Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win32/FakeSysdef and more


  • This topic is locked This topic is locked
59 replies to this topic

#1 CPMJohn

CPMJohn

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 July 2012 - 03:05 PM

Problems started last Sunday (7-15-12) at about 10am. File Recovery took over and started classic notice of HD problems...with offer to repair. MS Security Essentials I believe was running and current. (Although it had been telling me to rescan about every three days...when Scan was set for once a week.) I manually started it and it found and quarantined Trojan:Win32/FakeSysdef, Exploit:Win32/Pdf.YN, Exploit:JS/Phoex.A. It also said rlTwlcoFAx.exe was unknown, which I disabled in Startup using Revo Uninstaller.

I used several other suggestions from BleepingComputers and eventually ran Malwarebytes. It detected 2 Registry data items, both PUM.Hijack.Startmenu. One was in the registry string: \AdvancedIStart_ShowMyComputer and the other in \AdvancedIStart_ShowSearch.

I ran Spybot S&D. It got rid of a couple items, with one in registry. Didn't look dangerous.

Three Obvious Problems Remain:
1. Every 10 minutes or so, 15 seconds of an audio ad starts without browsers (or video player) being open. Ads vary and sound like they're coming from a live webcast.
2. Google searches using either IE or Firefox are often misdirected to pay sites.
3. Computer is greatly slowed down. It's a 4 month old HP Pavillion with 8 gig ram and a 1 TB HD that ran very nicely. I had no internet access problems as I have Comcast Business cable.

Please someone help me get my nice speedy (NEW!) computer back.
Thanks,
CPMJohn

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 AM

Posted 20 July 2012 - 11:50 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CPMJohn

CPMJohn
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 July 2012 - 11:38 AM

Checkup.txt contents:
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CloneSpy 2.62
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 33
Java version out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 AM

Posted 21 July 2012 - 11:51 AM

Greetings


OK - Let me have the DDS reports when they are done



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 CPMJohn

CPMJohn
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 July 2012 - 11:59 AM

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by JR at 9:48:21 on 2012-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.4530 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Folder Scout Labs\Folder Scout 1\FolderScout.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\RunDll32.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: VIPTToolbarManager Class: {1a2641ae-2c42-4c51-a05f-8ecec3fdc94d} - C:\Program Files (x86)\Visual IP Trace 2009\VisualIPTraceIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Visual IP Trace: {e70c26ae-dff1-40a8-8d37-19180f56f0aa} - C:\Program Files (x86)\Visual IP Trace 2009\VisualIPTraceIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "C:\Users\JR\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Folder Scout] C:\Program Files (x86)\Folder Scout Labs\Folder Scout 1\FolderScout.exe
mRun: [<NO NAME>]
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
StartupFolder: C:\Users\JR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLIPCA~1.LNK - C:\Program Files (x86)\ClipCache

\clipc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software

\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-

A67417AA88CD/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0FD12AD4-A7B1-4F24-B52C-FE1D595E6118} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{40219718-53A5-4768-A819-087F60D6EAAE} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{40219718-53A5-4768-A819-087F60D6EAAE}\E4544574541425 : DhcpNameServer = 192.168.0.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
BHO-X64: VIPTToolbarManager Class: {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files (x86)\Visual IP Trace 2009\VisualIPTraceIE.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Visual IP Trace: {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files (x86)\Visual IP Trace 2009\VisualIPTraceIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [(Default)]
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JR\AppData\Roaming\Mozilla\Firefox\Profiles\vdt2sg6a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WordWeb\WCaptureMoz\plugins\npWCX.dll
FF - plugin: C:\Users\JR\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY

\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16

16384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4

822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

[2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-1-19 1128952]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1

508776]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1

219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

[2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2

250056]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-3 136176]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2010-6-24 21504]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-16

113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

[2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe

[?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-21 16:10:19 -------- d-----w- C:\Users\JR\AppData\Local\{991CB518-D556-42CC-8158-DC1B591C6F37}
2012-07-21 16:10:09 -------- d-----w- C:\Users\JR\AppData\Local\{62B83D2B-FCD6-442A-9C73-2069CCDBB47F}
2012-07-21 16:08:50 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C569614B-09AE-451C-BDBC-

