Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect issue (I think)


  • This topic is locked This topic is locked
6 replies to this topic

#1 Karmitage

Karmitage

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 27 July 2012 - 01:26 PM

Hi I've been struggling with what I think is a Google redirect virus. I've run a anti-malware programs like MBAM which have come up saying they have cured the issue but I am still being redirected. When I first started having issues there were symptoms of a windows recovery virus but after running combofix those went away other than the redirecting. I'm running windows 7 64 bit. Here is a log from combofix that I ran 2 days ago.

Thanks

ComboFix 12-07-26.04 - Kevin 07/25/2012 19:59:38.6.6 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.16383.15090 [GMT -4:00]
Running from: c:\users\Kevin\Downloads\ComboFix.exe
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 00:31 . 2012-07-26 00:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-26 00:31 . 2012-07-26 00:31 -------- d-----w- c:\users\Mcx1-KEVIN-PC\AppData\Local\temp
2012-07-26 00:31 . 2012-07-26 00:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 10:30 . 2012-07-24 10:30 -------- d-----w- c:\windows\system32\Macromed
2012-07-24 10:29 . 2012-07-24 10:29 -------- d-----w- c:\programdata\ALM
2012-07-24 08:35 . 2012-07-24 08:35 -------- d-----w- c:\users\Kevin\Adobe Flash Builder 4.6
2012-07-22 21:58 . 2012-07-22 21:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-22 20:07 . 2012-07-22 20:07 -------- d-----w- c:\users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2012-07-22 20:07 . 2012-07-22 20:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-22 20:07 . 2012-07-22 20:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-19 20:26 . 2012-07-19 20:26 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes
2012-07-19 20:25 . 2012-07-19 20:25 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 20:25 . 2012-07-19 20:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 02:48 . 2012-07-15 02:48 -------- d-----w- c:\program files (x86)\Echo FireWire
2012-07-11 07:45 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 20:27 . 2012-07-10 20:27 -------- dc----w- c:\programdata\{68043317-5F8A-4DA9-B49D-1A6337515B90}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 07:41 . 2010-12-12 04:18 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-23 19:07 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 19:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 19:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 19:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 19:07 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 19:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 19:07 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-23 19:07 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-23 19:07 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 03:56 . 2012-06-16 03:43 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-16 03:43 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-16 03:43 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 10:52 . 2012-06-16 03:43 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-16 03:43 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-16 03:43 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-16 03:43 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-16 03:42 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-21_04.03.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-05-11 20:55 . 2011-05-11 20:55 45904 c:\windows\SysWOW64\sbbd.exe
+ 2011-09-06 16:30 . 2011-09-06 16:30 45904 c:\windows\SysWOW64\sbbd.exe
+ 2011-01-03 21:23 . 2012-07-26 00:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-03 21:23 . 2012-07-21 02:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-26 00:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-21 02:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-03 21:23 . 2012-07-26 00:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-03 21:23 . 2012-07-21 02:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-10 04:29 . 2012-07-25 18:58 83182 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-25 18:58 36530 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-10 04:15 . 2012-07-25 18:58 19080 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-356343101-3072769810-3467715426-1000_UserData.bin
+ 2011-09-05 17:04 . 2011-09-05 17:04 37264 c:\windows\system32\spool\drivers\x64\3\ADREGP.DLL
+ 2011-09-05 17:04 . 2011-09-05 17:04 24984 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
+ 2011-09-05 17:05 . 2011-09-05 17:05 53656 c:\windows\system32\spool\drivers\x64\3\AdobePdf.dll
+ 2010-12-10 05:43 . 2011-09-06 16:30 45904 c:\windows\system32\sbbd.exe
- 2010-12-10 05:43 . 2011-05-11 20:55 45904 c:\windows\system32\sbbd.exe
- 2011-01-03 21:23 . 2012-04-21 19:02 30720 c:\windows\system32\DriverStore\infstrng.dat
+ 2011-01-03 21:23 . 2012-07-24 06:20 30720 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-04-21 19:02 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-24 06:20 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-09-05 17:04 . 2011-09-05 17:04 24984 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_37dec03d80533e59\Amd64Vista\AdobePDFUI.dll
+ 2011-09-05 17:05 . 2011-09-05 17:05 53656 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_37dec03d80533e59\Amd64Vista\AdobePdf.dll
+ 2011-09-05 17:04 . 2011-09-05 17:04 37264 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_37dec03d80533e59\Amd64\ADREGP.DLL
+ 2010-12-10 05:43 . 2011-08-29 21:36 55384 c:\windows\system32\drivers\sbredrv.sys
- 2010-12-10 05:43 . 2011-04-29 18:15 55384 c:\windows\system32\drivers\sbredrv.sys
+ 2011-08-29 21:36 . 2011-08-29 21:36 71256 c:\windows\system32\drivers\sbapifs.sys
+ 2011-04-04 19:28 . 2011-11-03 07:01 56208 c:\windows\system32\drivers\PxHlpa64.sys
