Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random ads and music virus


  • This topic is locked This topic is locked
34 replies to this topic

#1 pollux1972

pollux1972

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 25 September 2012 - 01:43 PM

Hello!

Like others here, I have a virus that originally shut down Firefox and left my computer with only Microsoft programs; this virus also randomly plays adverts in the background, and has redirected Google searches a few times, leading me to believe it is a redirect virus.

My computer is a six-month-old Dell Dual-core I-5. I run a 64 bit version of Windows 7 Professional.

I have run Malwarebytes and ComboFix, and both of them have removed malware. I am at the point, now, where I can use the computer again, but the ads still play occasionally.

I did download TDSS Killer, but have not been able to get it to actually run.

Any assistance or advice you can offer would be appreciated!

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:37 AM

Posted 25 September 2012 - 03:01 PM

Good evening. :)

Please go here, follow steps six, seven and eight as best you can, skipping those that you cannot run for any reason, and then post accordingly into this thread.

I have run Malwarebytes and ComboFix, and both of them have removed malware

I'd also like to see the MBAM and ComboFix logs that relate to the removals above.

1) Run MBAM and select the Logs Tab. Each log has the time and date attached to it - let me have the one that identified what ever it was that you are revering to.
2) The ComboFix log is located at C:\ComboFix.txt.

So long, and thanks for all the fish.

 

 


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:37 AM

Posted 25 September 2012 - 03:05 PM

Hello,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.



Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 pollux1972

pollux1972
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 25 September 2012 - 06:42 PM

Attached File  attach.zip   3.26KB   0 downloadsThank you both for your willingness to help!

Here's the DDS log:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by David at 18:14:07 on 2012-09-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5195 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\Explorer.EXE
c:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\igfxext.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\David\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: dunntransmissions.com\mail
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{75FFB782-7E25-44E8-BD8A-D43FD2338B84} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{75FFB782-7E25-44E8-BD8A-D43FD2338B84}\2375942554239393 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{75FFB782-7E25-44E8-BD8A-D43FD2338B84}\4457E6E6452716E637 : DhcpNameServer = 192.168.168.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h9uy4ld8.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\David\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 MpKsl19f46c48;MpKsl19f46c48;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D76F9D3-F3AF-4718-BB84-16F722D73C57}\MpKsl19f46c48.sys [2012-9-24 35664]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-20 89600]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-5-13 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-5-13 36768]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-20 2656536]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\accelern.sys --> C:\Windows\system32\DRIVERS\accelern.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 O2MDFRDR;O2MDFRDR;C:\Windows\system32\DRIVERS\O2MDFw7x64.sys --> C:\Windows\system32\DRIVERS\O2MDFw7x64.sys [?]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2011-10-20 8192]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 250288]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-24 114144]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\system32\drivers\O2MDRw7x64.sys --> C:\Windows\system32\drivers\O2MDRw7x64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-25 17:26:10 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 17:26:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-25 17:13:11 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-25 13:24:56 -------- d-----w- C:\ComboFix
2012-09-25 00:06:29 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D76F9D3-F3AF-4718-BB84-16F722D73C57}\offreg.dll
2012-09-25 00:06:29 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D76F9D3-F3AF-4718-BB84-16F722D73C57}\MpKsl19f46c48.sys
2012-09-25 00:06:13 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D76F9D3-F3AF-4718-BB84-16F722D73C57}\mpengine.dll
2012-09-24 22:55:40 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-24 19:10:52 98816 ----a-w- C:\Windows\sed.exe
2012-09-24 19:10:52 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-24 19:10:52 256000 ----a-w- C:\Windows\PEV.exe
2012-09-24 19:10:52 208896 ----a-w- C:\Windows\MBR.exe
2012-09-24 18:47:19 -------- dc----w- C:\Users\David\AppData\Local\MigWiz
2012-09-24 18:23:07 788536 ----a-r- C:\Users\David\AppData\Roaming\Microsoft\Installer\{B2F34D92-C5CF-4801-90CB-D04A5634B334}\TweetDeck.exe
2012-09-24 18:19:13 -------- d-----w- C:\Windows\System32\appmgmt
2012-09-24 17:15:26 -------- d-----w- C:\Users\David\AppData\Roaming\Malwarebytes
2012-09-24 17:15:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-24 16:34:19 -------- d-----w- C:\Users\David\AppData\Roaming\Windows Live Writer
2012-09-24 16:34:19 -------- d-----w- C:\Users\David\AppData\Local\Windows Live Writer
2012-09-23 17:20:45 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 19:18:01 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-09-21 19:18:01 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-09-20 13:07:09 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-20 13:06:52 -------- d-----w- C:\Program Files\iPod
2012-09-20 13:06:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 13:06:51 -------- d-----w- C:\Program Files\iTunes
2012-09-20 13:06:51 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-20 12:59:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-20 12:59:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-20 12:59:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-20 12:59:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-20 12:59:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-20 12:59:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-20 12:59:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-19 15:51:11 -------- d-----w- C:\Users\David\AppData\Local\twitter
2012-09-19 15:49:42 -------- d-----w- C:\Program Files (x86)\Twitter
2012-09-14 18:09:42 -------- d-----w- C:\Users\David\AppData\Local\{9EF7A5DE-11B0-4E99-A75B-B18DB8D0A482}
2012-09-14 18:09:22 -------- d-----w- C:\Users\David\AppData\Local\{5F15976C-9DC0-494C-B2B0-4EA3A4D2AA8C}
2012-09-12 17:29:51 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 17:29:51 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 17:29:51 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 17:29:50 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 17:29:50 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 17:29:50 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 17:29:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 20:54:14 -------- d-----w- C:\Program Files (x86)\Audible
.
==================== Find3M ====================
.
2012-09-20 20:00:33 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 20:00:33 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-09 18:13:40 101680 ----a-w- C:\Windows\System32\stkMonitor.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-09 18:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 18:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 18:21:31.21 ===============

