Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Zero Access... I just wanted to be popular.


  • This topic is locked This topic is locked
7 replies to this topic

#1 JJBrando

JJBrando

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 18 April 2012 - 10:35 PM

So... Like everyone else and their dogs, I seem to have contracted the zero access virus. There may be a few other nasties to go along with it as well.

Anyways, I would truly appreciate some help in recovering from this nightmare as this infection decided to hit just as my final paper for my final university class is being composed (I have other locations for working on my report but this computer is much more convenient :).

I am running Windows 7 64 bit Ultimate edition. The symptoms I am experiencing are as follows:

Symptoms
- Google search results redirect to random sites (especially if search result has anything to do with virus removal)
- Any secure site that begins with https:// will give an SSL error in chrome: " The site's security certificate is signed using a weak signature algorithm!"
- Malware Bytes was able to find 7 issues and resolved all 7. Symptoms remain
- Kaspersky TDSSKiller finds and deletes the Zero Access virus (rootkit?) but symptoms remain after restart.
- Combofix (I know I'm not supposed to run it, Sorry) removes nearly 10 files and a couple folder including
Files:
C:\install.exe
c:\programdata\dih5Cb41.exe
c:\users\JNJ\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
c:\windows\SysWow64\muzapp.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At18.job

Folders:
c:\Windows\System64
c:\Windows\SysWOW64


After Combofix reboots the computer everything seems to be working perfectly. The only issue is that after everything is fixed if I attempt to reboot the computer again windows will get as far as the splash screen and then stop and reboot to the launch recovery/start windows normally screen. From here it says that "The ACLs on file C:\Windows\System32\slui.exe are not proper" or something very close to that.

After the recovery console "fixes" the issue the computer reboots and fails to load again at the splash screen. Another run through the recovery console asks if I would like to restore to a previous point, which I do. After the restore I am back to where I stareted, with the virus.

Any help with this would be greatly appreciated!

I have attached the combofix log that I ran.

Thank you very much!

Jared

Attached Files


Edited by JJBrando, 18 April 2012 - 10:35 PM.


BC AdBot (Login to Remove)

 


#2 JJBrando

JJBrando
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 18 April 2012 - 11:22 PM

Sorry, I realized after my first post that you do not like attachments... Here is the combofix log:

ComboFix 12-04-17.01 - JNJ 18/04/2012 18:52:06.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4095.1970 [GMT -6:00]
Running from: c:\users\JNJ\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\dih5Cb41.exe
c:\users\JNJ\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
c:\windows\SysWow64\muzapp.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At18.job
.
---- Previous Run -------
.
C:\install.exe
c:\programdata\dih5Cb41.exe
c:\users\JNJ\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\SysWow64\muzapp.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At18.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DDService
-------\Service_DDService
-------\Service_DDService
-------\Service_DDService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-19 01:02 . 2012-04-19 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-19 00:29 . 2012-04-19 00:29 -------- d-----w- C:\sh4ldr
2012-04-19 00:29 . 2012-04-19 00:29 110080 ----a-r- c:\users\JNJ\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconF7A21AF7.exe
2012-04-18 04:06 . 2012-04-18 04:06 -------- d-----w- c:\windows\system32\appmgmt
2012-04-18 03:25 . 2012-04-18 05:48 -------- d-----w- C:\JNJ123
2012-04-17 19:45 . 2012-04-18 05:14 -------- d-----w- c:\program files (x86)\Dia
2012-04-17 19:29 . 2012-04-18 05:14 -------- d-----w- c:\users\JNJ\AppData\Roaming\SmartDraw
2012-04-17 19:25 . 2012-04-18 05:14 -------- d-----w- c:\program files (x86)\SmartDraw 2012
2012-04-17 12:52 . 2012-04-17 12:52 -------- d--h--w- c:\programdata\Common Files
2012-04-17 12:51 . 2012-04-18 05:14 -------- d-----w- c:\programdata\AVG2012
2012-04-17 12:51 . 2012-04-17 12:51 -------- d-----w- C:\$AVG
2012-04-17 12:51 . 2012-04-17 12:51 -------- d-----w- c:\program files (x86)\AVG
2012-04-17 12:48 . 2012-04-18 05:14 -------- d-----w- c:\programdata\MFAData
2012-04-17 02:16 . 2012-04-18 05:14 -------- d-----w- c:\users\JNJ\My Icons
2012-04-17 01:45 . 2012-04-18 05:14 -------- d-----w- C:\Username123
2012-04-15 19:03 . 2012-04-15 19:03 -------- d-----w- c:\users\JNJ\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-04-15 15:27 . 2012-04-15 15:27 2 --shatr- c:\windows\winstart.bat
2012-04-15 15:27 . 2012-04-18 03:21 -------- d-----w- c:\program files (x86)\UnHackMe
2012-04-14 23:16 . 2012-04-18 05:11 -------- d-----w- c:\users\JNJ\AppData\Roaming\Malwarebytes
2012-04-14 23:16 . 2012-04-18 05:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-14 23:16 . 2012-04-18 05:11 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 23:16 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 14:06 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3416006B-9AC7-4482-899E-A868BA296F9E}\mpengine.dll
2012-04-13 01:16 . 2012-04-18 05:14 -------- d-----w- c:\users\JNJ\.dvdcss
2012-04-12 09:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 09:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 09:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 09:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-03 01:09 . 2012-04-03 01:09 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-01 14:11 . 2012-04-18 06:51 -------- d-----w- c:\programdata\MySQL
2012-04-01 14:11 . 2012-04-18 05:11 -------- d-----w- c:\program files\MySQL
2012-04-01 14:07 . 2012-04-01 14:07 993 ----a-w- c:\windows\gvimdiff.bat
2012-04-01 14:07 . 2012-04-01 14:07 993 ----a-w- c:\windows\gview.bat
2012-04-01 14:07 . 2012-04-01 14:07 993 ----a-w- c:\windows\evim.bat
2012-04-01 14:07 . 2012-04-01 14:07 985 ----a-w- c:\windows\gvim.bat
2012-04-01 14:07 . 2012-04-01 14:07 694 ----a-w- c:\windows\vimtutor.bat
2012-04-01 14:07 . 2012-04-01 14:07 668 ----a-w- c:\windows\vimdiff.bat
2012-04-01 14:07 . 2012-04-01 14:07 668 ----a-w- c:\windows\view.bat
2012-04-01 14:07 . 2012-04-01 14:07 664 ----a-w- c:\windows\vim.bat
2012-04-01 14:07 . 2012-04-18 05:10 -------- d-----w- c:\program files (x86)\Vim
2012-04-01 14:06 . 2012-04-18 05:10 -------- d-----w- c:\program files (x86)\Codelobster Software
2012-04-01 13:59 . 2012-04-18 05:14 -------- d-----w- c:\program files (x86)\Notepad++
2012-04-01 13:59 . 2012-04-18 05:11 -------- d-----w- c:\users\JNJ\AppData\Roaming\Notepad++
2012-04-01 13:56 . 2012-04-18 06:51 -------- d-----w- C:\Apache24
2012-04-01 13:52 . 2012-04-18 05:10 -------- d-----w- C:\php
2012-03-24 04:39 . 2012-04-18 05:15 -------- d-----w- c:\windows\SysWow64\Shared Memory
2012-03-23 16:28 . 2010-07-22 23:13 54848 ----a-w- c:\windows\system32\drivers\FSPFltd.sys
2012-03-23 16:28 . 2012-04-18 05:14 -------- d-----w- c:\program files\My Lockbox