+ 2010-12-10 06:59 . 2012-07-26 01:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-10 06:59 . 2012-07-21 01:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-10 06:59 . 2012-07-26 01:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-10 06:59 . 2012-07-21 01:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-21 01:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 01:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-05 17:04 . 2011-09-05 17:04 24984 c:\windows\system32\AdobePDFUI.dll
+ 2011-09-05 17:05 . 2011-09-05 17:05 53656 c:\windows\system32\AdobePDF.dll
+ 2011-01-04 01:19 . 2012-07-26 00:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-04 01:19 . 2012-07-21 02:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-07-21 19:24 95168 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-01-04 01:19 . 2012-07-26 00:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-04 01:19 . 2012-07-21 02:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-04 01:19 . 2012-07-21 02:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-04 01:19 . 2012-07-26 00:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-12 04:56 . 2012-07-26 02:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-12 04:56 . 2012-07-21 04:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-12 04:56 . 2012-07-26 02:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-12 04:56 . 2012-07-21 04:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-24 06:05 . 2012-07-24 06:05 23040 c:\windows\Installer\26c1dac.msi
+ 2012-07-24 05:32 . 2012-07-24 05:32 32256 c:\windows\Installer\2529265.msi
+ 2012-07-24 05:31 . 2012-07-24 05:31 32256 c:\windows\Installer\2529251.msi
+ 2012-07-22 19:00 . 2012-07-22 19:00 71040 c:\windows\Installer\{E4EE897E-B059-4084-B76D-37895B0F79F3}\NewShortcut21_339C927BB4B547F9804FDF51F01D2D57.exe
+ 2012-07-22 19:00 . 2012-07-22 19:00 71040 c:\windows\Installer\{E4EE897E-B059-4084-B76D-37895B0F79F3}\NewShortcut2_339C927BB4B547F9804FDF51F01D2D57.exe
- 2012-05-21 22:47 . 2012-05-21 22:47 10134 c:\windows\Installer\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}\ARPPRODUCTICON.exe
+ 2012-07-24 04:58 . 2012-07-24 04:58 10134 c:\windows\Installer\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}\ARPPRODUCTICON.exe
- 2012-05-21 22:46 . 2012-05-21 22:46 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2012-07-24 04:37 . 2012-07-24 04:37 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
- 2012-05-21 22:46 . 2012-05-21 22:46 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2012-07-24 04:58 . 2012-07-24 04:58 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2012-07-24 05:59 . 2012-07-24 05:59 53248 c:\windows\Installer\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\ARPPRODUCTICON.exe
+ 2012-07-24 05:59 . 2012-07-24 05:59 53248 c:\windows\Installer\{185F9795-9663-4F13-9EF9-307A282ADB5A}\ARPPRODUCTICON.exe
+ 2012-07-24 04:37 . 2012-07-24 04:37 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
- 2012-05-21 22:46 . 2012-05-21 22:46 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2010-10-25 19:13 . 2010-10-25 19:13 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ViewerPS.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PrintInf64.exe
+ 2010-10-25 19:13 . 2010-10-25 19:13 16808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\piaglbreakfinder.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFPrevHndlr.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 28568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\FileDlgExt.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 17816 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Exch_AcrobatInfo.exe
+ 2010-10-25 19:13 . 2010-10-25 19:13 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acrotextextractor.exe
+ 2010-10-25 19:13 . 2010-10-25 19:13 97168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AcroIF.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acroiehelpershim.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AcroIEHelper.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Acrofx32.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 36760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acrobat_sl.exe
- 2011-01-14 05:54 . 2012-07-20 08:41 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-01-14 05:54 . 2012-07-25 08:26 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-21 02:29 . 2012-07-21 02:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 00:33 . 2012-07-26 00:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 00:33 . 2012-07-26 00:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-21 02:29 . 2012-07-21 02:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-07 05:01 . 2011-09-07 05:01 100848 c:\windows\SysWOW64\vxblock.dll
- 2011-02-28 22:01 . 2011-02-28 22:01 947472 c:\windows\SysWOW64\msjava.dll
+ 2012-03-13 00:56 . 2012-03-13 00:56 947472 c:\windows\SysWOW64\msjava.dll
- 2011-04-29 18:15 . 2011-04-29 18:15 101720 c:\windows\SysWOW64\drivers\SBREDrv.sys
+ 2011-08-29 21:36 . 2011-08-29 21:36 101720 c:\windows\SysWOW64\drivers\SBREDrv.sys
+ 2009-07-14 01:18 . 2009-07-14 01:41 629760 c:\windows\system32\spool\drivers\x64\3\PSCRIPT5.DLL
+ 2009-07-14 01:19 . 2009-07-14 01:41 847360 c:\windows\system32\spool\drivers\x64\3\PS5UI.DLL
+ 2011-09-05 17:05 . 2011-09-05 17:05 464272 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
- 2009-07-14 05:30 . 2012-02-27 22:22 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-07-24 06:20 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-09-05 17:05 . 2011-09-05 17:05 464272 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_37dec03d80533e59\Amd64\ADUIGP.DLL
+ 2009-07-14 05:01 . 2012-07-25 19:35 510188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-15 03:49 . 2012-04-15 03:49 593408 c:\windows\Installer\26c1d8f.msi
+ 2012-04-15 03:49 . 2012-04-15 03:49 915456 c:\windows\Installer\2343969.msi
+ 2012-07-22 19:00 . 2012-07-22 19:00 345472 c:\windows\Installer\{E4EE897E-B059-4084-B76D-37895B0F79F3}\ARPPRODUCTICON.exe