AND, here is the "attach.txt" file DDS created, zipped:(Well, it is attached)

#5 pollux1972

pollux1972
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 25 September 2012 - 06:51 PM

Here's the ComboFix log:

ComboFix 12-09-24.02 - David 09/24/2012 14:17:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6308 [GMT -5:00]
Running from: c:\users\David\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Ej9pc3PT38ArxP
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 19:47 . 2012-09-24 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-24 18:47 . 2012-09-24 18:47 -------- dc----w- c:\users\David\AppData\Local\MigWiz
2012-09-24 18:23 . 2012-09-24 18:23 788536 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{B2F34D92-C5CF-4801-90CB-D04A5634B334}\TweetDeck.exe
2012-09-24 18:22 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7001F9F2-51BB-4414-A706-8C7B172562A5}\mpengine.dll
2012-09-24 18:19 . 2012-09-24 18:19 -------- d-----w- c:\windows\system32\appmgmt
2012-09-24 17:15 . 2012-09-24 17:15 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2012-09-24 17:15 . 2012-09-24 17:15 -------- d-----w- c:\programdata\Malwarebytes
2012-09-24 16:35 . 2012-09-24 16:35 -------- d-----w- c:\programdata\McAfee
2012-09-24 16:34 . 2012-09-24 18:24 -------- d-----w- c:\users\David\AppData\Local\Windows Live Writer
2012-09-24 16:34 . 2012-09-24 16:34 -------- d-----w- c:\users\David\AppData\Roaming\Windows Live Writer
2012-09-23 17:20 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 19:18 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-21 19:18 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-20 13:07 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 13:06 . 2012-09-20 13:06 -------- d-----w- c:\program files\iPod
2012-09-20 13:06 . 2012-09-24 18:58 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 13:06 . 2012-09-24 18:58 -------- d-----w- c:\program files\iTunes
2012-09-20 13:06 . 2012-09-24 18:58 -------- d-----w- c:\program files (x86)\iTunes
2012-09-20 12:59 . 2012-09-20 12:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-20 12:59 . 2012-09-20 12:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-20 12:59 . 2012-09-20 12:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-20 12:59 . 2012-09-20 12:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-20 12:59 . 2012-09-20 12:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-20 12:59 . 2012-09-20 12:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-20 12:59 . 2012-09-20 12:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-20 12:59 . 2012-09-24 18:58 -------- d-----w- c:\program files (x86)\QuickTime
2012-09-19 15:51 . 2012-09-19 15:51 -------- d--h--w- c:\users\David\AppData\Local\twitter
2012-09-19 15:49 . 2012-09-19 15:49 -------- d-----w- c:\program files (x86)\Twitter
2012-09-12 17:29 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 17:29 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 17:29 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 17:29 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 17:29 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 17:29 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 17:29 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 20:54 . 2012-09-24 18:58 -------- d--h--w- c:\program files (x86)\Audible
2012-08-25 21:12 . 2012-08-25 21:12 -------- d--h--w- c:\users\David\AppData\Local\Google
2012-08-25 21:11 . 2012-08-25 21:12 -------- d--h--w- c:\users\David\AppData\Local\Deployment
2012-08-25 21:11 . 2012-08-25 21:11 -------- d--h--w- c:\users\David\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 20:00 . 2012-04-07 16:09 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 20:00 . 2011-10-20 04:58 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 08:00 . 2012-04-09 01:41 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-21 18:01 . 2012-07-13 21:09 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2012-07-13 21:09 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-09 18:13 . 2012-08-09 18:13 101680 ----a-w- c:\windows\system32\stkMonitor.dll
