR2; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 M4-Service;M4-Service;c:\users\Mike Nguyen\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-01-16 1007472]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [x]
S3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);c:\windows\system32\DRIVERS\dlcdbus.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;c:\windows\system32\DRIVERS\lan9500-x64-n51f.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 17:14]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 17:14]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1699540554-3794504054-1008305839-1000Core.job
- c:\users\Mike Nguyen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 23:28]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1699540554-3794504054-1008305839-1000UA.job
- c:\users\Mike Nguyen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 23:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-23 171520]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-04-09 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-09 3216544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\System32\blank.htm
uStart Page = hxxp://www.washingtonpost.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: army.mil\www.us
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mike Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\btmoiaw9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.washingtonpost.com/regional
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\users\Mike Nguyen\AppData\Roaming\Mikogo 4\M4-Capture.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-04-05 17:11:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 21:11
.
Pre-Run: 164,166,144,000 bytes free
Post-Run: 169,178,112,000 bytes free
.
- - End Of File - - B46FDA9D33BA8A3F93E84C83CA6AA7B1

#6 gocaps

gocaps
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 05 April 2012 - 04:41 PM

After posting the last reply, I opened up IE and navigated to Yahoo.com and the popup came up again. I attached a screenshot.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 05 April 2012 - 04:54 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gocaps

gocaps
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 05 April 2012 - 08:55 PM

Here is the log from Farbar:

----------
Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 05-04-2012 21:48:05
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2010-02-23] (Sun Microsystems, Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-04-08] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1532760 2011-06-14] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Mike Nguyen\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-17] (Google Inc.)
HKU\Mike Nguyen\...\Run: [ACFinder] "C:\Users\Mike Nguyen\AppData\Local\AppCore\ACFinder\ACFinder.exe" [47616 2012-03-29] (CDIS)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
4 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2010-09-13] (Amazon.com)
2 AppHostSvc; C:\Windows\SysWow64\inetsrv\apphostsvc.dll [61440 2010-11-20] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [9663848 2011-04-10] (DisplayLink Corp.)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2010-02-24] (Acresso Software Inc.)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
2 LVPrcS64; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [191000 2009-10-06] (Logitech Inc.)
2 M4-Service; C:\Users\Mike Nguyen\AppData\Roaming\Mikogo 4\M4-Service.exe [1007472 2012-01-16] ()
2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-09-23] (Nero AG)
2 QBCFMonitorService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [45056 2011-12-22] (Intuit)
3 QBFCService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2008-11-18] (Intuit Inc.)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
3 WAS; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\System32\Drivers\adfs.sys [88632 2008-06-27] (Adobe Systems, Inc.)
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)
3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6233088 2010-01-22] (ATI Technologies Inc.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [6144 2009-01-29] (Motorola Inc)
3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [17408 2011-06-11] (http://libusb-win32.sourceforge.net)
3 dlcdbus; C:\Windows\System32\Drivers\dlcdbus.sys [116224 2010-11-25] (MCCI Corporation)
3 dlkmd; C:\Windows\System32\Drivers\dlkmd.sys [206960 2011-04-10] (DisplayLink Corp.)
0 dlkmdldr; C:\Windows\System32\Drivers\dlkmdldr.sys [13936 2011-04-10] (DisplayLink Corp.)
3 itecir; C:\Windows\System32\Drivers\itecir.sys [69736 2010-07-13] (ITE Tech. Inc. )
3 ITECIRfilter; C:\Windows\System32\Drivers\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x64-n51f.sys [72192 2011-05-04] (SMSC)
3 lvpepf64; C:\Windows\System32\DRIVERS\lv302a64.sys [15896 2009-04-30] (Logitech Inc.)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 motccgp; C:\Windows\System32\Drivers\motccgp.sys [20992 2010-06-18] (Motorola)
3 motccgpfl; C:\Windows\System32\Drivers\motccgpfl.sys [9216 2009-01-29] (Motorola)
3 motmodem; C:\Windows\System32\Drivers\motmodem.sys [30208 2010-06-18] (Motorola)
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [8576 2007-11-02] (Motorola)
3 Motousbnet; C:\Windows\System32\Drivers\Motousbnet.sys [26624 2010-04-01] (Motorola)
3 motusbdevice; C:\Windows\System32\Drivers\motusbdevice.sys [10240 2010-01-25] (Motorola Inc)
3 Normandy; C:\Windows\SysWow64\Drivers\Normandy.sys [34560 2011-05-30] ()
3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V64.SYS [2755096 2009-04-30] (Logitech Inc.)
4 RsFx0151; C:\Windows\System32\Drivers\RsFx0151.sys [313696 2011-06-17] (Microsoft Corporation)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-05 13:11 - 2012-04-05 13:11 - 0029614 ____A C:\ComboFix.txt
2012-04-05 13:05 - 2012-04-05 13:05 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-05 12:48 - 2012-04-05 13:11 - 0000000 ____D C:\Qoobox
2012-04-05 12:48 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-05 12:48 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-05 12:48 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-05 12:48 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-05 12:48 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-05 12:48 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-05 12:48 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-05 12:48 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-04 11:43 - 2012-04-04 11:43 - 0000000 ____A C:\Users\Mike Nguyen\defogger_reenable
2012-04-04 11:39 - 2012-04-05 14:43 - 0000000 ____D C:\Users\Mike Nguyen\Desktop\Malware Fixing 2
2012-04-04 07:44 - 2012-04-04 07:44 - 0790698 ____A C:\Users\Mike Nguyen\Desktop\CSFT-20120404.zip
2012-04-02 18:16 - 2012-04-02 18:16 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-02 18:02 - 2012-04-02 18:02 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2012-04-02 15:57 - 2012-04-02 15:57 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-02 15:56 - 2012-04-02 15:57 - 0000000 ____D C:\Program Files\iTunes
2012-04-02 15:56 - 2012-04-02 15:56 - 0000000 ____D C:\Program Files\iPod
2012-04-02 13:59 - 2012-04-02 14:00 - 0000868 ____A C:\Users\Mike Nguyen\.imagineer_log.txt
2012-04-02 13:59 - 2012-04-02 13:59 - 0000000 ____D C:\MoTemp
2012-04-02 06:47 - 2012-04-02 06:47 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-02 05:21 - 2011-01-22 18:27 - 0001838 ____A C:\Users\Mike Nguyen\Desktop\Mike
2012-03-30 10:55 - 2012-03-30 10:55 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\PACE Anti-Piracy
2012-03-30 10:55 - 2012-03-30 10:55 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\PACE Anti-Piracy
2012-03-30 10:55 - 2012-03-30 10:55 - 0000000 ____D C:\Users\All Users\PACE Anti-Piracy
2012-03-30 10:55 - 2012-03-30 10:55 - 0000000 ____D C:\ProgramData\PACE Anti-Piracy
2012-03-30 10:41 - 2012-04-05 13:05 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-30 10:25 - 2011-06-10 17:25 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts_03302012
2012-03-30 08:38 - 2012-03-30 08:38 - 0000000 ____D C:\Pub_inc
2012-03-29 18:43 - 2012-03-30 10:52 - 0000000 ____D C:\Users\Mike Nguyen\Documents\Adobe Captivate Cached Projects