2012-03-22 12:53 . 2012-03-23 16:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 12:53 . 2012-04-18 05:11 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 01:32 . 2012-03-10 01:32 4431872 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-02-25 23:18 . 2012-02-25 23:18 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-02-25 23:18 . 2012-02-25 23:18 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-25 21:18 . 2012-02-25 21:18 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-25 20:02 . 2012-02-25 20:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-25 20:02 . 2012-02-25 20:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-25 20:02 . 2012-02-25 20:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-25 20:02 . 2012-02-25 20:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-25 20:02 . 2012-02-25 20:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-25 20:02 . 2012-02-25 20:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-25 20:02 . 2012-02-25 20:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-25 20:02 . 2012-02-25 20:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-25 20:02 . 2012-02-25 20:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-25 20:02 . 2012-02-25 20:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-25 20:02 . 2012-02-25 20:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-25 20:02 . 2012-02-25 20:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-25 20:02 . 2012-02-25 20:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-25 20:02 . 2012-02-25 20:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-25 20:02 . 2012-02-25 20:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-25 20:02 . 2012-02-25 20:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-25 20:02 . 2012-02-25 20:02 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-25 20:02 . 2012-02-25 20:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-25 20:02 . 2012-02-25 20:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-25 20:02 . 2012-02-25 20:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-25 20:02 . 2012-02-25 20:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-25 20:02 . 2012-02-25 20:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-25 20:02 . 2012-02-25 20:02 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-25 20:02 . 2012-02-25 20:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-25 20:02 . 2012-02-25 20:02 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-25 20:02 . 2012-02-25 20:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-25 20:02 . 2012-02-25 20:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-25 20:02 . 2012-02-25 20:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-25 20:02 . 2012-02-25 20:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-25 20:02 . 2012-02-25 20:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-25 20:02 . 2012-02-25 20:02 448512 ----a-w- c:\windows\system32\html.iec
2012-02-25 20:02 . 2012-02-25 20:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-25 20:02 . 2012-02-25 20:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-25 20:02 . 2012-02-25 20:02 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-25 19:24 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-02-25 19:24 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-02-25 19:24 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-02-25 19:24 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-02-25 19:24 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 03:02 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 03:02 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 03:02 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 03:02 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 03:02 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 03:05 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 03:05 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 03:05 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 07:15 . 2012-03-16 13:40 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-01-31 07:15 . 2012-01-31 07:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 07:15 . 2012-01-31 07:15 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-01-31 07:15 . 2012-01-31 07:15 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-01-31 07:15 . 2012-01-31 07:15 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-01-31 07:15 . 2012-01-31 07:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 07:15 . 2012-01-31 07:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 07:15 . 2012-01-31 07:15 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-01-31 07:15 . 2012-01-31 07:15 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-01-31 07:15 . 2012-01-31 07:15 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-01-31 07:15 . 2012-01-31 07:15 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-01-31 07:15 . 2012-01-31 07:15 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-01-31 07:15 . 2012-03-16 13:40 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-01-31 07:15 . 2012-01-31 07:15 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-01-31 07:15 . 