2012-07-18 18:15 . 2012-08-15 18:24 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 18:42 . 2012-07-09 18:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 18:42 . 2012-07-09 18:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-07-06 20:07 . 2012-08-16 08:02 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 18:24 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 18:24 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 18:24 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 18:24 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ---ha-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ---ha-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ---ha-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
Bloggie Watcher Utility.lnk - c:\program files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe [2011-6-9 746856]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 pnhsjlhj;pnhsjlhj;c:\windows\system32\drivers\pnhsjlhj.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-20 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-20 39464]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys [2011-01-03 74984]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 27760]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-05-10 38504]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys [2011-01-03 72808]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 20:00]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3691631230-2450797753-1505482426-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 21:12]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3691631230-2450797753-1505482426-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 21:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ---ha-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ---ha-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ---ha-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ---ha-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"combofix"="c:\combofix\CF19624.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dunntransmissions.com\mail
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-OkuBoPWhnwmw.exe - c:\programdata\OkuBoPWhnwmw.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-Ej9pc3PT38ArxP - c:\programdata\Ej9pc3PT38ArxP.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-24 15:10:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-24 20:10
.
Pre-Run: 123,365,003,264 bytes free
Post-Run: 123,123,630,080 bytes free
.
- - End Of File - - E8935F767BD83C15CBE83837E3F95F8A

#6 pollux1972

pollux1972
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 25 September 2012 - 06:56 PM

Here is a Malwarebytes log from yesterday. I am searching my machine for the one that found a virus....


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.24.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrator]

Protection: Disabled

9/24/2012 12:21:14 PM
mbam-log-2012-09-24 (12-21-14).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352611
Time elapsed: 9 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:37 AM

Posted 25 September 2012 - 07:00 PM

Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 pollux1972

pollux1972
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 25 September 2012 - 07:54 PM

Yes! I have several blank USB flash drives. Sorry I didn't remember to answer before.

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:37 AM

Posted 25 September 2012 - 08:02 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 pollux1972

pollux1972
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 25 September 2012 - 09:34 PM

Odd stuff on this end of things!

I downloaded Farbar to a datastick, as you instructed. Then, I rebooted my computer and selected "Repair your computer" from the menu. Then, nothing happened--the message said "Windows loading files" (or some such) and there it sat with the message frozen and the bar beneath the message unchanging. I turned off the computer and went back through the steps many times with the exact same results. I even left it sitting like that for an extended amount of time (45 minutes or so) just in case I had been rushing things earlier.

I am going to try again. If I get anything to happen, I will certainly post the log here.

