Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

57% physical memory usage at idle, no cpu usage.


  • This topic is locked This topic is locked
12 replies to this topic

#1 mrbun

mrbun

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 18 November 2012 - 06:43 PM

okay. I'm running a windows 7 64 machine with an Intel Core i5 650@3.2GHz 4 gigs of memory, ACPI x64, NVIDIA GeForce GTS 250...
ASnd the thing is my rig is sucking up 50-60% physical memory, doing nothing. I've turned off as many services as i can that I don't need, I've run MBAM and MBAR and MSRT and avast! and AVG scans to find nothing. I've changed from Zone Alarm and Avast!, to Comodo and AVG.

I still can't find this thing. I need help. I got Hijack this, and then I realized I don't even know what I'm looking at. 26 instances of missing or lost files. And now it looks like there's a new drive (E) on my rig that I didn't put there with 99mb of space on it...

Sooo. What should I do? I can usually stumble my way through this kind of thing, but I'm at a loss. OH! an instance of svchost.exe is currently at 175,812k and I just restarted. I dunno what that means.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 18 November 2012 - 10:15 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mrbun

mrbun
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 19 November 2012 - 03:24 AM

Okay. I've done what's been asked of me. Here they are.

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by SYSTEM at 19-11-2012 00:16:04
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [ISW] [x]
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9577680 2012-11-07] (COMODO)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-18] ()
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [1020512 2012-11-18] ()
HKLM-x32\...\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [213304 2011-11-23] (COMODO)
HKLM-x32\...\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [184120 2011-11-23] (COMODO)
HKU\jtingdahl\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\jtingdahl\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-04] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{312DD4CA-D5AE-4877-8A4B-5D63CDB332CB}: [NameServer]8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{AF653733-E7A4-4776-A866-DA910BE05170}: [NameServer]8.26.56.26,156.154.70.22
IMEO\clpsla.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\dragon.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\hirezgamesdiagandsupport.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\overwolflauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\owuninstaller.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\jtingdahl\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1267000 2011-11-23] (COMODO)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2828408 2012-11-07] (COMODO)
4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-11-15] ()
4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe [17848 2012-02-07] (Overwolf Ltd)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-15] ()
2 RalinkRegistryWriter; "C:\Program Files (x86)\Ralink\Common\RaRegistry.exe" [372736 2011-11-14] (Ralink Technology, Corp.)
2 RalinkRegistryWriter64; "C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe" [447488 2011-11-14] (Ralink Technology, Corp.)
3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [2148216 2012-08-23] (AVG)
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-18] ()
4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [x]

