Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirecting in Chrome


  • This topic is locked This topic is locked
2 replies to this topic

#1 StarSpangledBanner

StarSpangledBanner

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 07 April 2012 - 11:35 AM

Hello, how are you?
I am having a redirect on Google searches in Google Chrome. I had the famous Olmarik.TDL4 Virus and manged to get rid of it with TDSS Killer.
I am still getting Google redirects though. I ran a Nod32 scan, Spybot and Malware Bytes and I still am getting the redirects. I also cleaned up my hosts file just to have the local host. Please help me, I ran DDS and I got this report:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Matt at 12:30:56 on 2012-04-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4144 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{06A9ACC3-2BDE-45E4-9C41-BD666D04372B} : DhcpNameServer = 75.75.75.75 75.75.76.76 8.8.8.8
TCP: Interfaces\{5F41C00A-C538-4CE4-AB4D-BC16134DE556} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{873BA49B-FE95-4FCD-A7F3-5FEB8C1260FA} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{873BA49B-FE95-4FCD-A7F3-5FEB8C1260FA}\24456575946494 : DhcpNameServer = 208.67.222.222 208.67.220.220 4.2.2.2
TCP: Interfaces\{873BA49B-FE95-4FCD-A7F3-5FEB8C1260FA}\341647A72557C656 : DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{873BA49B-FE95-4FCD-A7F3-5FEB8C1260FA}\34963736F63353733363 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{873BA49B-FE95-4FCD-A7F3-5FEB8C1260FA}\368616D6073747574656E647 : DhcpNameServer = 216.93.145.253 216.93.145.247
TCP: Interfaces\{873BA49B-FE95-4FCD-A7F3-5FEB8C1260FA}\3747574656E647 : DhcpNameServer = 216.93.145.253 216.93.145.247
TCP: Interfaces\{873BA49B-FE95-4FCD-A7F3-5FEB8C1260FA}\4586560294E6475627E656473723 : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{873BA49B-FE95-4FCD-A7F3-5FEB8C1260FA}\C696E6B6379737 : DhcpNameServer = 68.87.71.230 68.87.73.246
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-23 89600]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-8 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-3-17 265544]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-23 13336]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-23 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 253600]
S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-07 16:22:44 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{023F1BB4-2013-4E15-A44B-C99AE990A600}\offreg.dll
2012-04-07 16:20:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-07 15:29:55 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-07 15:23:14 98816 ----a-w- C:\Windows\sed.exe
2012-04-07 15:23:14 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-07 15:23:14 256000 ----a-w- C:\Windows\PEV.exe
2012-04-07 15:23:14 208896 ----a-w- C:\Windows\MBR.exe
2012-04-07 01:47:40 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-03 17:42:04 -------- d-----r- C:\Users\Matt\Dropbox
2012-04-03 17:40:32 -------- d-----w- C:\Users\Matt\AppData\Roaming\Dropbox
2012-04-01 23:51:45 62064 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2012-04-01 23:51:20 432752 ----a-w- C:\Windows\SysWow64\vmnat.exe
2012-04-01 23:51:20 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2012-04-01 23:51:18 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2012-04-01 23:51:15 942192 ----a-w- C:\Windows\System32\vnetlib64.dll
2012-04-01 23:51:06 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2012-04-01 23:50:28 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2012-04-01 23:49:58 -------- d-----w- C:\Program Files\Common Files\VMware
2012-04-01 23:46:06 -------- d-----w- C:\Users\Matt\AppData\Roaming\Chrome
2012-04-01 00:38:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-01 00:38:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-27 15:16:08 -------- d-----w- C:\Users\Matt\AppData\Local\{A47D9398-7EDA-43BA-BDBB-BBFE4461985D}
2012-03-27 02:29:47 -------- d-----w- C:\Windows\en
2012-03-27 02:26:46 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e06df161cd0bc101\DSETUP.dll
2012-03-27 02:26:46 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e06df161cd0bc101\DXSETUP.exe
2012-03-27 02:26:46 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e06df161cd0bc101\dsetup32.dll
2012-03-26 02:55:56 -------- d-----w- C:\Program Files\iPod
2012-03-26 02:55:55 -------- d-----w- C:\Program Files\iTunes
2012-03-26 02:55:55 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-26 00:28:34 -------- d-----w- C:\ProgramData\Synaptics
2012-03-25 03:19:06 -------- d-----w- C:\Users\Matt\.android
2012-03-25 03:18:26 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll
2012-03-17 16:16:16 -------- d-----w- C:\Users\Matt\AppData\Roaming\Digiarty
2012-03-17 02:14:52 -------- d-----w- C:\Users\Matt\AppData\Roaming\SorensonMedia
2012-03-17 01:54:27 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-03-17 01:54:23 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-03-17 01:35:25 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-03-16 16:09:51 -------- d-----w- C:\Users\Matt\AppData\Roaming\HandBrake
2012-03-14 18:54:32 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 18:54:31 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:54:30 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 17:17:10 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 17:17:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 17:17:09 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 14:41:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 14:41:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 14:41:30 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 14:41:30 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 14:41:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 14:41:29 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 14:41:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-12 22:39:15 -------- d-----w- C:\Users\Matt\AppData\Roaming\e-academy Inc
2012-03-12 22:39:15 -------- d-----w- C:\Users\Matt\AppData\Local\e-academy Inc
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
==================== Find3M ====================
.
2012-04-07 01:47:40 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
.
============= FINISH: 12:31:11.45 ===============