+ 2012-07-24 06:19 . 2012-07-24 06:19 335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 109472 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\wcfirefoxextn.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\sqlite.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 108864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\spal.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 905536 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\solidcore.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 133440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\solid_wxbase_xml.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 404800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\securepdfsdk.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 147776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\scpdfbridge.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 457120 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMPublisher.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 106904 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMProject.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 641440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMPowerPoint.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 385952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMOfficeAddin.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 319808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\pdfmeta.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 528792 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMEngine.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 221592 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMakerAPI.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 217496 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMAccess.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 435520 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ocr.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\nppdf32.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 344480 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\MDKitAdapter.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 316824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ImpCommWord.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 858944 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\imagetool.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Exch_JP2KLib.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 329104 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Exch_Acrobat.exe
+ 2010-10-25 19:13 . 2010-10-25 19:13 709528 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Dist_adistres.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 821144 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Dist_acrotray.exe
+ 2010-10-25 19:13 . 2010-10-25 19:13 405912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Dist_acrodist.exe
+ 2010-10-25 19:13 . 2010-10-25 19:13 143168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\dbcore.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 170816 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\convertercorelight.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 685464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ContextMenu.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 148880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Aiod.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 222920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ahclient.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 952728 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\aecfilter.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 226200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\adobeafp.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 116624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Adist64.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 110480 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Adist.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 203680 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acroscanbroker.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AcroPDF.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 340384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AcroIEFavClient.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acrobroker.exe
+ 2010-10-25 19:13 . 2010-10-25 19:13 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\a3dutils.dll
+ 2009-07-14 04:45 . 2012-07-24 18:30 5078720 c:\windows\system32\FNTCACHE.DAT
+ 2011-02-24 07:48 . 2012-07-25 19:35 6014100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-356343101-3072769810-3467715426-1000-12288.dat
+ 2012-07-18 20:42 . 2012-07-18 20:42 7931392 c:\windows\Installer\8d261.msi
+ 2012-04-15 03:47 . 2012-04-15 03:47 8297472 c:\windows\Installer\26c1f5a.msi
+ 2012-04-15 03:49 . 2012-04-15 03:49 1436672 c:\windows\Installer\26c1da6.msi
+ 2012-04-15 03:49 . 2012-04-15 03:49 2259968 c:\windows\Installer\252926b.msi
+ 2012-04-15 03:49 . 2012-04-15 03:49 2211328 c:\windows\Installer\22043e7.msi
+ 2012-04-15 03:49 . 2012-04-15 03:49 1997312 c:\windows\Installer\22043df.msi
+ 2010-10-25 19:13 . 2010-10-25 19:13 1876288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\solid_wxbase.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\rt3d.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 1054096 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\pdfport.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 1270680 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMWord.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 2739608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMOutlook.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 2070432 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMLotus_PDFMLotusNotes.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 2033040 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMLotus_Lcppn30.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 1300888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMExcel.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 6445376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\pdflibtool.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 1753504 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\OCRLibraryInf.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 5002632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\MPS.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 1186728 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\JSByteCodeWin.bin