2012-03-29 18:43 - 2012-03-29 18:43 - 0000000 ____D C:\Users\Mike Nguyen\Documents\My Adobe Captivate Projects
2012-03-29 18:24 - 2012-03-30 08:41 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-03-29 18:24 - 2012-03-30 08:41 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-03-29 15:22 - 2012-03-29 15:22 - 0000000 ____D C:\Users\Mike Nguyen\Adobe Flash Builder 4.5
2012-03-29 15:13 - 2012-03-29 15:13 - 0000000 ____D C:\Program Files (x86)\My Company Name
2012-03-29 15:13 - 2009-06-22 23:00 - 0010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
2012-03-29 15:13 - 2009-06-22 23:00 - 0010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
2012-03-29 13:17 - 2012-03-29 13:17 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-29 13:16 - 2012-03-29 13:16 - 0000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2012-03-29 12:58 - 2012-03-29 12:58 - 0000152 ____A C:\Users\Mike Nguyen\AppData\Roaming\2hipwscn0.bat
2012-03-29 12:58 - 2012-03-29 12:58 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\AppCore
2012-03-27 12:10 - 2012-03-27 12:10 - 0010792 ____A C:\Users\Mike Nguyen\Documents\VASTUDIO_ClientList_ByDollar_ByYear_09272011.pdf
2012-03-23 10:14 - 2012-03-23 10:14 - 0001133 ____A C:\Users\Mike Nguyen\Start Menu\Programs\Startup\EvernoteClipper.lnk
2012-03-23 10:14 - 2012-03-23 10:14 - 0001133 ____A C:\Users\Mike Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
2012-03-23 10:10 - 2012-03-23 10:10 - 0000936 ____A C:\Users\Mike Nguyen\Desktop\Evernote.lnk
2012-03-23 10:10 - 2012-03-23 10:10 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\Evernote
2012-03-23 10:10 - 2012-03-23 10:10 - 0000000 ____D C:\Program Files (x86)\Evernote
2012-03-19 11:41 - 2012-03-19 11:41 - 0044544 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\agremove.exe
2012-03-19 11:37 - 2012-03-19 11:37 - 0017920 ____A C:\Windows\System32\rpcnetp.exe
2012-03-18 10:14 - 2012-03-18 10:14 - 0029696 ____A C:\Users\Mike Nguyen\Documents\DOL_WAMD_Volume_I_Project&ProgramManagement_03182012_mtn.doc
2012-03-17 09:58 - 2012-03-27 18:40 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\Skype
2012-03-17 09:58 - 2012-03-17 09:58 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-03-17 09:58 - 2012-03-17 09:58 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-17 09:57 - 2012-03-17 09:57 - 0000000 ____D C:\Users\All Users\Skype
2012-03-17 09:57 - 2012-03-17 09:57 - 0000000 ____D C:\ProgramData\Skype
2012-03-16 15:35 - 2012-03-17 05:34 - 0000000 ____D C:\MAGICDVDCOPY_TEMP
2012-03-16 15:35 - 2012-03-16 15:35 - 0001911 ____A C:\Users\Mike Nguyen\Desktop\Magic DVD Copier.lnk
2012-03-16 15:34 - 2012-03-16 15:35 - 0000000 ____D C:\Program Files (x86)\MagicDVDCopier
2012-03-16 07:03 - 2012-03-16 07:03 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\DVDFab
2012-03-14 23:03 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 23:03 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 23:03 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-14 18:35 - 2012-03-18 17:48 - 0000000 ____D C:\Users\Mike Nguyen\Documents\Magic DVD Ripper
2012-03-14 18:22 - 2012-03-16 15:34 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\MagicSoftware
2012-03-14 18:22 - 2012-03-14 18:22 - 0001911 ____A C:\Users\Mike Nguyen\Desktop\Magic DVD Ripper.lnk
2012-03-14 18:22 - 2012-03-14 18:22 - 0000000 ____D C:\Users\All Users\MagicSoftware
2012-03-14 18:22 - 2012-03-14 18:22 - 0000000 ____D C:\ProgramData\MagicSoftware
2012-03-14 18:22 - 2012-03-14 18:22 - 0000000 ____D C:\Program Files (x86)\MagicDVDRipper
2012-03-14 13:34 - 2012-03-14 13:34 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\MoveFab
2012-03-14 12:59 - 2012-03-14 12:59 - 0000000 ____D C:\Users\All Users\dvdfab
2012-03-14 12:59 - 2012-03-14 12:59 - 0000000 ____D C:\ProgramData\dvdfab
2012-03-14 12:29 - 2012-03-14 17:36 - 0000000 ____D C:\Program Files (x86)\DVDFab 8 Qt
2012-03-14 12:29 - 2012-03-14 13:27 - 0000000 ____D C:\Users\Mike Nguyen\Documents\DVDFab
2012-03-14 12:29 - 2012-03-14 12:29 - 0001059 ____A C:\Users\Mike Nguyen\Desktop\DVDFab Profile Editor.lnk
2012-03-14 12:29 - 2012-03-14 12:29 - 0001022 ____A C:\Users\Mike Nguyen\Desktop\DVDFab 8 Qt.lnk
2012-03-14 04:37 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-14 04:37 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-14 04:37 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-14 04:36 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-14 04:36 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-14 04:36 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-14 04:36 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-14 04:36 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-14 04:36 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-14 04:36 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-11 12:14 - 2012-03-11 12:14 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\NeroDigital™
2012-03-10 18:17 - 2009-05-18 10:17 - 0034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-03-10 18:17 - 2008-04-17 09:12 - 0126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-03-10 18:17 - 2008-04-17 09:12 - 0107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-03-10 18:16 - 2012-04-02 15:57 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-10 18:16 - 2012-03-10 18:17 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-10 18:16 - 2012-03-10 18:17 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-10 18:15 - 2012-03-10 18:15 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-10 18:14 - 2012-03-10 18:14 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-10 18:14 - 2012-03-10 18:14 - 0000000 ____D C:\Program Files\Bonjour
2012-03-10 18:14 - 2012-03-10 18:14 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-03-07 12:05 - 2012-03-07 12:05 - 0490368 ____A C:\Windows\Minidump\030712-29796-01.dmp


