Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by something that redirect google searches


  • This topic is locked This topic is locked
6 replies to this topic

#1 nathan909

nathan909

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 03 October 2012 - 02:32 AM

About a week ago i got bamboozled. I clicked on what I thought was a adobe update, but it installed something on my computer.

Please help!
Thanks!!
-Nathan


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Nathan at 23:35:37 on 2012-10-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.5142 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Plantronics\Morini\MoriniLocalServer.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Users\Nathan\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Nathan\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files (x86)\PhonePower\PhonePower.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Users\Nathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Google Update] "C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [googletalk] C:\Users\Nathan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Spotify Web Helper] "C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [PhonePower] C:\Program Files (x86)\PhonePower\PhonePower.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Spotify] "C:\Users\Nathan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\Nathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: baygenie.com\online
DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} - hxxp://192.168.1.111/EDVR.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFD08950-7FC7-4E95-88DC-5B1952AC7CDF} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mxw1hmmw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nathan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Nathan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-1-10 1248256]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-24 2735528]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250568]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-8-8 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-8-8 8456]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 secubus;Samsung Mobile USB Modem driver (WDM);C:\Windows\system32\DRIVERS\secubus.sys --> C:\Windows\system32\DRIVERS\secubus.sys [?]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-01 20:40:24 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0D8BC7DA-2997-4EAC-9E05-3DB29250A69F}\mpengine.dll
2012-09-30 20:40:49 9308616 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-30 17:02:48 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-09-26 07:40:15 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-19 05:39:13 -------- d-----w- C:\Users\Nathan\AppData\Local\{5264640F-021C-11E2-8271-B8AC6F996F26}
2012-09-19 05:38:31 -------- d-----w- C:\Users\Nathan\AppData\Roaming\hellomoto
2012-09-19 04:59:34 15872 ----a-w- C:\Windows\System32\drivers\secuwhnt.sys
2012-09-19 04:59:34 15872 ----a-w- C:\Windows\System32\drivers\secuwh.sys
2012-09-19 04:59:34 118784 ----a-w- C:\Windows\System32\drivers\secubus.sys
2012-09-19 04:59:28 13800 ----a-w- C:\Windows\System32\drivers\ssadwhnt.sys
2012-09-19 04:59:26 177640 ----a-w- C:\Windows\System32\drivers\ssadmdm.sys
2012-09-19 04:59:25 16872 ----a-w- C:\Windows\System32\drivers\ssadmdfl.sys
2012-09-19 04:59:25 157672 ----a-w- C:\Windows\System32\drivers\ssadbus.sys
2012-09-19 04:59:25 13288 ----a-w- C:\Windows\System32\drivers\ssadcmnt.sys
2012-09-19 04:58:21 19016 ----a-w- C:\Windows\System32\drivers\sscdmdfl.sys
2012-09-19 04:58:21 172104 ----a-w- C:\Windows\System32\drivers\sscdmdm.sys
2012-09-19 04:58:21 15944 ----a-w- C:\Windows\System32\drivers\sscdwhnt.sys
2012-09-19 04:58:21 15432 ----a-w- C:\Windows\System32\drivers\sscdcmnt.sys
2012-09-19 04:58:21 136264 ----a-w- C:\Windows\System32\drivers\sscdbus.sys
2012-09-19 04:43:28 -------- d-----w- C:\Users\Nathan\.android
2012-09-12 03:54:04 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 03:54:04 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 03:54:04 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 03:54:04 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 03:54:03 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 03:54:03 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 03:54:03 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-09-10 00:32:42 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-10 00:32:42 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-30 20:32:08 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2012-07-30 20:32:08 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-07-30 20:32:08 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2012-07-30 20:32:08 102240 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-07-28 05:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-28 05:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-28 05:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 05:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-28 05:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-28 05:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-28 05:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-26 16:11:28 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 23:35:55.81 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:47 PM