619666897C78}\mpengine.dll
2012-07-21 04:18:10 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 20:11:28 -------- d-----w- C:\Users\JR\AppData\Local\{A0B91448-535F-4556-81D8-FFCF1A96B7B6}
2012-07-20 20:11:17 -------- d-----w- C:\Users\JR\AppData\Local\{6AC04280-8E66-4BF3-93CC-42AF42303C39}
2012-07-20 03:51:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-20 03:51:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-19 17:39:50 -------- d-----w- C:\Users\JR\AppData\Local\{1643460E-6728-485F-B4C9-D6338C0D7592}
2012-07-19 17:39:39 -------- d-----w- C:\Users\JR\AppData\Local\{27B884A9-1997-4E6A-8497-6F485A1E5E17}
2012-07-19 01:13:30 -------- d-----w- C:\Users\JR\AppData\Local\ElevatedDiagnostics
2012-07-19 00:50:26 -------- d-----w- C:\Users\JR\AppData\Local\{65483EDD-023B-4BA8-BFB5-F6A2AB06C3D3}
2012-07-19 00:50:15 -------- d-----w- C:\Users\JR\AppData\Local\{5345F31D-D3D6-44D7-B8F6-059C044E05CF}
2012-07-19 00:47:02 -------- d-----w- C:\Users\JR\AppData\Local\{76F07491-F7FB-4C57-8E97-8BD39E071BEB}
2012-07-19 00:46:51 -------- d-----w- C:\Users\JR\AppData\Local\{034A3E14-7618-48C1-9130-A08EA46E949E}
2012-07-18 00:04:04 -------- d-----w- C:\autoruns
2012-07-17 18:48:53 -------- d-----w- C:\Users\JR\AppData\Local\AMD
2012-07-17 18:42:16 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-07-17 18:42:08 -------- d-----w- C:\Program Files (x86)\AMD
2012-07-17 18:41:56 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-07-17 18:40:50 -------- d-----w- C:\ProgramData\AMD
2012-07-17 18:40:49 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-07-17 18:38:11 -------- d-----w- C:\Program Files\ATI Technologies
2012-07-17 18:36:52 -------- d-----w- C:\AMD
2012-07-17 17:27:08 -------- d-----w- C:\Users\JR\AppData\Local\{6C6C135D-C656-447F-96E3-9695DAD2A0CD}
2012-07-17 17:26:57 -------- d-----w- C:\Users\JR\AppData\Local\{3AF4FDA5-5AE6-4D57-825F-01BE3A2A5029}
2012-07-16 23:13:20 -------- d-----w- C:\Users\JR\AppData\Roaming\Malwarebytes
2012-07-16 23:12:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-16 23:12:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-16 16:03:28 -------- d-----w- C:\Users\JR\AppData\Local\Macromedia
2012-07-16 16:01:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-16 16:01:43 85472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-16 16:01:43 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-16 16:01:43 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-16 16:01:43 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-16 16:01:43 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-16 13:57:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-16 13:57:59 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-15 20:42:47 -------- d-----w- C:\Users\JR\AppData\Local\{C645B7A1-CEA4-4A17-BE62-521A53D0A3DA}
2012-07-14 17:58:14 -------- d-----w- C:\Users\JR\AppData\Local\{0AE677D7-7878-4CDA-89DB-C1EDEC34FE7D}
2012-07-14 17:58:02 -------- d-----w- C:\Users\JR\AppData\Local\{C054E36F-3709-436F-97CB-B26B2B0162CD}
2012-07-13 18:48:52 -------- d-----w- C:\Users\JR\AppData\Local\{5A775F7F-8EE9-43AF-94DF-81E0CD0DDE2B}
2012-07-13 18:48:40 -------- d-----w- C:\Users\JR\AppData\Local\{0FE3B702-F3CD-4872-B9E6-37E6081DC6D3}
2012-07-12 15:42:16 -------- d-----w- C:\Users\JR\AppData\Local\{BE2166B1-E005-4AEF-8135-A1E53CF993D1}
2012-07-12 15:42:04 -------- d-----w- C:\Users\JR\AppData\Local\{1FD9CA50-3E47-4281-92A0-3FAACA51CD56}
2012-07-12 10:06:56 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 20:04:52 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 15:53:02 -------- d-----w- C:\Users\JR\AppData\Local\{2E7E890B-EAC3-4CC9-8030-9AEBFFBA3F34}
2012-07-11 15:52:51 -------- d-----w- C:\Users\JR\AppData\Local\{6B99F145-076C-48AD-B6D7-E31AAC6387A0}
2012-07-10 17:28:10 -------- d-----w- C:\Users\JR\AppData\Local\{A09D8C56-F124-4707-B458-F1EE694F8B6D}
2012-07-10 17:27:59 -------- d-----w- C:\Users\JR\AppData\Local\{D328C99A-C086-4BC0-8944-146F9A40704F}
2012-07-09 15:20:37 -------- d-----w- C:\Users\JR\AppData\Local\{061DE947-DBE1-4A0B-82F0-BD0450C29ACC}
2012-07-09 15:20:26 -------- d-----w- C:\Users\JR\AppData\Local\{968E39BB-20BF-4B39-825F-6512BAAE60BE}
2012-07-08 18:31:35 -------- d-----w- C:\Users\JR\AppData\Local\{C4F03C56-A100-4E85-B978-B174DE648DBB}
2012-07-08 18:31:24 -------- d-----w- C:\Users\JR\AppData\Local\{0C61111A-7163-40E3-8FE5-617D688A8447}
2012-07-07 16:26:16 -------- d-----w- C:\Users\JR\AppData\Local\{97BFA80B-60BE-4FF0-9035-ADC36648F9D0}
2012-07-07 16:26:05 -------- d-----w- C:\Users\JR\AppData\Local\{272F94C6-1D9B-4039-8E0B-6CF8CC9B9045}
2012-07-06 18:56:28 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D26FE8D-8E69-4029-9D8F-