============ 3 Months Modified Files and Folders =============

2012-04-05 21:48 - 2012-04-05 21:47 - 0000000 ____D C:\FRST
2012-04-05 17:39 - 2010-08-31 11:13 - 0000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1699540554-3794504054-1008305839-1000Core.job
2012-04-05 17:39 - 2010-03-02 07:58 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\TSVNCache
2012-04-05 17:39 - 2009-07-13 21:10 - 1573714 ____A C:\Windows\WindowsUpdate.log
2012-04-05 17:35 - 2012-02-24 19:20 - 0000000 ____D C:\Users\Mike Nguyen\Documents\Outlook Files
2012-04-05 17:12 - 2010-08-31 11:13 - 0000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1699540554-3794504054-1008305839-1000UA.job
2012-04-05 17:03 - 2011-05-17 09:14 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-05 16:03 - 2011-05-17 09:14 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-05 14:45 - 2009-07-13 21:13 - 0916950 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-05 14:43 - 2012-04-04 11:39 - 0000000 ____D C:\Users\Mike Nguyen\Desktop\Malware Fixing 2
2012-04-05 13:37 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-05 13:37 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-05 13:28 - 2010-02-23 14:47 - 3212181504 __ASH C:\hiberfil.sys
2012-04-05 13:28 - 2010-02-23 14:47 - 0219788 ____A C:\Windows\PFRO.log
2012-04-05 13:28 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-05 13:28 - 2009-07-13 20:51 - 0125974 ____A C:\Windows\setupact.log
2012-04-05 13:11 - 2012-04-05 13:11 - 0029614 ____A C:\ComboFix.txt
2012-04-05 13:11 - 2012-04-05 12:48 - 0000000 ____D C:\Qoobox
2012-04-05 13:05 - 2012-04-05 13:05 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-05 13:05 - 2012-03-30 10:41 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-05 13:05 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-05 13:02 - 2011-05-18 07:40 - 0000000 ____D C:\Windows\ERDNT
2012-04-05 13:01 - 2010-02-23 12:11 - 0000000 ____D C:\users\Mike Nguyen
2012-04-04 12:04 - 2010-03-02 06:51 - 0000000 ____D C:\Users\Mike Nguyen\My Apps
2012-04-04 11:43 - 2012-04-04 11:43 - 0000000 ____A C:\Users\Mike Nguyen\defogger_reenable
2012-04-04 10:47 - 2010-03-01 11:49 - 0000000 ____D C:\Users\Mike Nguyen\Documents\My QuickBooks
2012-04-04 07:44 - 2012-04-04 07:44 - 0790698 ____A C:\Users\Mike Nguyen\Desktop\CSFT-20120404.zip
2012-04-02 18:16 - 2012-04-02 18:16 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-02 18:11 - 2010-02-26 06:32 - 0000000 ____D C:\Users\Mike Nguyen\Documents\Adobe
2012-04-02 18:02 - 2012-04-02 18:02 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2012-04-02 18:02 - 2010-02-23 12:44 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\Adobe
2012-04-02 15:57 - 2012-04-02 15:57 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-02 15:57 - 2012-04-02 15:56 - 0000000 ____D C:\Program Files\iTunes
2012-04-02 15:57 - 2012-03-10 18:16 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-02 15:56 - 2012-04-02 15:56 - 0000000 ____D C:\Program Files\iPod
2012-04-02 14:00 - 2012-04-02 13:59 - 0000868 ____A C:\Users\Mike Nguyen\.imagineer_log.txt
2012-04-02 13:59 - 2012-04-02 13:59 - 0000000 ____D C:\MoTemp
2012-04-02 06:47 - 2012-04-02 06:47 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-02 06:47 - 2011-06-10 19:13 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-02 05:35 - 2012-02-14 12:39 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\Mikogo 4
2012-04-01 06:41 - 2010-02-24 18:44 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\Adobe
2012-03-30 11:01 - 2011-11-16 15:54 - 0001298 ____A C:\Users\Mike Nguyen\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-03-30 11:01 - 2011-11-16 15:54 - 0001298 ____A C:\Users\Mike Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-03-30 10:57 - 2010-10-20 13:10 - 0000000 __AHD C:\Users\Mike Nguyen\AppData\Local\46ENLeBzuy8
2012-03-30 10:55 - 2012-03-30 10:55 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\PACE Anti-Piracy
2012-03-30 10:55 - 2012-03-30 10:55 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\PACE Anti-Piracy