Posted 03 October 2012 - 07:33 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 nathan909

nathan909
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 04 October 2012 - 01:18 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2012 01
Ran by SYSTEM at 03-10-2012 23:14:26
Running from K:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Plantronics Morini Local Server] C:\Program Files\Plantronics\Morini\MoriniLocalServer.exe [133632 2011-11-05] (Plantronics)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2012-01-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKU\Nathan\...\Run: [Google Update] "C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-10] (Google Inc.)
HKU\Nathan\...\Run: [googletalk] C:\Users\Nathan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\Nathan\...\Run: [Spotify Web Helper] "C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-20] ()
HKU\Nathan\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Nathan\...\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup [44544 2009-07-13] (Microsoft Corporation)
HKU\Nathan\...\Run: [PhonePower] C:\Program Files (x86)\PhonePower\PhonePower.exe [7506944 2012-02-15] ()
HKU\Nathan\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-09-10] (Siber Systems)
HKU\Nathan\...\Run: [Spotify] "C:\Users\Nathan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart [5576408 2012-08-20] (Spotify Ltd)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AML Device Install.lnk
ShortcutTarget: AML Device Install.lnk -> C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snagit 10.lnk
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Nathan\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2011-11-05] (CSR/PLT)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-07-26] (DT Soft Ltd)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 MODEMCSA; C:\Windows\System32\Drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
2 MySQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL [8919 2012-03-03] ()
3 secubus; C:\Windows\System32\Drivers\secubus.sys [118784 2011-10-04] (MCCI Corporation)
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-12-19] (Oracle Corporation)
3 ALSysIO; \??\C:\Users\Nathan\AppData\Local\Temp\ALSysIO64.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-03 23:14 - 2012-10-03 23:14 - 00000000 ____D C:\FRST
2012-10-03 22:03 - 2012-10-03 22:03 - 01456405 ____A (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2012-10-02 23:33 - 2012-10-03 22:02 - 00000540 ____A C:\Users\Nathan\Desktop\Infected by something that redirect google searches.website
2012-09-30 09:03 - 2012-09-30 09:03 - 00000000 ____D C:\Users\All Users\ATI
2012-09-30 09:02 - 2012-09-30 09:02 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-09-25 23:40 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-25 19:42 - 2012-09-25 19:48 - 104857600 ____A C:\Users\Nathan\Downloads\100MB.test
2012-09-22 02:01 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 02:01 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 02:01 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 02:01 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 02:01 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 02:01 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 02:01 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 02:01 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 02:01 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 02:01 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 02:01 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 02:01 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 02:01 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 02:01 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 02:01 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 02:01 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-22 02:01 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-22 02:01 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-22 02:01 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-22 02:01 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-22 02:01 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-22 02:01 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 02:01 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-22 02:01 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-22 02:01 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 02:01 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 02:01 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-22 02:01 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 02:01 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-22 02:01 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-22 02:00 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 02:00 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-20 23:10 - 2012-09-20 23:10 - 12086624 ____A (EaseUS ) C:\Users\Nathan\Downloads\epm.exe