0DFEEFF3B6D5}\gapaengine.dll
2012-07-06 18:51:26 -------- d-----w- C:\Users\JR\AppData\Local\{261C6F11-6A8D-49C0-9CAD-174251EDC777}
2012-07-06 18:51:14 -------- d-----w- C:\Users\JR\AppData\Local\{6995B935-0685-4739-901C-32D93FAACA96}
2012-07-01 14:28:51 -------- d-----w- C:\Users\JR\AppData\Local\{9BA7CB37-5F72-4103-8CB3-83B5707CD9F5}
2012-07-01 14:28:40 -------- d-----w- C:\Users\JR\AppData\Local\{9E0D7461-46CD-46B3-96F3-561771B13691}
2012-06-30 17:03:28 -------- d-----w- C:\Users\JR\AppData\Local\{AC6F88AE-CDFB-431A-B521-55DC4A5887D3}
2012-06-30 17:03:17 -------- d-----w- C:\Users\JR\AppData\Local\{6BFCB78F-7C87-4054-83E0-4AB80F4383B3}
2012-06-29 15:14:30 -------- d-----w- C:\Users\JR\AppData\Local\{4DC16EAB-3D48-4D9E-87A0-DBE5D9E245E1}
2012-06-29 15:14:19 -------- d-----w- C:\Users\JR\AppData\Local\{DD26F1A9-4035-4D84-BC01-802C6412638F}
2012-06-28 15:47:22 -------- d-----w- C:\Users\JR\AppData\Local\{0434C71F-1B8B-4FDB-A4C3-ED1F7E1C26D8}
2012-06-28 15:47:11 -------- d-----w- C:\Users\JR\AppData\Local\{FCA9FC30-57D4-443F-A2CE-390148EEE0B1}
2012-06-27 15:52:11 -------- d-----w- C:\Users\JR\AppData\Local\{B3B9149E-A67D-45B1-8787-B78344260A69}
2012-06-27 15:52:00 -------- d-----w- C:\Users\JR\AppData\Local\{B3544A55-832A-489E-8B27-E5BA4E840A81}
2012-06-27 03:51:47 -------- d-----w- C:\Users\JR\AppData\Local\{63AD3F77-94BE-45AE-9189-527727C712AD}
2012-06-27 03:51:36 -------- d-----w- C:\Users\JR\AppData\Local\{D208BF5A-4B9E-4E3E-A3A7-BDC0B9893D3C}
2012-06-26 15:51:13 -------- d-----w- C:\Users\JR\AppData\Local\{0A9417AC-1A64-49E9-BA89-8BCA68454CB9}
2012-06-26 15:51:02 -------- d-----w- C:\Users\JR\AppData\Local\{FD7C5115-8C53-4014-A594-C6968E24291B}
2012-06-25 15:07:24 -------- d-----w- C:\Users\JR\AppData\Local\{8343C572-3527-421B-B55C-B2956006E6B4}
2012-06-25 15:07:13 -------- d-----w- C:\Users\JR\AppData\Local\{CBEE5892-FCF6-4016-8016-D43E348848C4}
2012-06-24 15:05:48 -------- d-----w- C:\Users\JR\AppData\Local\{87424E38-BCF6-4A5F-8E41-EC255C882877}
2012-06-24 15:05:37 -------- d-----w- C:\Users\JR\AppData\Local\{D26D8569-A96C-4FA6-8424-312407A67C03}
2012-06-23 15:32:18 -------- d-----w- C:\Users\JR\AppData\Local\{4DDC1F9E-32BE-4DAD-ADD9-5709E8F4403D}
2012-06-23 15:32:07 -------- d-----w- C:\Users\JR\AppData\Local\{0A94F999-052A-4773-BD41-197597FF2360}
2012-06-22 16:32:17 -------- d-----w- C:\Users\JR\AppData\Local\{AAB0426C-8B55-4458-8044-0AA7E4D1B749}
2012-06-22 16:32:06 -------- d-----w- C:\Users\JR\AppData\Local\{B5A371F7-7F1F-4555-8151-025A1D3F8431}
.
==================== Find3M ====================
.
2012-07-11 23:57:31 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 23:57:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:23:50 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-29 03:23:46 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-11 20:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 20:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 20:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 20:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 20:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 20:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 20:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-11 20:48:34 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-06-11 20:48:30 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\SETA54F.tmp
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\SET9A26.tmp
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\SET4A7C.tmp
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\SET4932.tmp
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\SET4884.tmp
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\SET8CFF.tmp
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\SET6D07.tmp
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\SET3C96.tmp
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\SET34C7.tmp
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\SET4498.tmp
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\SET66CC.tmp
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\SET96E6.tmp
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\SET660E.tmp
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-10 23:35:16 43520 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-05-10 23:35:16 29184 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 9:56:27.66 ===============