Thanks a lot everyone, have a great weekend.

Edit: I saw all the other posts with the same problem. They were all told to run Combofix, so I did and got this:



ComboFix 12-04-07.03 - Matt 04/07/2012 13:26:28.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4934 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 17:31 . 2012-04-07 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 16:22 . 2012-04-07 17:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{023F1BB4-2013-4E15-A44B-C99AE990A600}\offreg.dll
2012-04-07 16:20 . 2012-04-07 16:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-07 01:47 . 2012-04-07 01:47 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 17:42 . 2012-04-03 17:42 -------- d-----r- c:\users\Matt\Dropbox
2012-04-03 17:40 . 2012-04-04 02:03 -------- d-----w- c:\users\Matt\AppData\Roaming\Dropbox
2012-04-01 23:51 . 2011-08-22 21:07 62064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-04-01 23:51 . 2011-08-22 21:07 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-04-01 23:51 . 2011-08-22 21:06 432752 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-04-01 23:51 . 2011-08-22 21:06 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-04-01 23:51 . 2011-08-22 21:07 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2012-04-01 23:51 . 2011-08-22 03:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-04-01 23:50 . 2012-04-01 23:50 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\program files\Common Files\VMware
2012-04-01 23:46 . 2012-04-01 23:46 -------- d-----w- c:\users\Matt\AppData\Roaming\Chrome
2012-04-01 00:38 . 2012-04-07 15:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-01 00:38 . 2012-04-01 00:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-31 18:54 . 2012-04-07 15:33 -------- d--h--w- c:\users\.TemporaryItems
2012-03-28 01:02 . 2012-03-28 01:02 -------- d-----w- c:\program files\Microsoft Silverlight
2012-03-28 01:02 . 2012-03-28 01:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-03-27 02:29 . 2012-03-27 02:29 -------- d-----w- c:\windows\en
2012-03-27 02:27 . 2012-03-27 02:27 -------- d-----w- c:\program files\Windows Live
2012-03-27 02:26 . 2012-03-27 02:26 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e06df161cd0bc101\DSETUP.dll
2012-03-27 02:26 . 2012-03-27 02:26 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e06df161cd0bc101\DXSETUP.exe
2012-03-27 02:26 . 2012-03-27 02:26 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e06df161cd0bc101\dsetup32.dll
2012-03-26 02:55 . 2012-03-26 02:55 -------- d-----w- c:\program files\iPod
2012-03-26 02:55 . 2012-03-26 02:56 -------- d-----w- c:\program files\iTunes
2012-03-26 02:55 . 2012-03-26 02:56 -------- d-----w- c:\program files (x86)\iTunes
2012-03-26 00:28 . 2012-03-26 00:28 -------- d-----w- c:\programdata\Synaptics
2012-03-25 03:19 . 2012-03-25 03:19 -------- d-----w- c:\users\Matt\.android
2012-03-25 03:18 . 2011-12-17 17:19 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2012-03-22 01:56 . 2012-03-31 23:52 -------- d-----w- c:\users\Matt\AppData\Roaming\Media Player Classic
2012-03-17 16:16 . 2012-03-17 16:16 -------- d-----w- c:\users\Matt\AppData\Roaming\Digiarty
2012-03-17 02:14 . 2012-03-17 02:14 -------- d-----w- c:\users\Matt\AppData\Roaming\SorensonMedia
2012-03-17 01:54 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2012-03-17 01:54 . 2012-03-21 17:23 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-03-17 01:35 . 2012-03-17 02:08 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-03-16 16:09 . 2012-03-17 15:45 -------- d-----w- c:\users\Matt\AppData\Roaming\HandBrake
2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:17 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:17 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:17 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:41 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:41 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:41 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:41 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:41 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:41 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:41 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 22:39 . 2012-03-12 22:39 -------- d-----w- c:\users\Matt\AppData\Roaming\e-academy Inc
2012-03-12 22:39 . 2012-03-12 22:39 -------- d-----w- c:\users\Matt\AppData\Local\e-academy Inc