2012-09-20 01:53 - 2012-09-20 01:53 - 00000000 ____D C:\Users\Nathan\Downloads\gmer
2012-09-20 01:52 - 2012-09-20 01:53 - 00294216 ____A C:\Users\Nathan\Downloads\gmer.zip
2012-09-20 01:50 - 2012-09-20 01:50 - 00302592 ____A C:\Users\Nathan\Downloads\ohec5lmg.exe
2012-09-20 01:48 - 2012-09-20 01:48 - 00607260 ____R (Swearware) C:\Users\Nathan\Downloads\dds.com
2012-09-20 01:47 - 2012-09-20 01:47 - 00050477 ____A C:\Users\Nathan\Downloads\Defogger.exe
2012-09-20 01:47 - 2012-09-20 01:47 - 00000544 ____A C:\Users\Nathan\Desktop\defogger_disable.log
2012-09-20 01:47 - 2012-09-20 01:47 - 00000168 ____A C:\Users\Nathan\defogger_reenable
2012-09-19 13:36 - 2012-09-30 08:58 - 00000000 ____D C:\Users\Nathan\Documents\Old DropBox
2012-09-18 21:39 - 2012-09-18 21:39 - 00000000 ____D C:\Users\Nathan\AppData\Local\{5264640F-021C-11E2-8271-B8AC6F996F26}
2012-09-18 21:38 - 2012-09-18 21:43 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\hellomoto
2012-09-18 20:59 - 2011-10-04 02:22 - 00177640 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdm.sys
2012-09-18 20:59 - 2011-10-04 02:22 - 00157672 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadbus.sys
2012-09-18 20:59 - 2011-10-04 02:22 - 00118784 ____A (MCCI Corporation) C:\Windows\System32\Drivers\secubus.sys
2012-09-18 20:59 - 2011-10-04 02:22 - 00016872 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdfl.sys
2012-09-18 20:59 - 2011-10-04 02:22 - 00015872 ____A (MCCI Corporation) C:\Windows\System32\Drivers\secuwhnt.sys
2012-09-18 20:59 - 2011-10-04 02:22 - 00015872 ____A (MCCI Corporation) C:\Windows\System32\Drivers\secuwh.sys
2012-09-18 20:59 - 2011-10-04 02:22 - 00013800 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadwhnt.sys
2012-09-18 20:59 - 2011-10-04 02:22 - 00013288 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadcmnt.sys
2012-09-18 20:58 - 2011-10-04 02:22 - 00172104 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdmdm.sys
2012-09-18 20:58 - 2011-10-04 02:22 - 00136264 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdbus.sys
2012-09-18 20:58 - 2011-10-04 02:22 - 00019016 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdmdfl.sys
2012-09-18 20:58 - 2011-10-04 02:22 - 00015944 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdwhnt.sys
2012-09-18 20:58 - 2011-10-04 02:22 - 00015432 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdcmnt.sys
2012-09-18 20:57 - 2012-09-18 20:57 - 24274952 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Nathan\Downloads\Verizon_Wireless_I535_GSIII_Samsung_USB_Driver_v1_4_6_0.exe
2012-09-18 20:48 - 2012-09-18 20:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-09-18 20:43 - 2012-09-18 20:43 - 00000000 ____D C:\Users\Nathan\.android
2012-09-18 20:36 - 2012-09-18 21:38 - 00000000 ____D C:\Users\Nathan\Downloads\SGS3
2012-09-18 11:53 - 2012-09-18 11:54 - 181631537 ____A C:\Users\Nathan\Downloads\SPH-D700-FC09-8Gb-REL.tar.md5.zip
2012-09-11 19:54 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-11 19:54 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-11 19:54 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-11 19:54 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-11 19:54 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-11 19:54 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-11 19:54 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-11 06:48 - 2012-09-11 06:48 - 00253045 ____A C:\Users\Nathan\Downloads\keylogger.zip
2012-09-10 13:18 - 2012-09-10 15:27 - 01934391 ____A C:\Users\Nathan\Downloads\Getdsltoo.rar
2012-09-08 22:03 - 2012-09-08 22:03 - 00023552 ____A C:\Users\Nathan\Downloads\Jupiter & Spaceway Test Addresses 090512.xls
2012-09-08 22:03 - 2012-09-08 22:03 - 00022528 ____A C:\Users\Nathan\Downloads\HNS Direct Sales Program_Product Information_Rev35.xls