2012-01-31 07:15 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-01-31 07:15 . 2012-01-31 07:15 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-01-31 07:15 . 2012-01-31 07:15 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-01-31 07:15 . 2012-01-31 07:15 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-01-31 07:15 . 2012-01-31 07:15 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-01-31 07:15 . 2012-01-31 07:15 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-01-31 07:15 . 2012-01-31 07:15 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-01-31 07:15 . 2012-01-31 07:15 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-01-31 07:15 . 2012-01-31 07:15 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-01-31 07:15 . 2012-01-31 07:15 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-01-31 07:15 . 2012-01-31 07:15 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-01-31 07:15 . 2012-01-31 07:15 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-01-31 07:15 . 2012-01-31 07:15 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-01-31 07:15 . 2012-01-31 07:15 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-01-31 07:15 . 2012-01-31 07:15 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-01-31 07:15 . 2012-01-31 07:15 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-01-25 06:38 . 2012-03-14 03:02 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 03:02 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 03:02 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\DRIVERS\netbt.sys ---
Company: Microsoft Corporation
File Description: MBT Transport driver
File Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: netbt.sys
File size: 261632
Created time: 2010-11-21 03:23
Modified time: 2010-11-21 03:23
MD5: 09594D1089C523423B32A4229263F068
SHA1: C5A8866590EA0CC3F1C1085BAC7E137C089DC379
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-02-25 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-02-25 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\JNJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\JNJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\JNJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\JNJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DDAssist"="c:\program files (x86)\Drobo\Drobo Dashboard\DDAssist.exe" [2012-01-19 370536]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-03-07 943504]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-16 21416]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-07 3508624]
.
c:\users\JNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JNJ\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NI Error Reporting (64-bit).lnk - c:\program files\National Instruments\Shared\NI Error Reporting\nierserver.exe [2011-6-19 657048]
NI Error Reporting.lnk - c:\program files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2011-6-19 619672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [2009-02-04 95896]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Apache2.4;Apache2.4;c:\apache24\bin\httpd.exe [2012-02-29 20480]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149061313-1679611219-95094820-1000Core.job
- c:\users\JNJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 19:30]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149061313-1679611219-95094820-1000UA.job
- c:\users\JNJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 19:30]
.
2012-04-19 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-04-19 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-04-19 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\JNJ\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\JNJ\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\JNJ\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\JNJ\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2012-03-21 2143552]
"combofix"="c:\combofix\CF19409.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
inspect
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.ca/
mLocal Page = c:\windows\system32\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\JNJ\AppData\Roaming\Mozilla\Firefox\Profiles\susvkgd4.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-27522829.sys
SafeBoot-40464388.sys
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f5,ad,42,c7,16,1d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,b7,44,28,2b,f2,43,45,b9,a9,77,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,b7,44,28,2b,f2,43,45,b9,a9,77,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lktsrv.exe
.
**************************************************************************
.
Completion time: 2012-04-18 19:25:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-19 01:25
.
Pre-Run: 143,948,578,816 bytes free
Post-Run: 143,406,190,592 bytes free
.
- - End Of File - - D0BC8EA8D79DDE0122B958F27DCF18B3