Again, I appreciate your patience and your help.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:37 AM

Posted 25 September 2012 - 09:42 PM

We need to create a Windows 7 System Repair Disk. Note that this disk can only be used to access the Recovery Environment, not to reinstall Windows 7.
  • Press Windows Key + R, type recdisc.exe in the runbox and press enter.
  • If you get a UAC prompt, allow the application to run by clicking Yes. You will see the following:

    Posted Image

  • Make sure you have a blank CD or DVD in your CD/DVD drive and click Create disc. Note: If AutoPlay comes up, just close it.
  • When the System Repair Disk has been created, click Close and then OK. Your System Repair Disk is now ready for use.


Let me know when its ready

Edited by fireman4it, 25 September 2012 - 09:43 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 pollux1972

pollux1972
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 26 September 2012 - 08:07 AM

Good morning! I followed your instructions and the disc is finished.

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:37 AM

Posted 26 September 2012 - 07:10 PM

Now we will use the disc.



For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

Use the disc You just made

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 pollux1972

pollux1972
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 26 September 2012 - 09:17 PM

Okay, here's that log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012
Ran by SYSTEM at 26-09-2012 21:14:55
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [1934608 2010-12-23] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [112408 2011-08-08] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\David\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\David\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation)

==================== Drivers (Whitelisted) =====================

3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]
1 pnhsjlhj; \??\C:\Windows\system32\drivers\pnhsjlhj.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-26 05:05 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-25 15:35 - 2012-09-25 15:35 - 00009699 ____A C:\Users\David\Documents\attach.txt
2012-09-25 15:35 - 2012-09-25 15:35 - 00003337 ____A C:\Users\David\Documents\attach.zip
2012-09-25 15:25 - 2012-09-25 15:25 - 00026126 ____A C:\Users\David\Documents\DDS.txt
2012-09-25 15:13 - 2012-09-25 15:13 - 00607260 ____R (Swearware) C:\Users\David\Downloads\dds.com
2012-09-25 15:12 - 2012-09-25 15:12 - 00050477 ____A C:\Users\David\Downloads\Defogger.exe
2012-09-25 15:12 - 2012-09-25 15:12 - 00000472 ____A C:\Users\David\Downloads\defogger_disable.log
2012-09-25 15:12 - 2012-09-25 15:12 - 00000000 ____A C:\Users\David\defogger_reenable
2012-09-25 10:43 - 2012-09-25 10:43 - 00061759 ____A C:\Users\David\Documents\dell-dual-core-i5-notebook.htm
2012-09-25 10:43 - 2012-09-25 10:43 - 00000000 ____D C:\Users\David\Documents\dell-dual-core-i5-notebook_files
2012-09-25 10:04 - 2012-09-25 10:04 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\David\Desktop\tdsskiller.exe
2012-09-25 09:26 - 2012-09-25 09:26 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-25 09:26 - 2012-09-25 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-25 09:08 - 2012-09-25 09:08 - 00001038 ____A C:\Users\David\Documents\checkup.txt
2012-09-25 09:00 - 2012-09-25 09:00 - 00881724 ____A C:\Users\David\Downloads\SecurityCheck.exe
2012-09-25 06:22 - 2012-09-25 06:22 - 00025662 ____A C:\ComboFix.txt
2012-09-25 05:24 - 2012-09-25 06:22 - 00000000 ____D C:\ComboFix
2012-09-24 17:07 - 2012-09-24 17:07 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-24 17:07 - 2012-09-24 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-24 15:55 - 2012-09-25 09:24 - 00000000 ____D C:\Users\David\Downloads\tdsskiller
2012-09-24 15:53 - 2012-09-24 15:55 - 02193278 ____A C:\Users\David\Downloads\tdsskiller.zip
2012-09-24 15:52 - 2012-09-24 15:52 - 00000115 ____A C:\Users\David\Documents\eset.txt
2012-09-24 14:55 - 2012-09-24 14:55 - 00000000 ____D C:\Program Files (x86)\ESET
2012-09-24 14:47 - 2012-09-24 14:49 - 04731392 ____A (AVAST Software) C:\Users\David\Downloads\aswMBR (1).exe
2012-09-24 14:46 - 2012-09-24 14:46 - 04759205 ____A (Swearware) C:\Users\David\Downloads\ComboFix (2).exe
2012-09-24 12:29 - 2012-09-24 12:29 - 00302592 ____A C:\Users\David\Downloads\qc33tssx.exe
2012-09-24 11:30 - 2012-09-20 05:07 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-24 11:30 - 2012-08-13 08:53 - 00000936 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-09-24 11:30 - 2012-07-18 07:52 - 00001127 ____A C:\Users\Public\Desktop\Bloggie Software.lnk
2012-09-24 11:10 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-24 11:10 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-24 11:10 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-24 11:10 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-24 11:10 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-24 11:10 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-24 11:10 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-24 11:10 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-24 11:07 - 2012-09-24 11:07 - 04759205 ____A (Swearware) C:\Users\David\Downloads\ComboFix (1).exe
2012-09-24 10:47 - 2012-09-24 10:47 - 00000000 ___DC C:\Users\David\AppData\Local\MigWiz