==================== 3 Months Modified Files ==================

2012-10-03 22:07 - 2012-02-10 20:56 - 01416380 ____A C:\Windows\WindowsUpdate.log
2012-10-03 22:07 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-03 22:06 - 2009-07-13 20:51 - 00057470 ____A C:\Windows\setupact.log
2012-10-03 22:03 - 2012-10-03 22:03 - 01456405 ____A (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2012-10-03 22:02 - 2012-10-02 23:33 - 00000540 ____A C:\Users\Nathan\Desktop\Infected by something that redirect google searches.website
2012-10-03 21:15 - 2012-03-30 13:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-03 21:15 - 2012-02-10 21:55 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034066768-3734110686-1431788546-1000UA.job
2012-10-03 21:15 - 2009-07-13 20:45 - 00026576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-03 21:15 - 2009-07-13 20:45 - 00026576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-03 21:10 - 2012-02-10 22:48 - 00000266 ____A C:\Windows\Tasks\AutoKMS.job
2012-10-03 07:15 - 2012-02-10 21:55 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034066768-3734110686-1431788546-1000Core.job
2012-10-02 02:01 - 2012-02-10 22:52 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-01 21:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-25 19:48 - 2012-09-25 19:42 - 104857600 ____A C:\Users\Nathan\Downloads\100MB.test
2012-09-20 23:10 - 2012-09-20 23:10 - 12086624 ____A (EaseUS ) C:\Users\Nathan\Downloads\epm.exe
2012-09-20 01:53 - 2012-09-20 01:52 - 00294216 ____A C:\Users\Nathan\Downloads\gmer.zip
2012-09-20 01:50 - 2012-09-20 01:50 - 00302592 ____A C:\Users\Nathan\Downloads\ohec5lmg.exe
2012-09-20 01:48 - 2012-09-20 01:48 - 00607260 ____R (Swearware) C:\Users\Nathan\Downloads\dds.com
2012-09-20 01:47 - 2012-09-20 01:47 - 00050477 ____A C:\Users\Nathan\Downloads\Defogger.exe
2012-09-20 01:47 - 2012-09-20 01:47 - 00000544 ____A C:\Users\Nathan\Desktop\defogger_disable.log
2012-09-20 01:47 - 2012-09-20 01:47 - 00000168 ____A C:\Users\Nathan\defogger_reenable
2012-09-18 20:57 - 2012-09-18 20:57 - 24274952 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Nathan\Downloads\Verizon_Wireless_I535_GSIII_Samsung_USB_Driver_v1_4_6_0.exe
2012-09-18 20:48 - 2012-09-18 20:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-09-18 11:54 - 2012-09-18 11:53 - 181631537 ____A C:\Users\Nathan\Downloads\SPH-D700-FC09-8Gb-REL.tar.md5.zip
2012-09-11 06:48 - 2012-09-11 06:48 - 00253045 ____A C:\Users\Nathan\Downloads\keylogger.zip
2012-09-10 15:27 - 2012-09-10 13:18 - 01934391 ____A C:\Users\Nathan\Downloads\Getdsltoo.rar
2012-09-09 16:32 - 2012-03-30 13:37 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-09 16:32 - 2012-02-10 23:01 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-08 22:03 - 2012-09-08 22:03 - 00023552 ____A C:\Users\Nathan\Downloads\Jupiter & Spaceway Test Addresses 090512.xls
2012-09-08 22:03 - 2012-09-08 22:03 - 00022528 ____A C:\Users\Nathan\Downloads\HNS Direct Sales Program_Product Information_Rev35.xls
2012-08-30 23:43 - 2012-02-10 21:38 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-30 21:03 - 2012-08-30 21:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 21:03 - 2011-04-27 15:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-27 20:47 - 2012-08-27 20:47 - 01145344 ____A C:\Users\Nathan\Documents\NewBiz_End102272247_082712.xls
2012-08-26 11:18 - 2012-08-26 11:18 - 54790997 ____A C:\Users\Nathan\Downloads\3X15.psd
2012-08-24 03:15 - 2012-09-22 02:01 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-22 02:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-22 02:01 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-22 02:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-22 02:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-22 02:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-22 02:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-22 02:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-22 02:01 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-22 02:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-22 02:01 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-22 02:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-22 02:01 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-22 02:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-22 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-22 02:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-22 02:01 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-22 02:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-22 02:01 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-22 02:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 02:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-22 02:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-22 02:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-22 02:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 02:01 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-22 02:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-22 02:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-22 02:01 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 02:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-22 02:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-22 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 02:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-11 19:54 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-11 19:54 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-11 19:54 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-11 19:54 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 22:57 - 2012-08-21 22:56 - 00011107 ____A C:\Users\Nathan\Documents\yahoolocal.xlsx
2012-08-21 13:01 - 2012-09-25 23:40 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-21 10:33 - 2012-08-21 10:33 - 00000818 ____A C:\Users\Public\Desktop\PhonePower Softphone.lnk
2012-08-15 12:02 - 2012-08-07 12:23 - 12285440 ____A C:\Users\Nathan\Downloads\NewBiz.xls
2012-08-15 02:19 - 2009-07-13 20:45 - 04982008 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-11 13:49 - 2012-04-06 14:30 - 00000558 ____A C:\Users\Nathan\Desktop\Disney Coloring Book Pages Disney Character Printables Disney-Stationary.com.website
2012-08-08 22:20 - 2012-08-08 22:20 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Nathan\Downloads\mirc725.exe
2012-08-08 22:20 - 2012-08-08 22:20 - 00000955 ____A C:\Users\Public\Desktop\mIRC.lnk
2012-08-08 17:11 - 2012-08-08 17:11 - 00001434 ____A C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
2012-08-08 15:54 - 2012-08-08 15:54 - 00001078 ____A C:\Users\Public\Desktop\Astroburn Lite.lnk
2012-08-08 15:53 - 2012-08-08 15:53 - 00821248 ____A C:\Users\Nathan\Downloads\FreeISOBurner.exe
2012-08-08 15:51 - 2012-08-08 15:49 - 131072000 ____A C:\Users\Nathan\Downloads\clonezilla-live-20120620-precise.iso
2012-08-07 12:45 - 2012-08-07 12:45 - 00275968 ____A C:\Users\Nathan\Downloads\NewBiz1200.xls
2012-08-07 10:16 - 2012-08-07 10:16 - 19631251 ____A C:\Users\Nathan\Downloads\resale.xml
2012-08-04 01:28 - 2012-08-04 01:28 - 11180226 ____A C:\Users\Nathan\Downloads\samplepackenvelope.zip
2012-08-03 13:09 - 2010-11-20 19:47 - 00032044 ____A C:\Windows\PFRO.log
2012-08-02 14:06 - 2012-07-30 08:44 - 00000586 ____A C:\Users\Nathan\Desktop\Tan interior paint - Page 2 - Duramax Diesels Forum.website
2012-08-02 14:06 - 2012-07-27 18:39 - 00000501 ____A C:\Users\Nathan\Desktop\Touch up scratched dash - Diesel Place Chevrolet and GMC Diesel Truck Forums.website
2012-08-02 09:58 - 2012-09-11 19:54 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-11 19:54 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-01 23:15 - 2012-08-01 23:15 - 00045056 ____A C:\Users\Nathan\Downloads\ServiceBidder1.xls
2012-07-31 10:58 - 2012-07-31 10:58 - 00181760 ____A C:\Users\Nathan\Downloads\RealEstate1915735-1926216.xls
2012-07-31 10:29 - 2012-07-31 10:29 - 18181189 ____A C:\Users\Nathan\Downloads\Realestate (1)
2012-07-31 10:28 - 2012-07-31 10:28 - 18181189 ____A C:\Users\Nathan\Downloads\Realestate.xml
2012-07-31 10:22 - 2012-07-31 10:22 - 09583198 ____A C:\Users\Nathan\Downloads\RealEstate.csv
2012-07-30 15:10 - 2012-07-30 15:10 - 00573299 ____A C:\Users\Nathan\Downloads\4_25x6_psd.zip
2012-07-30 12:32 - 2012-07-30 12:32 - 01490656 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
2012-07-30 12:32 - 2012-07-30 12:32 - 00708168 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
2012-07-30 12:32 - 2012-07-30 12:32 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-07-30 12:32 - 2012-07-30 12:32 - 00102240 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-07-27 21:47 - 2012-07-27 21:47 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-07-27 21:47 - 2012-07-27 21:47 - 00075776 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-07-27 21:47 - 2012-07-27 21:47 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-07-27 21:47 - 2012-07-27 21:47 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-07-27 21:47 - 2012-07-27 21:47 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-07-27 21:46 - 2012-07-27 21:46 - 16464896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-07-27 21:46 - 2012-07-27 21:46 - 13013504 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-07-27 20:09 - 2012-07-27 19:59 - 138212750 ____A C:\Users\Nathan\Downloads\DNX_Ver1.5.0.zip