2012-03-30 10:55 - 2012-03-30 10:55 - 0000000 ____D C:\Users\All Users\PACE Anti-Piracy
2012-03-30 10:55 - 2012-03-30 10:55 - 0000000 ____D C:\ProgramData\PACE Anti-Piracy
2012-03-30 10:55 - 2011-05-29 21:20 - 0000000 ___HD C:\Users\Mike Nguyen\AppData\Local\8pwWkoJpYbhlW
2012-03-30 10:52 - 2012-03-29 18:43 - 0000000 ____D C:\Users\Mike Nguyen\Documents\Adobe Captivate Cached Projects
2012-03-30 08:50 - 2009-07-13 20:45 - 5065912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-30 08:41 - 2012-03-29 18:24 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-03-30 08:41 - 2012-03-29 18:24 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-03-30 08:38 - 2012-03-30 08:38 - 0000000 ____D C:\Pub_inc
2012-03-29 18:46 - 2010-03-10 12:44 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-29 18:43 - 2012-03-29 18:43 - 0000000 ____D C:\Users\Mike Nguyen\Documents\My Adobe Captivate Projects
2012-03-29 18:39 - 2010-02-24 18:48 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-29 18:39 - 2010-02-24 18:48 - 0000000 ____D C:\ProgramData\Adobe
2012-03-29 18:39 - 2010-02-24 18:45 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-29 18:36 - 2010-02-23 12:13 - 0115680 ____A C:\Users\Mike Nguyen\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-29 15:35 - 2010-02-24 19:15 - 0000000 ____D C:\Program Files\Adobe
2012-03-29 15:35 - 2010-02-24 18:46 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-03-29 15:22 - 2012-03-29 15:22 - 0000000 ____D C:\Users\Mike Nguyen\Adobe Flash Builder 4.5
2012-03-29 15:13 - 2012-03-29 15:13 - 0000000 ____D C:\Program Files (x86)\My Company Name
2012-03-29 13:17 - 2012-03-29 13:17 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-29 13:16 - 2012-03-29 13:16 - 0000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2012-03-29 12:58 - 2012-03-29 12:58 - 0000152 ____A C:\Users\Mike Nguyen\AppData\Roaming\2hipwscn0.bat
2012-03-29 12:58 - 2012-03-29 12:58 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\AppCore
2012-03-27 18:40 - 2012-03-17 09:58 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\Skype
2012-03-27 18:25 - 2011-05-18 06:30 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\FileZilla
2012-03-27 12:10 - 2012-03-27 12:10 - 0010792 ____A C:\Users\Mike Nguyen\Documents\VASTUDIO_ClientList_ByDollar_ByYear_09272011.pdf
2012-03-27 07:21 - 2010-03-13 18:03 - 0000000 ____D C:\Users\Mike Nguyen\Documents\TurboTax
2012-03-23 10:14 - 2012-03-23 10:14 - 0001133 ____A C:\Users\Mike Nguyen\Start Menu\Programs\Startup\EvernoteClipper.lnk
2012-03-23 10:14 - 2012-03-23 10:14 - 0001133 ____A C:\Users\Mike Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
2012-03-23 10:10 - 2012-03-23 10:10 - 0000936 ____A C:\Users\Mike Nguyen\Desktop\Evernote.lnk
2012-03-23 10:10 - 2012-03-23 10:10 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\Evernote
2012-03-23 10:10 - 2012-03-23 10:10 - 0000000 ____D C:\Program Files (x86)\Evernote
2012-03-23 10:10 - 2010-02-23 12:11 - 0000000 ____D C:\Users\Mike Nguyen\AppData\LocalLow
2012-03-20 17:29 - 2011-06-14 18:22 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-03-20 17:29 - 2011-06-14 18:22 - 0000000 ____D C:\Program Files (x86)\Safari
2012-03-19 11:41 - 2012-03-19 11:41 - 0044544 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\agremove.exe
2012-03-19 11:37 - 2012-03-19 11:37 - 0017920 ____A C:\Windows\System32\rpcnetp.exe
2012-03-18 17:48 - 2012-03-14 18:35 - 0000000 ____D C:\Users\Mike Nguyen\Documents\Magic DVD Ripper
2012-03-18 10:14 - 2012-03-18 10:14 - 0029696 ____A C:\Users\Mike Nguyen\Documents\DOL_WAMD_Volume_I_Project&ProgramManagement_03182012_mtn.doc
2012-03-17 09:58 - 2012-03-17 09:58 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-03-17 09:58 - 2012-03-17 09:58 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-17 09:57 - 2012-03-17 09:57 - 0000000 ____D C:\Users\All Users\Skype
2012-03-17 09:57 - 2012-03-17 09:57 - 0000000 ____D C:\ProgramData\Skype
2012-03-17 05:34 - 2012-03-16 15:35 - 0000000 ____D C:\MAGICDVDCOPY_TEMP
2012-03-16 15:35 - 2012-03-16 15:35 - 0001911 ____A C:\Users\Mike Nguyen\Desktop\Magic DVD Copier.lnk