2012-09-24 10:39 - 2012-09-25 05:16 - 04731392 ____A (AVAST Software) C:\Users\David\Downloads\aswMBR.exe
2012-09-24 10:38 - 2012-09-25 06:22 - 00000000 ____D C:\Qoobox
2012-09-24 10:37 - 2012-09-24 11:54 - 00000000 ____D C:\Windows\erdnt
2012-09-24 10:36 - 2012-09-25 05:18 - 04757278 ____R (Swearware) C:\Users\David\Downloads\ComboFix.exe
2012-09-24 10:19 - 2012-09-24 10:19 - 00000000 ____D C:\Windows\System32\appmgmt
2012-09-24 09:15 - 2012-09-24 09:15 - 00000000 ____D C:\Users\David\AppData\Roaming\Malwarebytes
2012-09-24 09:15 - 2012-09-24 09:15 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-24 09:14 - 2012-09-24 09:14 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-24 08:35 - 2012-09-24 08:35 - 00000000 ____D C:\Users\All Users\McAfee
2012-09-24 08:34 - 2012-09-24 10:24 - 00000000 ____D C:\Users\David\AppData\Local\Windows Live Writer
2012-09-24 08:34 - 2012-09-24 08:34 - 00000000 ____D C:\Users\David\AppData\Roaming\Windows Live Writer
2012-09-23 06:29 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-23 06:29 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-23 06:29 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-23 06:29 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-23 06:29 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-23 06:29 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-23 06:29 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-23 06:29 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-23 06:29 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-23 06:29 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-23 06:29 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-23 06:29 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-23 06:29 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-23 06:29 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-23 06:29 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-23 06:29 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-23 06:29 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-23 06:29 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-23 06:29 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-23 06:29 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-23 06:29 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-23 06:29 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-23 06:29 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-23 06:29 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-23 06:29 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-23 06:29 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-23 06:29 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-23 06:29 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-23 06:29 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-23 06:29 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-23 06:29 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-23 06:29 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 11:29 - 2012-09-21 11:29 - 00007605 ____A C:\Users\David\AppData\Local\Resmon.ResmonCfg
2012-09-21 11:18 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-09-21 11:18 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-09-21 10:12 - 2012-09-21 10:14 - 00000152 ____A C:\Users\All Users\-Ej9pc3PT38ArxPr
2012-09-21 10:12 - 2012-09-21 10:14 - 00000144 ____A C:\Users\All Users\-Ej9pc3PT38ArxP
2012-09-20 05:07 - 2012-08-21 10:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-20 05:06 - 2012-09-24 10:58 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 05:06 - 2012-09-24 10:58 - 00000000 ____D C:\Program Files\iTunes
2012-09-20 05:06 - 2012-09-24 10:58 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-09-20 05:06 - 2012-09-20 05:06 - 00000000 ____D C:\Program Files\iPod
2012-09-20 04:59 - 2012-09-24 10:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-09-19 07:51 - 2012-09-19 07:51 - 00000000 ____D C:\Users\David\AppData\Local\twitter
2012-09-19 07:49 - 2012-09-19 07:49 - 14581760 ____A C:\Users\David\Downloads\TweetDeck.msi
2012-09-19 07:49 - 2012-09-19 07:49 - 00000000 ____D C:\Program Files (x86)\Twitter
2012-09-14 10:09 - 2012-09-14 10:09 - 00000000 ____D C:\Users\David\AppData\Local\{9EF7A5DE-11B0-4E99-A75B-B18DB8D0A482}
2012-09-14 10:09 - 2012-09-14 10:09 - 00000000 ____D C:\Users\David\AppData\Local\{5F15976C-9DC0-494C-B2B0-4EA3A4D2AA8C}
2012-09-12 09:29 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 09:29 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 09:29 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 09:29 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 09:29 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 09:29 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 09:29 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-11 12:54 - 2012-09-24 10:58 - 00000000 ____D C:\Users\Public\Documents\Audible
2012-09-11 12:54 - 2012-09-24 10:58 - 00000000 ____D C:\Users\David\Documents\Audible
2012-09-11 12:54 - 2012-09-24 10:58 - 00000000 ____D C:\Program Files (x86)\Audible
2012-09-11 12:53 - 2012-09-11 12:53 - 01672880 ____A (Audible, Inc.) C:\Users\David\Downloads\AudibleDM_iTunesSetup.exe
2012-09-11 12:53 - 2012-09-11 12:53 - 00000319 ____A C:\Users\David\Downloads\admhelper(1)
2012-09-11 12:52 - 2012-09-11 12:52 - 00000319 ____A C:\Users\David\Downloads\admhelper
2012-08-30 13:34 - 2012-08-30 13:34 - 00000692 ____A C:\Users\David\Downloads\Libraries - Shortcut.lnk