#6 CPMJohn

CPMJohn
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 July 2012 - 12:01 PM

Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/2/2012 6:58:55 PM
System Uptime: 7/20/2012 8:57:50 AM (25 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2ACF
Processor: AMD A8-3820 APU with Radeon™ HD Graphics | P0 | 2500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 915 GiB total, 738.707 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.086 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 1863 GiB total, 869.514 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP96: 7/16/2012 9:36:51 AM - HPSF Applying updates
RP97: 7/17/2012 10:57:29 AM - Windows Update
RP98: 7/17/2012 5:37:33 PM - Installed Java™ 6 Update 33
RP99: 7/19/2012 4:20:46 PM - HPSF Restore Point
RP100: 7/19/2012 4:23:08 PM - HPSF Applying updates
RP101: 7/19/2012 4:26:52 PM - HPSF Restore Point
RP102: 7/19/2012 4:45:28 PM - Revo Uninstaller's restore point - Bubble Wrap
RP103: 7/19/2012 4:52:43 PM - Revo Uninstaller's restore point - Tap Tap Bear
RP104: 7/20/2012 1:44:44 PM - Windows Update
RP105: 7/20/2012 9:16:59 PM - Windows Update
.
==== Installed Programs ======================
.
4Media Photo DVD Maker
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Amazon Kindle
AMD VISION Engine Control Center
Any DVD Cloner Express 1.2.2
ArcSoft MediaImpression 2
ArcSoft Scan-n-Stitch Deluxe
Bejeweled 3
Belarc Advisor 8.2
Blackhawk Striker 2
Blio
Canon G.726 WMP-Decoder
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Carbonite
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CloneSpy 2.62
Cradle of Rome 2
D3DX10
DirectX for Managed Code Update (Summer 2004)
Domain Extractor Basic 1.0
Dora's World Adventure
Epson Copy Utility 3.5
Epson Event Manager
EPSON Perfection V33/V330 Photo Scanner Driver Update
EPSON Scan
Facebook
Farm Frenzy
Farmscapes
Fast Video Converter 1.2
Fast Whois 1.1
FastStone Image Viewer 4.6
FATE
Final Drive Fury
Folder Scout 1.3.1
Google Chrome
Google Drive
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
HD Video Converter Factory Pro
Hewlett-Packard ACLM.NET v1.1.2.0
Hoyle Card Games
HP Calendar
HP Clock
HP Customer Experience Enhancements
HP Games
HP LinkUp
HP Magic Canvas
HP Magic Canvas Tutorials
HP MovieStore
HP Notes
HP Odometer
HP Product Detection
HP RSS
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP TouchSmart RecipeBox
HP Update
HP Weather
Java Auto Updater
Java™ 6 Update 33
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
LabelPrint
Letters from Nowhere 2
Luxor HD
MacX HD Video Converter Pro For Windows 3.12.2
Mah Jong Medley
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Metric Converter
Microsoft Mathematics
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenAL
opensource
PDF Complete Special Edition
PDF Protector Splitter and Merger
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PressReader
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
Revo Uninstaller 1.94
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.5
Spot
Spybot - Search & Destroy
The Treasures of Mystery Island: The Ghost Ship
Torchlight
TSHostedAppLauncher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual IP Trace
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinX DVD Ripper Platinum 6.8.5
WordWeb Pro
Zinio Reader 4
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/20/2012 7:51:15 AM, Error: Service Control Manager [7034] - The AMD FUEL Service service