2012-07-27 20:09 - 2011-04-20 01:38 - 05538984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-07-27 20:07 - 2012-07-27 20:07 - 10278912 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-07-27 19:43 - 2012-07-27 19:43 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.982.dll
2012-07-27 19:19 - 2012-07-27 19:19 - 24935424 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-07-27 18:50 - 2012-07-27 18:50 - 20546560 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\System32\atiapfxx.blb
2012-07-27 18:15 - 2012-07-27 18:15 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-07-27 18:15 - 2011-04-20 02:09 - 00931328 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-07-27 18:13 - 2012-02-14 19:17 - 01100288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-07-27 18:10 - 2012-07-27 18:10 - 00534528 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-07-27 18:10 - 2012-02-14 19:13 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-07-27 18:09 - 2012-07-27 18:09 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-07-27 18:08 - 2012-07-27 18:08 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-07-27 18:08 - 2012-07-27 18:08 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 06430208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-07-27 17:51 - 2012-02-14 18:52 - 07052288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-07-27 17:41 - 2012-02-14 18:40 - 04266496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-07-27 17:39 - 2012-07-27 17:39 - 03150560 ____A C:\Windows\System32\atiumd6a.cap
2012-07-27 17:35 - 2012-07-27 17:35 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-07-27 17:34 - 2012-07-27 17:34 - 16034304 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-07-27 17:32 - 2011-04-20 01:30 - 04751872 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-07-27 17:30 - 2012-07-27 17:30 - 13605888 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-07-27 17:30 - 2012-07-27 17:30 - 03187136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-07-27 17:25 - 2012-02-14 18:25 - 06676480 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-07-27 17:15 - 2012-02-14 18:14 - 00540160 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-07-27 17:14 - 2012-07-27 17:14 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-07-27 17:14 - 2012-07-27 17:14 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-07-27 17:13 - 2012-07-27 17:13 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-07-27 17:13 - 2012-02-14 18:12 - 00103936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-07-27 17:13 - 2011-04-20 01:21 - 00129536 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-07-27 17:13 - 2011-04-20 01:21 - 00083456 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-07-27 17:12 - 2012-07-27 17:12 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-07-27 09:58 - 2012-07-27 09:58 - 00000431 ____A C:\Users\Nathan\Desktop\LLY 2004.5 Driveline shake with videos, carrier bearing - Diesel Place Chevrolet and GMC Diesel Truck Forums.website
2012-07-27 09:57 - 2012-07-27 09:57 - 00000120 ____A C:\Users\Nathan\Desktop\Touch up scratches on tan dash - Chevy and GMC Duramax Diesel Forum.url
2012-07-26 08:11 - 2012-07-26 08:11 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-07-25 12:00 - 2012-07-25 12:00 - 02743808 ____A C:\Users\Nathan\Downloads\DistDealerTraining.ppt
2012-07-24 21:15 - 2012-07-24 21:15 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-24 15:33 - 2012-07-24 15:33 - 00035328 ____A C:\Users\Nathan\Downloads\EastRiverside.xls
2012-07-24 15:32 - 2012-07-24 15:32 - 00035328 ____A C:\Users\Nathan\Documents\EastRiverside.xls
2012-07-24 15:17 - 2012-07-24 15:17 - 02604798 ____A C:\Users\Nathan\Downloads\zip-codes-database-STANDARD-xls.zip
2012-07-18 23:39 - 2012-07-18 16:21 - 00028672 ____A C:\Users\Nathan\Documents\Sch-time-sheet.xls
2012-07-18 10:15 - 2012-08-14 12:09 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 01:33 - 2012-07-16 01:33 - 00038557 ____A C:\Windows\atiogl.xml
2012-07-14 17:30 - 2012-07-14 17:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2034066768-3734110686-1431788546-1000\$224ef758288f0875edb1e48210849997