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 01:47 . 2011-07-16 04:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 18:52 . 2011-09-01 15:37 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-13 22:28 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-07_15.29.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-07 16:25 45858 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-07 16:25 43942 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-02 22:22 . 2012-04-07 16:25 12782 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2785409406-2308165282-3252329793-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-04-07 15:37 93520 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-12-31 05:07 . 2012-03-14 18:48 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
- 2011-12-31 05:07 . 2012-03-14 18:48 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
- 2011-12-31 05:07 . 2012-03-14 18:48 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-04-07 15:29 . 2012-04-07 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-07 17:24 . 2012-04-07 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-07 17:24 . 2012-04-07 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-07 15:29 . 2012-04-07 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-07 14:44 663252 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-07 16:28 663252 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-07 16:28 122674 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-07 14:44 122674 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-07 17:24 492980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-07 15:29 492980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-31 05:07 . 2012-04-07 16:00 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
- 2011-12-31 05:07 . 2012-03-14 18:48 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
- 2011-12-31 05:07 . 2012-03-14 18:48 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2011-12-31 05:07 . 2012-03-14 18:48 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2011-12-31 05:07 . 2012-03-14 18:48 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-14 04:45 . 2012-03-14 20:23 4990208 c:\windows\system32\FNTCACHE.DAT
+ 2012-04-07 16:22 . 2012-04-07 16:22 4990208 c:\windows\system32\FNTCACHE.DAT
- 2011-12-31 05:07 . 2012-03-14 18:48 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-12-31 05:07 . 2012-03-14 18:48 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
- 2011-12-31 05:07 . 2012-03-14 18:48 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
- 2011-12-31 05:07 . 2012-03-14 18:48 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-12-31 05:07 . 2012-04-07 16:00 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
- 2011-12-31 05:07 . 2012-03-14 18:48 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-10-20 18:35 . 2010-10-20 18:35 1858400 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\WORDICON.EXE
+ 2011-03-19 03:59 . 2011-03-19 03:59 1422680 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\WINWORD.EXE
- 2011-07-02 23:22 . 2012-04-07 02:00 58810097 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2785409406-2308165282-3252329793-1001-12288.dat
+ 2011-07-02 23:22 . 2012-04-07 17:24 58810097 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2785409406-2308165282-3252329793-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-03-17 265544]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 253600]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 01:47]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785409406-2308165282-3252329793-1001Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-12 01:41]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785409406-2308165282-3252329793-1001UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-12 01:41]
.
2012-04-01 c:\windows\Tasks\HPCeeScheduleForMatt.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-25476499.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-07 13:32:59
ComboFix-quarantined-files.txt 2012-04-07 17:32
ComboFix2.txt 2012-04-07 15:33
.
Pre-Run: 307,629,862,912 bytes free
Post-Run: 307,848,634,368 bytes free
.
- - End Of File - - D9FC5B925ED8D22DADB084D5E01C7772

Edited by StarSpangledBanner, 07 April 2012 - 12:42 PM.


BC AdBot (Login to Remove)

 


#2 StarSpangledBanner

StarSpangledBanner
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 07 April 2012 - 08:59 PM

Never mind, I just formatted my computer instead. A fresh install is always a good but annoying solution.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 11 April 2012 - 04:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users