terminated unexpectedly. It has done this 1 time(s).
7/20/2012 3:02:34 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt

and unusable. Please run the chkdsk utility on the volume OS.
7/19/2012 3:36:13 PM, Error: Disk [11] - The driver detected a controller error on

\Device\Harddisk5\DR5.
7/19/2012 2:35:27 PM, Error: Service Control Manager [7034] - The ABBYY FineReader 9.0

Sprint Licensing Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2012 5:23:06 PM, Error: Service Control Manager [7001] - The Computer Browser service

depends on the Server service which failed to start because of the following error: The

dependency service or group failed to start.
7/18/2012 1:41:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1068" attempting to start the service fdPHost with arguments "" in order to run the

server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/18/2012 1:41:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1068" attempting to start the service fdPHost with arguments "" in order to run the

server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/18/2012 1:40:18 PM, Error: Service Control Manager [7001] - The HomeGroup Provider

service depends on the Function Discovery Provider Host service which failed to start

because of the following error: The dependency service or group failed to start.
7/18/2012 1:40:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1084" attempting to start the service WSearch with arguments "" in order to run the

server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/18/2012 1:40:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1084" attempting to start the service WSearch with arguments "" in order to run the

server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/18/2012 1:40:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1084" attempting to start the service EventSystem with arguments "" in order to run the

server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/18/2012 1:40:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1084" attempting to start the service CarboniteService with arguments "" in order to run

the server: {36471C67-6A93-4434-92CC-4C614CD06666}
7/18/2012 1:40:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1084" attempting to start the service ShellHWDetection with arguments "" in order to run

the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/18/2012 1:39:20 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN

Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error Code: 21
7/18/2012 1:39:06 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: discache mozyFilter MpFilter spldr Wanarpv6
7/18/2012 1:39:00 PM, Error: Service Control Manager [7001] - The Client Virtualization

Handler service depends on the Application Virtualization Client service which failed to

start because of the following error: The dependency service or group failed to start.
7/17/2012 5:18:55 PM, Error: Service Control Manager [7001] - The Network List Service

service depends on the Network Location Awareness service which failed to start because of

the following error: The dependency service or group failed to start.
7/17/2012 5:18:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1068" attempting to start the service netprofm with arguments "" in order to run the

server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/17/2012 5:18:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1068" attempting to start the service netman with arguments "" in order to run the server:

{BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/17/2012 5:16:50 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: AFD DfsC discache mozyFilter MpFilter NetBIOS NetBT

nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
7/17/2012 5:16:50 PM, Error: Service Control Manager [7001] - The Workstation service

depends on the Network Store Interface Service service which failed to start because of the

following error: The dependency service or group failed to start.
7/17/2012 5:16:50 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper

service depends on the Ancillary Function Driver for Winsock service which failed to start

because of the following error: A device attached to the system is not functioning.
7/17/2012 5:16:50 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector

Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which

failed to start because of the following error: A device attached to the system is not

functioning.
7/17/2012 5:16:50 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector

service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start

because of the following error: The dependency service or group failed to start.
7/17/2012 5:16:50 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector

service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start

because of the following error: The dependency service or group failed to start.
7/17/2012 5:16:50 PM, Error: Service Control Manager [7001] - The Network Store Interface