2012-03-16 15:35 - 2012-03-16 15:34 - 0000000 ____D C:\Program Files (x86)\MagicDVDCopier
2012-03-16 15:34 - 2012-03-14 18:22 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\MagicSoftware
2012-03-16 07:03 - 2012-03-16 07:03 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\DVDFab
2012-03-15 04:36 - 2010-02-28 07:18 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\Google
2012-03-14 23:01 - 2010-02-23 13:23 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-14 23:00 - 2010-02-23 19:28 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-14 23:00 - 2010-02-23 19:28 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-14 18:22 - 2012-03-14 18:22 - 0001911 ____A C:\Users\Mike Nguyen\Desktop\Magic DVD Ripper.lnk
2012-03-14 18:22 - 2012-03-14 18:22 - 0000000 ____D C:\Users\All Users\MagicSoftware
2012-03-14 18:22 - 2012-03-14 18:22 - 0000000 ____D C:\ProgramData\MagicSoftware
2012-03-14 18:22 - 2012-03-14 18:22 - 0000000 ____D C:\Program Files (x86)\MagicDVDRipper
2012-03-14 17:36 - 2012-03-14 12:29 - 0000000 ____D C:\Program Files (x86)\DVDFab 8 Qt
2012-03-14 13:34 - 2012-03-14 13:34 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\MoveFab
2012-03-14 13:27 - 2012-03-14 12:29 - 0000000 ____D C:\Users\Mike Nguyen\Documents\DVDFab
2012-03-14 12:59 - 2012-03-14 12:59 - 0000000 ____D C:\Users\All Users\dvdfab
2012-03-14 12:59 - 2012-03-14 12:59 - 0000000 ____D C:\ProgramData\dvdfab
2012-03-14 12:29 - 2012-03-14 12:29 - 0001059 ____A C:\Users\Mike Nguyen\Desktop\DVDFab Profile Editor.lnk
2012-03-14 12:29 - 2012-03-14 12:29 - 0001022 ____A C:\Users\Mike Nguyen\Desktop\DVDFab 8 Qt.lnk
2012-03-12 23:06 - 2010-02-24 06:22 - 0911166 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-11 12:14 - 2012-03-11 12:14 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\NeroDigital™
2012-03-11 05:27 - 2011-06-14 18:23 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Roaming\Apple Computer
2012-03-10 20:10 - 2010-07-10 17:57 - 0000172 ____A C:\Users\Mike Nguyen\AppData\Roaming\default.rss
2012-03-10 18:17 - 2012-03-10 18:16 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-10 18:17 - 2012-03-10 18:16 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-10 18:17 - 2011-06-14 18:23 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\Apple Computer
2012-03-10 18:16 - 2010-09-18 07:44 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-03-10 18:16 - 2010-09-18 07:44 - 0000000 ____D C:\ProgramData\Apple Computer
2012-03-10 18:15 - 2012-03-10 18:15 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-10 18:15 - 2010-09-18 07:43 - 0000000 ____D C:\Users\All Users\Apple
2012-03-10 18:15 - 2010-09-18 07:43 - 0000000 ____D C:\ProgramData\Apple
2012-03-10 18:14 - 2012-03-10 18:14 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-10 18:14 - 2012-03-10 18:14 - 0000000 ____D C:\Program Files\Bonjour
2012-03-10 18:14 - 2012-03-10 18:14 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-03-07 12:05 - 2012-03-07 12:05 - 0490368 ____A C:\Windows\Minidump\030712-29796-01.dmp
2012-03-07 12:05 - 2010-03-23 16:01 - 0000000 ____D C:\Windows\Minidump
2012-03-07 12:04 - 2012-02-07 07:57 - 618554544 ____A C:\Windows\MEMORY.DMP
2012-03-07 09:48 - 2010-09-26 06:42 - 0000000 ____D C:\Users\Mike Nguyen\Documents\My Web Projects
2012-03-05 19:04 - 2010-03-01 11:40 - 0000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-03-05 10:22 - 2012-03-02 12:59 - 0000469 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-03-05 10:22 - 2012-03-02 12:59 - 0000469 ____A C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-03-05 08:28 - 2011-06-14 18:51 - 0000000 ____D C:\Program Files (x86)\SWiSH Max4
2012-03-02 12:58 - 2012-03-02 12:58 - 0002531 ____A C:\Users\Public\Desktop\TurboTax 2011.lnk
2012-03-02 12:56 - 2010-03-13 17:55 - 0000000 ____D C:\Program Files (x86)\TurboTax
2012-02-29 07:50 - 2012-02-29 07:30 - 0000000 ____D C:\Program Files\TortoiseSVN
2012-02-29 07:50 - 2012-02-29 07:30 - 0000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2012-02-27 16:01 - 2012-02-27 16:01 - 24515617 ____A C:\Users\Mike Nguyen\Documents\2012-02-27_17-50-46_920.3gp
