Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ad-yieldmanager, java script, ilivid pop ups and redirecting


  • This topic is locked This topic is locked
2 replies to this topic

#1 rotoole13

rotoole13

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 08 October 2012 - 09:58 PM

Hello,

Have been getting adyieldmanager java and ilivid pop ups across multiple browsers. Below is logfile from Combofix. Any help appreciated.

ComboFix 12-10-08.03 - ryan.otoole 10/08/2012 16:01:43.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.1852 [GMT -5:00]
Running from: c:\users\ryan.otoole\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ryan.otoole\AppData\Local\assembly\tmp
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\_ctypes.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\_elementtree.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\_hashlib.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\_socket.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\_ssl.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\pyexpat.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\pysqlite2._sqlite.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\python26.dll
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\pythoncom26.dll
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\pywintypes26.dll
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\select.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\unicodedata.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\win32api.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\win32com.shell.shell.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\win32crypt.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\win32event.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\win32file.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\win32inet.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\win32pdh.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\win32process.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\win32security.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\windows._cacheinvalidation.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wx._controls_.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wx._core_.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wx._gdi_.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wx._html2.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wx._misc_.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wx._windows_.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wx._wizard.pyd
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wxbase293u_net_vc.dll
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wxbase293u_vc.dll
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wxmsw293u_adv_vc.dll
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wxmsw293u_core_vc.dll
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wxmsw293u_html_vc.dll
c:\users\ryan.otoole\AppData\Local\Temp\_MEI54242\wxmsw293u_webview_vc.dll
c:\users\ryan.otoole\g2mdlhlpx.exe
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\_ctypes.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\_elementtree.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\_hashlib.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\_socket.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\_ssl.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\pyexpat.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\pysqlite2._sqlite.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\python26.dll
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\pythoncom26.dll
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\pywintypes26.dll
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\select.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\unicodedata.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\win32api.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\win32com.shell.shell.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\win32crypt.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\win32event.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\win32file.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\win32inet.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\win32pdh.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\win32process.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\win32security.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\windows._cacheinvalidation.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wx._controls_.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wx._core_.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wx._gdi_.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wx._html2.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wx._misc_.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wx._windows_.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wx._wizard.pyd
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wxbase293u_net_vc.dll
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wxbase293u_vc.dll
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wxmsw293u_adv_vc.dll
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wxmsw293u_core_vc.dll
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wxmsw293u_html_vc.dll
c:\users\RYAN~1.OTO\AppData\Local\Temp\_MEI54242\wxmsw293u_webview_vc.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\install.exe
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 21:24 . 2012-10-08 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-08 21:24 . 2012-10-08 21:24 -------- d-----w- c:\users\bcadmin\AppData\Local\temp
2012-10-08 16:39 . 2012-10-08 16:40 -------- d-----w- c:\windows\system32\%drive%
2012-10-08 16:39 . 2012-10-08 16:39 -------- d-----w- c:\programdata\LabTech
2012-10-08 16:39 . 2012-10-08 21:30 -------- d-----w- c:\windows\LTSvc
2012-10-08 14:34 . 2012-10-08 14:34 -------- d-----w- c:\users\ryan.otoole\AppData\Roaming\Malwarebytes
2012-10-08 14:34 . 2012-10-08 14:34 -------- d-----w- c:\programdata\Malwarebytes
2012-10-08 14:34 . 2012-10-08 14:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-08 14:34 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-04 17:48 . 2012-10-04 17:48 -------- d-----w- c:\users\ryan.otoole\AppData\Local\CrashDumps
2012-10-04 06:22 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-04 06:22 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-10-04 06:22 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-04 06:22 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-04 06:22 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-04 06:22 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-03 15:04 . 2012-10-03 15:04 -------- d-----w- c:\windows\system32\SPReview
2012-10-03 15:03 . 2012-10-03 15:03 -------- d-----w- c:\windows\system32\EventProviders
2012-10-03 14:44 . 2012-10-03 14:44 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-10-03 14:44 . 2012-10-03 14:44 -------- d-----w- c:\program files\Symantec
2012-10-03 14:44 . 2012-10-03 14:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-10-03 14:44 . 2012-10-03 14:44 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-10-03 14:35 . 2012-10-03 14:35 -------- d-----w- c:\windows\SysWow64\drivers\Symantec.cloud
2012-10-03 14:22 . 2012-10-03 14:22 -------- d-----w- c:\windows\system32\drivers\NSTx64
2012-10-03 14:22 . 2012-10-03 14:22 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2012-10-03 13:05 . 2012-10-03 15:16 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-10-03 12:53 . 2012-10-03 14:46 -------- d-----w- c:\programdata\Norton
2012-10-03 12:52 . 2012-10-03 14:48 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-10-03 12:26 . 2012-10-08 21:48 -------- d-----w- c:\programdata\Symantec.Cloud
2012-10-03 12:26 . 2012-10-03 12:26 -------- d-----w- c:\programdata\Symantec Hosted Services
2012-09-12 17:13 . 2012-09-12 17:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-09-12 13:30 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:30 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 16:31 . 2012-09-11 16:31 -------- d-----w- c:\users\ryan.otoole\LapNet