#3 JJBrando

JJBrando
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 19 April 2012 - 06:07 PM

Here is my DDS log :)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by JNJ at 16:59:35 on 2012-04-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4095.2035 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Apache24\bin\httpd.exe
C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\lkads.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\lkcitdl.exe
C:\Apache24\bin\httpd.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\JNJ\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\dih5Cb41.exe
C:\ProgramData\dih5Cb41.exe
C:\ProgramData\dih5Cb41.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = https://www.google.ca/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\JNJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DDAssist] C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
uRun: [EPSON Stylus Photo RX680 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICJA.EXE /FU "C:\Windows\TEMP\E_SD14A.tmp" /EF "HKCU"
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
StartupFolder: C:\Users\JNJ\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\JNJ\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5076D0F3-B6F8-49B8-8294-F93AB4C6B757} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D576FECD-7F68-4CE2-92B0-FF1C8C077F90}\262716E646F637 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JNJ\AppData\Roaming\Mozilla\Firefox\Profiles\susvkgd4.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Users\JNJ\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 Apache2.4;Apache2.4;C:\Apache24\bin\httpd.exe [2012-4-1 20480]
R2 DDService;Drobo Dashboard Service;C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2012-1-18 1259376]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-2-25 8192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [2012-2-25 95896]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-19 03:03:10 -------- d-----we C:\Windows\system64
2012-04-19 00:29:22 -------- d-----w- C:\sh4ldr
2012-04-19 00:29:22 -------- d-----w- C:\Program Files\Enigma Software Group
2012-04-19 00:29:00 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-19 00:28:59 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-19 00:18:24 -------- d-----w- C:\Users\JNJ\AppData\Roaming\SpeedyPC Software
2012-04-19 00:18:24 -------- d-----w- C:\Users\JNJ\AppData\Roaming\DriverCure
2012-04-19 00:18:04 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-04-19 00:11:04 47616 ----a-w- C:\Win32kDiag.exe
2012-04-18 12:39:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-18 04:13:10 -------- d-----w- C:\ComboFix
2012-04-18 04:06:56 -------- d-----w- C:\Windows\System32\appmgmt
2012-04-18 03:50:52 130048 ----a-w- C:\ProgramData\dih5Cb41.exe
2012-04-18 03:25:33 -------- d-----w- C:\JNJ123
2012-04-17 19:45:05 -------- d-----w- C:\Program Files (x86)\Dia
2012-04-17 19:29:24 -------- d-----w- C:\Users\JNJ\AppData\Roaming\SmartDraw
2012-04-17 19:25:31 -------- d-----w- C:\Program Files (x86)\SmartDraw 2012
2012-04-17 12:52:29 -------- d--h--w- C:\ProgramData\Common Files
2012-04-17 12:51:56 -------- d-----w- C:\ProgramData\AVG2012
2012-04-17 12:51:56 -------- d-----w- C:\$AVG
2012-04-17 12:51:30 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-17 12:48:17 -------- d-----w- C:\ProgramData\MFAData
2012-04-17 02:16:48 -------- d-----w- C:\Users\JNJ\My Icons
2012-04-17 01:45:20 -------- d-----w- C:\Username123
2012-04-15 19:03:30 -------- d-----w- C:\Users\JNJ\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-04-15 15:27:53 2 --shatr- C:\Windows\winstart.bat
2012-04-15 15:27:48 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-04-14 23:16:53 -------- d-----w- C:\Users\JNJ\AppData\Roaming\Malwarebytes
2012-04-14 23:16:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-14 23:16:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-14 23:16:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 13:52:55 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-13 14:06:38 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3416006B-9AC7-4482-899E-A868BA296F9E}\mpengine.dll
2012-04-13 01:16:51 -------- d-----w- C:\Users\JNJ\.dvdcss
2012-04-12 09:00:43 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 09:00:43 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 09:00:43 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 09:00:43 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 09:00:43 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 09:00:43 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 09:00:43 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-03 01:09:13 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-01 14:11:15 -------- d-----w- C:\ProgramData\MySQL
2012-04-01 14:11:15 -------- d-----w- C:\Program Files\MySQL
2012-04-01 14:07:58 993 ----a-w- C:\Windows\gvimdiff.bat
2012-04-01 14:07:58 993 ----a-w- C:\Windows\gview.bat
2012-04-01 14:07:58 993 ----a-w- C:\Windows\evim.bat
2012-04-01 14:07:58 985 ----a-w- C:\Windows\gvim.bat
2012-04-01 14:07:58 694 ----a-w- C:\Windows\vimtutor.bat
2012-04-01 14:07:58 668 ----a-w- C:\Windows\vimdiff.bat
2012-04-01 14:07:58 668 ----a-w- C:\Windows\view.bat
2012-04-01 14:07:58 664 ----a-w- C:\Windows\vim.bat
2012-04-01 14:07:53 -------- d-----w- C:\Program Files (x86)\Vim
2012-04-01 14:06:55 -------- d-----w- C:\Program Files (x86)\Codelobster Software
2012-04-01 13:56:03 -------- d-----w- C:\Apache24
2012-04-01 13:52:58 -------- d-----w- C:\php
2012-03-24 04:39:31 -------- d-----w- C:\Windows\SysWow64\Shared Memory
2012-03-23 16:28:30 54848 ----a-w- C:\Windows\System32\drivers\FSPFltd.sys
2012-03-23 16:28:29 -------- d-----w- C:\Program Files\My Lockbox
2012-03-22 12:53:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2012-03-10 01:32:32 4431872 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-25 23:18:28 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-02-25 23:18:28 567184 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-25 21:18:47 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-02-25 19:24:15 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2012-02-25 19:24:15 14848 ----a-w- C:\Windows\System32\slwga.dll
2012-02-25 19:24:15 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2012-02-25 19:24:14 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2012-02-25 19:24:14 1008640 ----a-w- C:\Windows\System32\user32.dll
2012-02-25 18:19:26 0 ----a-w- C:\Windows\ativpsrm.bin
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 17:01:16.45 ===============

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:18 AM

Posted 21 April 2012 - 07:13 AM

Hi JJBrando,

I will be handling your logs to help you get cleaned up. Please give me some time to look them over and I will get back to you as soon as possible. Thanks in advance for your patience.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 JJBrando

JJBrando
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 21 April 2012 - 07:41 AM

Hi Jason,

Thank you for the reply, and thank you for your intentions to help! Sadly though I just broke down and finished reinstalling windows a couple of hours ago. All is good now.

Jared

Edited by JJBrando, 21 April 2012 - 07:41 AM.


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:18 AM

Posted 21 April 2012 - 07:42 AM

Thanks for letting me know. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 JJBrando

JJBrando
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 21 April 2012 - 07:43 AM

No problem! As an aside, what you guys do is a great service. Kudos!

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,267 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:18 AM

Posted 21 April 2012 - 09:06 AM

Per Report at http://www.bleepingcomputer.com/forums/index.php?&app=core&module=reports&do=show_report&rid=7523 , OP reformatted.

This topic is now closed.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users