==================== 3 Months Modified Files ==================

2012-09-26 18:08 - 2012-08-25 13:12 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3691631230-2450797753-1505482426-1000UA.job
2012-09-26 18:08 - 2011-10-19 20:57 - 01332053 ____A C:\Windows\WindowsUpdate.log
2012-09-26 18:07 - 2012-04-07 08:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-26 06:48 - 2009-07-13 20:45 - 00021312 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-26 06:48 - 2009-07-13 20:45 - 00021312 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-26 06:45 - 2009-07-13 21:13 - 00782334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-26 06:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-26 06:41 - 2009-07-13 20:51 - 00047185 ____A C:\Windows\setupact.log
2012-09-25 18:27 - 2012-08-25 13:12 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3691631230-2450797753-1505482426-1000Core.job
2012-09-25 17:50 - 2010-11-20 19:47 - 00053760 ____A C:\Windows\PFRO.log
2012-09-25 15:35 - 2012-09-25 15:35 - 00009699 ____A C:\Users\David\Documents\attach.txt
2012-09-25 15:35 - 2012-09-25 15:35 - 00003337 ____A C:\Users\David\Documents\attach.zip
2012-09-25 15:25 - 2012-09-25 15:25 - 00026126 ____A C:\Users\David\Documents\DDS.txt
2012-09-25 15:13 - 2012-09-25 15:13 - 00607260 ____R (Swearware) C:\Users\David\Downloads\dds.com
2012-09-25 15:12 - 2012-09-25 15:12 - 00050477 ____A C:\Users\David\Downloads\Defogger.exe
2012-09-25 15:12 - 2012-09-25 15:12 - 00000472 ____A C:\Users\David\Downloads\defogger_disable.log
2012-09-25 15:12 - 2012-09-25 15:12 - 00000000 ____A C:\Users\David\defogger_reenable
2012-09-25 10:43 - 2012-09-25 10:43 - 00061759 ____A C:\Users\David\Documents\dell-dual-core-i5-notebook.htm
2012-09-25 10:04 - 2012-09-25 10:04 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\David\Desktop\tdsskiller.exe
2012-09-25 09:26 - 2012-09-25 09:26 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-25 09:08 - 2012-09-25 09:08 - 00001038 ____A C:\Users\David\Documents\checkup.txt
2012-09-25 09:00 - 2012-09-25 09:00 - 00881724 ____A C:\Users\David\Downloads\SecurityCheck.exe
2012-09-25 06:22 - 2012-09-25 06:22 - 00025662 ____A C:\ComboFix.txt
2012-09-25 06:04 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-25 05:18 - 2012-09-24 10:36 - 04757278 ____R (Swearware) C:\Users\David\Downloads\ComboFix.exe
2012-09-25 05:16 - 2012-09-24 10:39 - 04731392 ____A (AVAST Software) C:\Users\David\Downloads\aswMBR.exe
2012-09-24 17:07 - 2012-09-24 17:07 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-24 15:55 - 2012-09-24 15:53 - 02193278 ____A C:\Users\David\Downloads\tdsskiller.zip
2012-09-24 15:52 - 2012-09-24 15:52 - 00000115 ____A C:\Users\David\Documents\eset.txt
2012-09-24 14:49 - 2012-09-24 14:47 - 04731392 ____A (AVAST Software) C:\Users\David\Downloads\aswMBR (1).exe
2012-09-24 14:46 - 2012-09-24 14:46 - 04759205 ____A (Swearware) C:\Users\David\Downloads\ComboFix (2).exe
2012-09-24 12:29 - 2012-09-24 12:29 - 00302592 ____A C:\Users\David\Downloads\qc33tssx.exe
2012-09-24 11:49 - 2009-07-13 18:34 - 74448896 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-09-24 11:49 - 2009-07-13 18:34 - 13893632 ____A C:\Windows\System32\config\SYSTEM.bak
2012-09-24 11:49 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-09-24 11:49 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-09-24 11:49 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-09-24 11:07 - 2012-09-24 11:07 - 04759205 ____A (Swearware) C:\Users\David\Downloads\ComboFix (1).exe
2012-09-24 09:14 - 2012-09-24 09:14 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-21 11:29 - 2012-09-21 11:29 - 00007605 ____A C:\Users\David\AppData\Local\Resmon.ResmonCfg
2012-09-21 10:14 - 2012-09-21 10:12 - 00000152 ____A C:\Users\All Users\-Ej9pc3PT38ArxPr
2012-09-21 10:14 - 2012-09-21 10:12 - 00000144 ____A C:\Users\All Users\-Ej9pc3PT38ArxP