Service service depends on the NSI proxy service driver. service which failed to start

because of the following error: A device attached to the system is not functioning.
7/17/2012 5:16:50 PM, Error: Service Control Manager [7001] - The Network Location

Awareness service depends on the Network Store Interface Service service which failed to

start because of the following error: The dependency service or group failed to start.
7/17/2012 5:16:50 PM, Error: Service Control Manager [7001] - The IP Helper service

depends on the Network Store Interface Service service which failed to start because of the

following error: The dependency service or group failed to start.
7/17/2012 5:16:50 PM, Error: Service Control Manager [7001] - The DNS Client service

depends on the NetIO Legacy TDI Support Driver service which failed to start because of the

following error: A device attached to the system is not functioning.
7/17/2012 5:16:50 PM, Error: Service Control Manager [7001] - The DHCP Client service

depends on the Ancillary Function Driver for Winsock service which failed to start because

of the following error: A device attached to the system is not functioning.
7/15/2012 12:02:05 PM, Error: Service Control Manager [7022] - The Windows Update service

hung on starting.
7/15/2012 12:00:11 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

ShellHWDetection service.
.
==== End Of File ===========================

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 AM

Posted 21 July 2012 - 12:02 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 CPMJohn

CPMJohn
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 July 2012 - 12:06 PM

Unrequested (no browser or visible application open) audio ads are still playing irregularly....happening right now. Haven't checked google search for misdirects this morning. Computer's operating reasonably fast but I haven't checked demanding online sites (those with lots of ads to open).
CPMJohn

#9 CPMJohn

CPMJohn
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 July 2012 - 12:12 PM

Do need to turn off malwarebytes, win defender, spybot, etc? I have shut down MSE.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 AM

Posted 21 July 2012 - 12:14 PM

shut down as much as you can then go ahead and run combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 CPMJohn

CPMJohn
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 July 2012 - 12:32 PM

Will do.
By the way, for some reason my computer shut itself down while I stepped away. Rebooting left me with no internet access until I rebooted the modem. ???

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 AM

Posted 21 July 2012 - 01:13 PM

but you can connect now?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 CPMJohn

CPMJohn
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 July 2012 - 01:58 PM