2012-02-23 10:38 - 2011-06-19 17:55 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-18 08:35 - 2012-02-18 08:35 - 0027655 ____A C:\Users\Mike Nguyen\Desktop\BaltimoreAcquarium_02182012.pdf
2012-02-16 22:38 - 2012-03-14 04:36 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 04:36 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 04:36 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 04:36 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 06:26 - 2011-09-29 05:15 - 0001895 ____A C:\Users\Mike Nguyen\Desktop\Verizon V CAST Media Manager.lnk
2012-02-16 04:58 - 2010-02-23 12:12 - 0000174 ___SH C:\Users\Mike Nguyen\Start Menu\Programs\Startup\desktop.ini
2012-02-16 04:58 - 2010-02-23 12:12 - 0000174 ___SH C:\Users\Mike Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 08:01 - 2012-02-15 08:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 08:01 - 2012-02-15 08:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-02-15 06:47 - 2012-02-15 06:47 - 5342072 ____A C:\Users\Mike Nguyen\Desktop\mikogo-viewer.exe
2012-02-14 19:32 - 2012-02-14 19:32 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\Mikogo4
2012-02-14 15:14 - 2012-02-14 15:14 - 0000000 ____D C:\Users\Mike Nguyen\Documents\Mikogo
2012-02-14 12:50 - 2012-02-14 12:39 - 0000928 ____A C:\Users\Mike Nguyen\Desktop\Mikogo 4.lnk
2012-02-14 08:20 - 2012-02-14 08:20 - 1366258 ____A C:\Users\Mike Nguyen\Desktop\UIC Files.zip
2012-02-13 06:19 - 2010-02-23 12:57 - 0000000 ____D C:\Program Files\Dell
2012-02-13 05:43 - 2010-07-30 10:17 - 0000000 ____D C:\Users\Mike Nguyen\Downloads\Dell Downloads
2012-02-13 05:38 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-02-09 22:36 - 2012-03-14 04:37 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-14 04:37 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 19:47 - 2012-02-09 19:44 - 0035328 ____A C:\Users\Mike Nguyen\Desktop\ALMS Capabilities Investigation 9FEB2012_mtn.doc
2012-02-09 18:57 - 2012-02-09 18:57 - 0075264 ____A C:\Users\Mike Nguyen\Desktop\ALMS Capabilities Investigation 9FEB2012.doc
2012-02-07 07:57 - 2012-02-07 07:57 - 0300232 ____A C:\Windows\Minidump\020712-28360-01.dmp
2012-02-06 11:55 - 2011-09-22 05:48 - 0000000 ____D C:\Program Files\IIS
2012-02-04 11:15 - 2011-05-18 06:30 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-02-04 06:00 - 2010-03-03 08:02 - 0000000 ____D C:\Users\Mike Nguyen\Documents\_VASTUDIO
2012-02-03 10:31 - 2010-04-07 05:51 - 0000000 ____D C:\Users\Mike Nguyen\Documents\Mike's Stuff
2012-02-02 20:34 - 2012-03-14 04:37 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 07:36 - 2011-01-25 10:52 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\Axure
2012-02-01 06:20 - 2012-02-01 06:20 - 6392368 ____A C:\Users\Mike Nguyen\Desktop\NEW_PROGENY.txt
2012-02-01 06:18 - 2012-02-01 06:18 - 1257904 ____A C:\Users\Mike Nguyen\Desktop\NEW_UICTREE.txt
2012-01-31 04:44 - 2010-02-23 12:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-26 06:51 - 2010-02-23 19:28 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\Microsoft Help
2012-01-24 22:38 - 2012-03-14 04:36 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-14 04:36 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-14 04:36 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-20 06:04 - 2012-01-20 06:03 - 0231424 ____A C:\Users\Mike Nguyen\Desktop\NETCENTS Pricing Template Revised 8-23-11_CONVERTED.xls
2012-01-18 08:34 - 2011-01-24 15:01 - 0000000 ____D C:\Users\Mike Nguyen\Documents\System Stuff
2012-01-18 08:02 - 2010-02-23 12:11 - 0000000 ____D C:\Users\Mike Nguyen\AppData\Local\VirtualStore
2012-01-13 06:17 - 2011-04-20 10:12 - 0000000 ____D C:\_AcroTemp
2012-01-12 09:20 - 2012-01-12 09:20 - 1167360 ____A C:\Users\Mike Nguyen\Desktop\BROCHURE.doc
2012-01-12 06:25 - 2012-01-12 06:25 - 0000000 ____D C:\18410284afc06cacd2
2012-01-11 07:32 - 2010-03-02 07:35 - 0000000 ____D C:\Users\Mike Nguyen\Documents\_KEYMIND
2012-01-10 09:27 - 2011-09-22 07:20 - 0000000 ____D C:\Users\Mike Nguyen\Documents\SQL Server Management Studio