2012-09-10 14:36 . 2012-09-12 13:12 -------- d-----w- c:\users\ryan.otoole\AppData\Roaming\Nico Mak Computing
2012-09-10 14:36 . 2011-11-10 15:33 18760 ----a-w- c:\windows\system32\roboot64.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 15:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-10-03 15:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-21 02:07 . 2012-05-02 15:48 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 02:07 . 2011-07-09 18:15 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 18:57 . 2012-08-31 18:57 167072 ----a-r- c:\windows\SysWow64\drivers\Symantec.cloud\ccSetx64.sys
2012-08-31 05:43 . 2010-10-04 21:06 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 18:15 . 2012-08-15 13:37 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\users\ryan.otoole\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\users\ryan.otoole\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\users\ryan.otoole\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\users\ryan.otoole\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-20 39408]
"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
"GoogleChromeAutoLaunch_5AB893E2B19521E7B40EC75132BB9A1C"="c:\users\ryan.otoole\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-09-25 1239064]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-25 111640]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-05-06 1124712]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CardScanAgent"="c:\program files (x86)\CardScan\CardScan\CardScanAgent.exe" [2008-08-28 152824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
.
c:\users\ryan.otoole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ryan.otoole\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-1-17 113664]
BCG Macros v3.ppa [2012-6-20 2285056]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-8-21 50688]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2012-10-8 1282920]
Salesforce for Outlook.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20 136176]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-05-06 164200]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20 136176]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys [2007-07-16 23064]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.SYS [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-20 22528]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCDSRVC{127174DC-C366ED8B-06020000}_0;PCDSRVC{127174DC-C366ED8B-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-05-07 24560]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-08-21 31152]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 symrg;symrg;c:\windows\system32\DRIVERS\symrg.sys [2011-08-03 21624]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-04 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 Zoho Assist;Zoho Assist;c:\users\ryan.otoole\Documents\ZohoMeeting\ZohoMeeting.exe [x]
R4 5uscbat;5uscbat; [x]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2010-05-06 30320]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1401000.018\SYMDS64.SYS [2012-07-28 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1401000.018\SYMEFA64.SYS [2012-08-08 1132192]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-14 1385120]
S1 ccSet_Cloud;CC Standalone Settings Manager;c:\windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys [2012-08-31 167072]
S1 ccSet_NIS;Endpoint Protection.cloud Settings Manager;c:\windows\system32\drivers\NISx64\1401000.018\ccSetx64.sys [2012-08-07 168096]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DC06030.002\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20121005.003\IDSvia64.sys [2012-10-02 513184]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1401000.018\Ironx64.SYS [2012-07-28 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1401000.018\SYMNETS.SYS [2012-07-23 432800]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-05 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-06-08 15928]
S2 LTService;arielMIS Monitoring Service;c:\windows\LTSvc\LTSVC.exe [2012-10-08 12548608]
S2 LTSvcMon;arielMIS Monitoring Service CheckUp Util;c:\windows\LTsvc\LTSvcMon.exe [2012-10-08 96768]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe [2012-03-27 138232]
S2 NIS;Endpoint Protection.cloud;c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.1.0.24\ccSvcHst.exe [2012-08-19 143928]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 SsPaAdm;Symantec.cloud Cloud Agent x64;c:\program files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [2012-08-31 191856]
S2 ssPaSetMgr;Symantec.cloud Scheduler;c:\program files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe [2012-08-31 138272]
S2 ssSpnAv;Symantec.cloud Endpoint Protection;c:\program files\Symantec.cloud\AntiVirus\AVAgent.exe [2012-09-28 409040]
S2 SymcBackupAgentSvc;Symantec Backup Exec.cloud;c:\program files\Symantec.cloud\BackupAgent\basvc.exe [2012-09-12 7980952]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-25 2320920]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-15 163072]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-12-10 294064]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-03 138912]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-26 244736]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-06 75112]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 02:07]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20 12:50]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20 12:50]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1244374245-440373185-1987438267-1000Core.job
- c:\users\ryan.otoole\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 05:02]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1244374245-440373185-1987438267-1000UA.job
- c:\users\ryan.otoole\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 05:02]
.
2012-09-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-09-08 22:15]
.
2012-10-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 22:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ------w- c:\users\ryan.otoole\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ------w- c:\users\ryan.otoole\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ------w- c:\users\ryan.otoole\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ------w- c:\users\ryan.otoole\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 20:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 20:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 20:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 20:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TpShocks"="TpShocks.exe" [2009-12-11 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-17 307768]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-08 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-08 410136]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-23 3700736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928]
"SymantecPaui"="c:\program files\Symantec.cloud\PlatformAgent\PAUI.exe" [2012-08-31 2631120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\ryan.otoole\AppData\Roaming\Mozilla\Firefox\Profiles\7fku2tq4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\ryan.otoole\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-KAARLMSN78423268810828
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2012.6.3.2\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.1.0.24\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.1.0.24\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
.
**************************************************************************
.
Completion time: 2012-10-08 17:26:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-08 22:26
.
Pre-Run: 39,242,518,528 bytes free
Post-Run: 38,862,663,680 bytes free
.
- - End Of File - - 3A60E9F7C363CADCA790EB338725032B

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 09 October 2012 - 09:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Click the Posted Image button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 15 October 2012 - 10:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users