ComboFix:
ComboFix 12-07-21.01 - JR 07/21/2012 10:52:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.5960 [GMT -7:00]
Running from: c:\users\JR\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\m9yFSu6JIDN235
c:\users\JR\g2mdlhlpx.exe
J:\Autorun.inf
J:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 18:28 . 2012-07-21 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 16:08 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C569614B-09AE-451C-BDBC-619666897C78}\mpengine.dll
2012-07-21 04:18 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 03:51 . 2012-07-20 16:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-20 03:51 . 2012-07-20 14:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-19 01:13 . 2012-07-19 01:13 -------- d-----w- c:\users\JR\AppData\Local\ElevatedDiagnostics
2012-07-18 00:37 . 2012-07-18 00:37 -------- d-----w- c:\programdata\McAfee
2012-07-18 00:04 . 2012-07-18 00:04 -------- d-----w- C:\autoruns
2012-07-17 18:48 . 2012-07-17 18:48 -------- d-----w- c:\users\JR\AppData\Local\AMD
2012-07-17 18:48 . 2012-07-17 18:48 -------- d-----w- c:\programdata\ATI
2012-07-17 18:42 . 2012-07-17 18:42 -------- d-----w- c:\program files (x86)\AMD AVT
2012-07-17 18:42 . 2012-07-17 18:42 -------- d-----w- c:\program files (x86)\AMD
2012-07-17 18:41 . 2012-07-17 18:41 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-17 18:40 . 2012-07-17 18:42 -------- d-----w- c:\programdata\AMD
2012-07-17 18:40 . 2010-02-18 16:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-07-17 18:38 . 2012-07-17 18:41 -------- d-----w- c:\program files\ATI Technologies
2012-07-17 18:36 . 2012-07-17 18:36 -------- d-----w- C:\AMD
2012-07-16 23:13 . 2012-07-16 23:13 -------- d-----w- c:\users\JR\AppData\Roaming\Malwarebytes
2012-07-16 23:12 . 2012-07-16 23:12 -------- d-----w- c:\programdata\Malwarebytes
2012-07-16 23:12 . 2012-07-16 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-16 16:03 . 2012-07-16 16:03 -------- d-----w- c:\users\JR\AppData\Local\Macromedia
2012-07-16 16:01 . 2012-07-16 16:01 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-16 16:01 . 2012-06-14 22:20 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-16 16:01 . 2012-06-14 22:20 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-16 16:01 . 2012-06-14 22:20 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-16 16:01 . 2012-06-14 22:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-16 16:01 . 2012-06-14 22:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-16 13:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-16 13:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-12 10:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 20:04 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-06 18:56 . 2012-03-03 02:14 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D26FE8D-8E69-4029-9D8F-0DFEEFF3B6D5}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 10:02 . 2012-03-03 15:56 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-11 23:57 . 2012-04-03 00:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 23:57 . 2012-01-19 16:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-29 03:23 . 2012-06-04 16:12 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-29 03:23 . 2012-06-04 16:12 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-11 20:50 . 2012-06-11 20:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 20:50 . 2012-06-11 20:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 20:50 . 2012-06-11 20:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 20:50 . 2012-06-11 20:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 20:48 . 2012-06-11 20:48 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 20:48 . 2012-06-11 20:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-02 22:19 . 2012-06-21 16:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 16:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 16:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 16:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 16:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 16:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-10 23:35 . 2012-05-10 23:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-05-10 23:35 . 2012-05-10 23:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-05-04 11:06 . 2012-06-13 15:55 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 15:55 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 15:55 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 15:55 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 15:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 15:55 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 15:55 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 15:55 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 15:55 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 15:55 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 15:55 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 15:55 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 15:55 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 15:55 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 23:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 23:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 23:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Folder Scout"="c:\program files (x86)\Folder Scout Labs\Folder Scout 1\FolderScout.exe" [2012-03-29 5019648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"WordWeb"="c:\program files (x86)\WordWeb\wweb32.exe" [2009-11-09 65216]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
.
c:\users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ClipCache Pro.lnk - c:\program files\ClipCache\clipc.exe [2012-3-6 3765496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-3-19 6242664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-03-02 29184]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-08-03 78976]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-08-03 38528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-15 759048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-24 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-24 10203648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-24 310784]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-03-26 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-03-26 39464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-14 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-08-04 47232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:57]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 23:21]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 23:21]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2507264271-480471680-3912123415-1001Core.job
- c:\users\JR\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 00:31]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2507264271-480471680-3912123415-1001UA.job
- c:\users\JR\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 00:31]
.
2012-07-15 c:\windows\Tasks\HPCeeScheduleForJR-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2012-07-21 c:\windows\Tasks\HPCeeScheduleForJR.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 23:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 23:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 23:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-03-19 22:58 5560680 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-03-19 22:58 5560680 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\JR\AppData\Roaming\Mozilla\Firefox\Profiles\vdt2sg6a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-21 11:52:13
ComboFix-quarantined-files.txt 2012-07-21 18:52
.
Pre-Run: 793,330,778,112 bytes free
Post-Run: 793,370,329,088 bytes free
.
- - End Of File - - 92254FB7EAF326E6EAEA8B8BC43D059F

#14 CPMJohn

CPMJohn
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 July 2012 - 02:04 PM

No difference in computer from last report...still plays occasional ad audio. Seems to be legit ads...everything from Geico insurance to condoms for sale. It had no problem restarting Firefox and getting to this webpage. Since MSE and Defender are turned off I'm not going to do any browsing. Awaiting further instructions.
Still concerned as to why the computer shut itself off a couple hours ago.
I will be gone from the computer for about 4 hours with a Saturday event.
Hope the ComboFix info helped.
John

#15 CPMJohn

CPMJohn
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 July 2012 - 02:51 PM

I'm back early as it's too hot outside to attend the local event right now...will wait until evening.
I'm not doing anything with this computer as security is still off...no browsing. So, I can't tell the speed of the computer or misdirects from Google searches.

Previously, I noticed that Google searches take twice as long or more as normal to display responses. The misdirection seems to come at the moment I click on a desired link; it goes to some other site...something like "AtlanticCapital.com". However, if I right click and copy the actual link, and then paste it in the browser Address Box, both IE or Firefox will go to that location. Something has taken over the left-clicking process.
Hope that helps.
John




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users