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4084.5 MB
Available physical RAM: 3365.79 MB
Total Pagefile: 4082.65 MB
Available Pagefile: 3334.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:456.58 GB) (Free:157.53 GB) NTFS
3 Drive f: (FUJIFILM1GB) (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT32
4 Drive g: (Kensington Dock) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:9.12 GB) (Free:6.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1002 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 54 MB 31 KB
Partition 2 Primary 9 GB 55 MB
Partition 3 Primary 456 GB 9 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 54 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 9 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 456 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1002 MB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FUJIFILM1GB FAT32 Removable 1002 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-29 20:44

======================= End Of Log ==========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 05 April 2012 - 09:12 PM

Hello


In which browsers does this happen in - I want you to check all that are installed on the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gocaps

gocaps
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 05 April 2012 - 09:22 PM

So far, it's been IE (v8). I have Firefox(v11), but I rarely use it.

Edited by gocaps, 05 April 2012 - 09:23 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 05 April 2012 - 09:37 PM

I want you to run IE without addons to see if you still get the redirects - http://www.askdrtech.com/solutions/post/How-to-run-IE8-without-add-ons.aspx

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gocaps

gocaps
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 05 April 2012 - 09:43 PM

Well, they're not really redirects. I able to open a website, but then a weird browser window pops-up with a person speaking about the advertisement. The window doesn't have an address bar, tool bars, menu, etc.

I will try what you recommended.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 05 April 2012 - 09:49 PM

ok let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gocaps

gocaps
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 06 April 2012 - 07:58 AM

Ok, tried browsing last night with IE (no add-on) mode and didn't notice anything. Then this morning, I just tried to browse the same website and the browser window popped up again.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 06 April 2012 - 01:35 PM

Hello


i would like you to go here - http://support.microsoft.com/kb/923737 and click on the fixit button and then restart the computer


then when the computer comes back on check for any redirects and let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users