+ 2010-10-25 19:13 . 2010-10-25 19:13 2795928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Exch_cooltype.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 4728216 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Dist_acrodistdll.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 1591712 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ContextMenu64.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\authplay.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 2893216 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AdobePDFMakerX.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 6654360 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AdobePDFL.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AdobeCollabSync.exe
+ 2010-10-25 19:13 . 2010-10-25 19:13 2572712 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Acrobat_Elements.exe
- 2009-07-14 02:34 . 2012-07-21 02:42 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-07-25 19:10 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-07-22 18:57 . 2012-07-22 18:57 13606912 c:\windows\Installer\316b3.msi
+ 2012-04-15 03:49 . 2012-04-15 03:49 12719104 c:\windows\Installer\2343971.msi
+ 2010-10-25 19:13 . 2010-10-25 19:13 17201560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\webkitag.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 51284384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PreflightLib.dll
+ 2010-10-25 19:13 . 2010-10-25 19:13 28406160 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Acrobat.dll
+ 2012-04-15 03:47 . 2012-04-15 03:47 113676288 c:\windows\Installer\26c1f5b.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Executor"="c:\program files (x86)\Executor\Executor.exe" [2009-10-02 1110528]
"MusicManager"="c:\users\Kevin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-05-18 932528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-07 102400]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-06 1357136]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Pro Tools LE Registration.lnk - c:\program files (x86)\Digidesign\Pro Tools\DigidesignRegistration.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Control Panel.lnk - c:\program files\Phonic\1394AudioDriver\Phonic_Cpl.exe [2011-7-19 397064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave4"=Digi32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 116648]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 tvnserver;TightVNC Server;f:\tightvnc\tvnserver.exe [x]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-11-04 278528]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-01-15 1101600]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2009-12-16 43584]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616]
R3 echo1394;echo1394 service;c:\windows\system32\DRIVERS\echo1394.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-25 1431888]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-22 1571336]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 116648]
R3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2010-11-03 25720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-11 129976]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]
R3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS64_100507.sys [2010-05-10 28984]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys [2010-05-10 33592]
R3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS64_100507.sys [2010-05-10 14960]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Phonic_1394;Phonic_1394;c:\windows\system32\Drivers\Phonic_1394_x64.sys [2011-02-28 197384]
R3 Phonic_avs;Phonic_avs;c:\windows\system32\Drivers\Phonic_avs_x64.sys [2011-02-28 72968]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-10 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2010-05-05 32352]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-29 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2010-10-23 21520]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-19 8704]
S2 MacDrive8ServiceD;MacDrive 8 service for Digidesign;c:\program files\Mediafour\MacDrive 8\MacDrive8ServiceD.exe [2010-06-07 167424]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2010-11-08 2647552]
S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-08-29 71256]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-22 54320]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-22 2963960]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 20:35]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 20:35]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356343101-3072769810-3467715426-1000Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-12 03:27]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356343101-3072769810-3467715426-1000UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-12 03:27]
.
2012-07-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 351c0870-8593-4930-b593-6946df06c6d2.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacDrive 8 application for Digidesign"="c:\program files\Mediafour\MacDrive 8\MacDriveD.exe" [2010-06-02 228864]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:60343
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\yc5lgf0j.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:56,f7,b8,ab,2b,c8,2e,94,b4,81,ff,b2,8e,c2,53,e4,4d,4c,19,8c,20,
59,05,06,9d,a5,26,65,79,37,88,b9,28,23,8a,f7,03,7c,71,24,dd,a9,95,7b,71,75,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:56,f7,b8,ab,2b,c8,2e,94,b4,81,ff,b2,8e,c2,53,e4,4d,4c,19,8c,20,
59,05,06,9d,a5,26,65,79,37,88,b9,28,23,8a,f7,03,7c,71,24,dd,a9,95,7b,71,75,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
.
**************************************************************************
.
Completion time: 2012-07-25 23:11:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 03:10
ComboFix2.txt 2012-07-21 04:23
ComboFix3.txt 2011-07-12 22:01
.
Pre-Run: 252,914,511,872 bytes free
Post-Run: 255,618,707,456 bytes free
.
- - End Of File - - 90B50A51AE9C7D96C5B8C85984C99CAB