2012-09-20 12:00 - 2012-04-07 08:09 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-20 12:00 - 2011-10-19 20:58 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-20 05:07 - 2012-09-24 11:30 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-19 07:49 - 2012-09-19 07:49 - 14581760 ____A C:\Users\David\Downloads\TweetDeck.msi
2012-09-14 00:00 - 2012-04-08 17:41 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-11 12:53 - 2012-09-11 12:53 - 01672880 ____A (Audible, Inc.) C:\Users\David\Downloads\AudibleDM_iTunesSetup.exe
2012-09-11 12:53 - 2012-09-11 12:53 - 00000319 ____A C:\Users\David\Downloads\admhelper(1)
2012-09-11 12:52 - 2012-09-11 12:52 - 00000319 ____A C:\Users\David\Downloads\admhelper
2012-08-30 13:34 - 2012-08-30 13:34 - 00000692 ____A C:\Users\David\Downloads\Libraries - Shortcut.lnk
2012-08-24 03:15 - 2012-09-23 06:29 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-23 06:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-23 06:29 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-23 06:29 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-23 06:29 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-23 06:29 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-23 06:29 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-23 06:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-23 06:29 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-23 06:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-23 06:29 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-23 06:29 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-23 06:29 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-23 06:29 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-23 06:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-23 06:29 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-23 06:29 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-23 06:29 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-23 06:29 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-23 06:29 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-23 06:29 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-23 06:29 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-23 06:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-23 06:29 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-23 06:29 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-23 06:29 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-23 06:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-23 06:29 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-23 06:29 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-23 06:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-23 06:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-23 06:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-12 09:29 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 09:29 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 09:29 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 09:29 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-26 05:05 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-21 10:01 - 2012-09-20 05:07 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 10:01 - 2012-07-13 13:09 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 10:01 - 2012-07-13 13:09 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-19 13:06 - 2012-08-19 13:01 - 116982591 ____A C:\Users\David\Downloads\Derek Webb - Ctrl - Tier 2.zip
2012-08-16 00:18 - 2009-07-13 20:45 - 00461608 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-13 08:55 - 2012-08-13 08:55 - 00000000 ____A C:\Users\David\Sti_Trace.log
2012-08-13 08:53 - 2012-09-24 11:30 - 00000936 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-08-09 10:16 - 2012-08-09 10:16 - 05291440 ____A (Amazon.com, Inc.) C:\Users\David\Downloads\SendToKindleForPC-installer(1).exe