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-02 02:00:55

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8189.52 MB
Available physical RAM: 7348.82 MB
Total Pagefile: 8187.71 MB
Available Pagefile: 7347.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:119.14 GB) (Free:4.65 GB) NTFS
2 Drive d: (Videos3) (Fixed) (Total:2794.39 GB) (Free:1745.66 GB) NTFS
3 Drive e: (Videos2) (Fixed) (Total:1863.01 GB) (Free:51.41 GB) NTFS
4 Drive f: (Data-Music-Pictures) (Fixed) (Total:1863.01 GB) (Free:269.57 GB) NTFS
5 Drive g: (Videos1) (Fixed) (Total:1863.01 GB) (Free:152.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive k: () (Removable) (Total:0.17 GB) (Free:0.17 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 119 GB 0 B
Disk 1 Online 2794 GB 0 B *
Disk 2 Online 1863 GB 0 B
Disk 3 Online 1863 GB 0 B
Disk 4 Online 1863 GB 0 B
Disk 5 Online 3824 MB 16 MB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 119 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 119 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Reserved 128 MB 17 KB
Partition 2 Primary 2794 GB 129 MB

==================================================================================

Disk: 1
Partition 1
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0000000000000000

There is no volume associated with this partition.

=========================================================

Disk: 1
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Videos3 NTFS Partition 2794 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E Videos2 NTFS Partition 1863 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F Data-Music- NTFS Partition 1863 GB Healthy

=========================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 4
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 G Videos1 NTFS Partition 1863 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 179 MB 1024 KB
Partition 0 Primary 3628 MB 180 MB

==================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K FAT32 Removable 179 MB Healthy

=========================================================

Last Boot: 2012-09-29 13:59

==================== End Of Log =============================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:47 PM

Posted 04 October 2012 - 09:00 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\$Recycle.Bin\S-1-5-21-2034066768-3734110686-1431788546-1000\$224ef758288f0875edb1e48210849997
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 nathan909

nathan909
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 05 October 2012 - 01:14 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2012 01
Ran by SYSTEM at 2012-10-04 22:24:15 Run:1
Running from K:\

==============================================

C:\$Recycle.Bin\S-1-5-21-2034066768-3734110686-1431788546-1000\$224ef758288f0875edb1e48210849997 moved successfully.