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:47 AM

Posted 01 August 2012 - 01:51 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Edited by D-FRED-BROWN, 01 August 2012 - 02:00 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 Karmitage

Karmitage
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 01 August 2012 - 04:01 PM

I have downloaded the utilities you listed but now I am unable to run tdss killer. I have tried renaming it and changing to a .com extension but it still will not open.

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:47 AM

Posted 01 August 2012 - 08:15 PM

Let's try this. Please post the new ComboFix report first, though.

----------Step 1----------------
Please download Malwarebytes' Anti-Malware to your Desktop
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


----------Step 2----------------
Move TDSSKiller.exe to the Malwarebytes Chameleon folder for now.
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\

----------Step 3----------------
Press the R key on your keyboard while holding the Windows button.

The Run prompt should open.

Copy and paste the following command:

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

Then, press Enter.

A black DOS prompt will appear. Press any key to continue.


----------Step 4----------------
Navigate back to the Chameleon folder, and double-click TDSSKiller.exe.
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\TDSSKiller.exeClick the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Edited by D-FRED-BROWN, 01 August 2012 - 08:27 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:47 AM

Posted 05 August 2012 - 03:41 PM

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them. :wink:
If not, please let me know so I can close this topic.

-DFB
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#6 Karmitage

Karmitage
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 05 August 2012 - 08:23 PM

Sorry I meant to reply a couple days ago but got distracted. Everything has been resolved and seems to be working like normal again. Thanks for the help!

#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:47 AM

Posted 05 August 2012 - 08:43 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users