2012-08-09 10:13 - 2012-08-09 10:13 - 05291440 ____A (Amazon.com, Inc.) C:\Users\David\Downloads\SendToKindleForPC-installer.exe
2012-08-09 10:13 - 2012-08-09 10:13 - 00101680 ____A (Amazon.com, Inc.) C:\Windows\System32\stkMonitor.dll
2012-08-02 09:58 - 2012-09-12 09:29 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 09:29 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-27 16:39 - 2012-04-05 12:06 - 00126456 ____A C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-27 12:58 - 2012-07-27 12:40 - 1131295672 ____A (Microsoft Corporation) C:\Users\David\Downloads\OfficePro2010English_x64.exe
2012-07-27 12:34 - 2012-07-27 12:33 - 43361640 ____A (Apple Inc.) C:\Users\David\Downloads\iCloudSetup.exe
2012-07-18 10:15 - 2012-08-15 10:24 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-18 07:52 - 2012-09-24 11:30 - 00001127 ____A C:\Users\Public\Desktop\Bloggie Software.lnk
2012-07-13 13:07 - 2012-07-13 13:04 - 79225752 ____A (Apple Inc.) C:\Users\David\Downloads\iTunes64Setup.exe
2012-07-13 13:03 - 2012-07-13 13:03 - 00000000 ____A C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-07-09 19:20 - 2012-07-09 19:20 - 02548454 ____A (Perfect Data Solutions Excel Password Recovery ) C:\Users\David\Downloads\Full-PDS-Excel-Password-27-August-11-02-AM-setup.exe
2012-07-09 19:00 - 2012-07-09 19:00 - 02536369 ____A (Perfect Data Solutions Excel Password Recovery ) C:\Users\David\Downloads\pds-excel-pwd-demo.exe
2012-07-09 10:42 - 2012-07-09 10:42 - 04547984 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-07-09 10:42 - 2012-07-09 10:42 - 00052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-07-06 12:07 - 2012-08-16 00:02 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 14:16 - 2012-08-15 10:24 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 10:24 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 10:24 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 10:24 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 10:24 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-12 09:29 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-14 00:00:20
Restore point made on: 2012-09-17 04:56:00
Restore point made on: 2012-09-19 07:49:37
Restore point made on: 2012-09-20 11:40:07
Restore point made on: 2012-09-21 10:18:29
Restore point made on: 2012-09-21 11:06:11
Restore point made on: 2012-09-21 11:18:05
Restore point made on: 2012-09-21 11:25:27
Restore point made on: 2012-09-23 06:29:25
Restore point made on: 2012-09-23 09:52:17
Restore point made on: 2012-09-24 10:19:02
Restore point made on: 2012-09-24 10:48:10
Restore point made on: 2012-09-26 18:08:52

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8072.93 MB
Available physical RAM: 7256.06 MB
Total Pagefile: 8071.13 MB
Available Pagefile: 7255.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:237.69 GB) (Free:114.35 GB) NTFS
2 Drive e: (Repair disc 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
3 Drive f: (CENTON USB) (Removable) (Total:29.82 GB) (Free:29.82 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 238 GB 0 B
Disk 1 Online 29 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 752 MB 40 MB
Partition 3 Primary 237 GB 792 MB
Partition 4 Primary 10 MB 238 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 752 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 237 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F CENTON USB FAT32 Removable 29 GB Healthy

=========================================================

Last Boot: 2012-09-20 04:09

==================== End Of Log =============================

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:37 AM

Posted 26 September 2012 - 11:08 PM

  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:/listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users