==== End of Fixlog ====

ComboFix 12-10-04.02 - Nathan 10/04/2012 23:06:52.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.6067 [GMT -7:00]
Running from: c:\users\Nathan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nathan\AppData\Local\assembly\tmp
c:\users\Nathan\AppData\Roaming\e189709475.prf
c:\users\Nathan\Documents\~WRL1836.tmp
c:\users\Nathan\Documents\~WRL2491.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 06:10 . 2012-10-05 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 05:43 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3AC8BA89-3651-4DAE-84B1-DD03DFB79973}\mpengine.dll
2012-10-04 07:14 . 2012-10-04 07:14 -------- d-----w- C:\FRST
2012-10-03 10:13 . 2012-10-03 10:13 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5ED5D0D7-5822-49B1-8063-C461F4BE0A90}\gapaengine.dll
2012-10-03 10:13 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-30 17:03 . 2012-09-30 17:03 -------- d-----w- c:\programdata\ATI
2012-09-30 17:02 . 2012-09-30 17:02 -------- d-----w- c:\program files (x86)\AMD APP
2012-09-26 07:40 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 10:00 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-19 05:39 . 2012-09-19 05:39 -------- d-----w- c:\users\Nathan\AppData\Local\{5264640F-021C-11E2-8271-B8AC6F996F26}
2012-09-19 05:38 . 2012-09-19 05:43 -------- d-----w- c:\users\Nathan\AppData\Roaming\hellomoto
2012-09-19 04:59 . 2011-10-04 10:22 15872 ----a-w- c:\windows\system32\drivers\secuwhnt.sys
2012-09-19 04:59 . 2011-10-04 10:22 15872 ----a-w- c:\windows\system32\drivers\secuwh.sys
2012-09-19 04:59 . 2011-10-04 10:22 118784 ----a-w- c:\windows\system32\drivers\secubus.sys
2012-09-19 04:59 . 2011-10-04 10:22 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-09-19 04:59 . 2011-10-04 10:22 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-09-19 04:59 . 2011-10-04 10:22 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-09-19 04:59 . 2011-10-04 10:22 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-09-19 04:59 . 2011-10-04 10:22 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-09-19 04:58 . 2011-10-04 10:22 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-09-19 04:58 . 2011-10-04 10:22 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-09-19 04:58 . 2011-10-04 10:22 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-09-19 04:58 . 2011-10-04 10:22 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-09-19 04:58 . 2011-10-04 10:22 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-09-19 04:43 . 2012-09-19 04:43 -------- d-----w- c:\users\Nathan\.android
2012-09-12 03:54 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 03:54 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:54 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 03:54 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 03:54 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 03:54 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 03:54 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 00:32 . 2012-03-30 21:37 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-10 00:32 . 2012-02-11 07:01 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 07:43 . 2012-02-11 05:38 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 05:03 . 2011-04-27 23:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-07-30 20:32 . 2012-07-30 20:32 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-07-30 20:32 . 2012-07-30 20:32 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-30 20:32 . 2012-07-30 20:32 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-07-30 20:32 . 2012-07-30 20:32 102240 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-07-28 05:47 . 2012-07-28 05:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 05:47 . 2012-07-28 05:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-28 05:47 . 2012-07-28 05:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-28 05:47 . 2012-07-28 05:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-28 05:47 . 2012-07-28 05:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-28 05:46 . 2012-07-28 05:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-28 05:46 . 2012-07-28 05:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-28 04:09 . 2011-04-20 09:38 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-04-20 10:09 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2012-02-15 03:17 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2012-02-15 02:52 7052288 ----a-w- c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-02-15 02:40 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2011-04-20 09:30 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-02-15 02:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-02-15 02:14 540160 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-04-20 09:21 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-02-15 02:12 103936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2011-04-20 09:21 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-07-26 16:11 . 2012-07-26 16:11 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-18 18:15 . 2012-08-14 20:09 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"googletalk"="c:\users\Nathan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Spotify Web Helper"="c:\users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-20 1193176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"PhonePower"="c:\program files (x86)\PhonePower\PhonePower.exe" [2012-02-15 7506944]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-09-10 109336]
"Spotify"="c:\users\Nathan\AppData\Roaming\Spotify\spotify.exe" [2012-08-20 5576408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-01-10 2215768]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nathan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-6-5 5982040]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-6-5 1176464]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-6-5 1181584]
Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 250568]
R3 ALSysIO;ALSysIO;c:\users\Nathan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 secubus;Samsung Mobile USB Modem driver (WDM);c:\windows\system32\DRIVERS\secubus.sys [2011-10-04 118784]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-04 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-04 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-04 177640]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-12-19 117040]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-11 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-26 283200]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-01-10 1248256]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-06-30 411136]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:32]
.
2012-10-05 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-02-11 06:48]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034066768-3734110686-1431788546-1000Core.job
- c:\users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 05:55]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034066768-3734110686-1431788546-1000UA.job
- c:\users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 05:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Plantronics Morini Local Server"="c:\program files\Plantronics\Morini\MoriniLocalServer.exe" [2011-11-06 133632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: baygenie.com\online
TCP: DhcpNameServer = 192.168.1.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} - hxxp://192.168.1.111/EDVR.CAB
FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mxw1hmmw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-04 23:12:21
ComboFix-quarantined-files.txt 2012-10-05 06:12
.
Pre-Run: 5,631,336,448 bytes free
Post-Run: 6,658,793,472 bytes free
.
- - End Of File - - E4F21D29529E809601956E8880043AA0

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:47 PM

Posted 05 October 2012 - 09:16 AM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:47 PM

Posted 09 October 2012 - 09:09 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users