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-18] (AVG Technologies)
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [584056 2012-11-07] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [38144 2012-11-07] (COMODO)
1 inspect; C:\Windows\System32\Drivers\inspect.sys [94288 2012-11-07] (COMODO)
3 Lycosa; C:\Windows\System32\Drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 dump_wmimmc; \??\F:\Gaems\Heroes In the Sky\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-18 19:55 - 2012-11-18 19:55 - 01461037 ____A (Farbar) C:\Users\jtingdahl\Downloads\FRST64.exe
2012-11-18 17:30 - 2012-11-18 17:31 - 00000000 ____D C:\Users\jtingdahl\Downloads\Puscifer
2012-11-18 17:29 - 2012-11-18 17:29 - 00000000 ____D C:\Users\jtingdahl\Downloads\Puscifer - C is for (Please Insert Sophomoric Genitalia Reference HERE)
2012-11-18 17:28 - 2012-11-18 17:28 - 00000000 ____D C:\Users\jtingdahl\Downloads\(2011) Puscifer - Conditions of My Parole
2012-11-18 16:33 - 2012-11-18 16:33 - 00084439 ____A C:\Users\jtingdahl\Desktop\bookmarks_11_18_12.html
2012-11-18 16:07 - 2012-11-18 16:10 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\USTechSupport
2012-11-18 16:05 - 2012-11-18 16:05 - 00001252 ____A C:\Users\Public\Desktop\Live PC Help.lnk
2012-11-18 16:04 - 2012-11-18 16:13 - 00000000 ____D C:\Users\All Users\USTechSupport
2012-11-18 16:04 - 2012-11-18 16:04 - 02206360 ____A (US Tech Support LLC) C:\Users\jtingdahl\Downloads\MyCleanPC.exe
2012-11-18 15:16 - 2012-11-18 15:24 - 00000000 ____D C:\Users\jtingdahl\Desktop\mbar
2012-11-18 15:15 - 2012-11-18 15:15 - 12961620 ____A C:\Users\jtingdahl\Downloads\mbar-1.01.0.1009.zip
2012-11-18 14:48 - 2012-11-18 14:48 - 00000000 ____D C:\Users\jtingdahl\Desktop\backups
2012-11-18 14:12 - 2012-11-18 19:56 - 00000280 ____A C:\Windows\setupact.log
2012-11-18 14:12 - 2012-11-18 14:12 - 00000000 ____A C:\Windows\setuperr.log
2012-11-18 09:12 - 2012-11-18 17:14 - 00054024 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2012-11-18 09:12 - 2012-11-18 17:14 - 00045832 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2012-11-18 09:12 - 2012-11-18 10:31 - 00000000 ____D C:\Users\All Users\Comodo
2012-11-18 09:12 - 2012-11-18 09:12 - 00001120 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
2012-11-18 09:12 - 2012-11-18 09:12 - 00001045 ____A C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Users\jtingdahl\AppData\Local\Comodo
2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Program Files\COMODO
2012-11-18 09:05 - 2012-11-18 09:05 - 00000460 ____A C:\Windows\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2012-11-18 09:04 - 2012-11-18 09:04 - 00000000 ____D C:\Users\All Users\CPA_VA
2012-11-18 08:53 - 2012-11-18 08:53 - 00000000 ____D C:\Users\Public\Documents\COMODO
2012-11-18 08:46 - 2012-08-23 11:31 - 00035192 ____A (AVG) C:\Windows\System32\TURegOpt.exe
2012-11-18 08:46 - 2012-08-23 11:31 - 00026488 ____A (AVG) C:\Windows\System32\authuitu.dll
2012-11-18 08:46 - 2012-08-23 11:31 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
2012-11-18 08:45 - 2012-11-18 08:45 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\AVG
2012-11-18 08:44 - 2012-11-18 08:46 - 00000000 ____D C:\Users\All Users\AVG
2012-11-18 08:44 - 2012-11-18 08:44 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-18 08:43 - 2012-11-18 08:43 - 58674136 ____A (AVG) C:\Users\jtingdahl\Downloads\avg_tuh_stf_all_2013_2_24c28.exe
2012-11-18 07:55 - 2012-11-18 09:12 - 00001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-11-18 07:54 - 2012-11-18 14:42 - 00000000 ____D C:\Program Files (x86)\Comodo
2012-11-18 07:53 - 2012-11-18 07:53 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-11-18 07:53 - 2012-11-18 07:53 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-11-18 07:53 - 2012-11-18 07:53 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-11-18 07:36 - 2012-11-18 07:36 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\AVG2013
2012-11-18 07:36 - 2012-11-18 07:36 - 00000000 ____D C:\Users\jtingdahl\AppData\Local\AVG Secure Search
2012-11-18 07:35 - 2012-11-18 07:35 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-11-18 07:35 - 2012-11-18 07:35 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\TuneUp Software
2012-11-18 07:35 - 2012-11-18 07:35 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-18 07:35 - 2012-11-18 07:34 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-18 07:34 - 2012-11-18 07:35 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-11-18 07:33 - 2012-11-18 07:36 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-18 07:31 - 2012-11-18 08:45 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-18 07:30 - 2012-11-18 07:32 - 98142048 ____A (COMODO) C:\Users\jtingdahl\Downloads\cfw_installer.exe
2012-11-18 07:29 - 2012-11-18 17:32 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-18 07:29 - 2012-11-18 07:41 - 00000000 ____D C:\Users\jtingdahl\AppData\Local\Avg2013
2012-11-18 07:29 - 2012-11-18 07:29 - 00000000 ____D C:\Users\jtingdahl\AppData\Local\MFAData
2012-11-18 07:28 - 2012-11-18 07:28 - 04424392 ____A (AVG Technologies) C:\Users\jtingdahl\Downloads\avg_free_stb_all_2013_2793_cnet.exe
2012-11-18 07:13 - 2012-11-18 07:14 - 00003515 ____A C:\AdwCleaner[S1].txt
2012-11-18 07:13 - 2012-11-18 07:13 - 00003776 ____A C:\AdwCleaner[R1].txt
2012-11-18 06:54 - 2012-11-18 07:04 - 00000000 ____D C:\Users\All Users\Symantec
2012-11-18 06:52 - 2012-11-18 07:05 - 00000000 ____D C:\Users\All Users\Norton
2012-11-18 06:50 - 2012-11-18 06:50 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2012-11-18 06:50 - 2012-11-18 06:50 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2012-11-18 06:49 - 2012-11-18 06:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-18 04:03 - 2012-11-18 04:03 - 00000274 ____A C:\Users\Public\Documents\neople_uninstaller0.bat
2012-11-18 03:05 - 2012-10-02 11:50 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-11-17 22:41 - 2012-11-17 22:56 - 36648978 ____A C:\Users\jtingdahl\Downloads\SketchBook_Copic_Edition_win_1.1.2.zip
2012-11-15 03:06 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-15 03:06 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-15 03:06 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-15 03:06 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-15 03:01 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 03:01 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 03:01 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 03:01 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 03:01 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 03:01 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 03:01 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 03:01 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 19:43 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 19:43 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 19:43 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 19:43 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 19:43 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 19:43 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 19:43 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 19:43 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 19:43 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 19:43 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 19:43 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 19:43 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 19:43 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 19:43 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 19:43 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 19:43 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 19:43 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-14 19:42 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 19:42 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-07 23:38 - 2012-11-07 23:38 - 00584056 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys
2012-11-07 23:38 - 2012-11-07 23:38 - 00094288 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys
2012-11-07 23:38 - 2012-11-07 23:38 - 00038144 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys
2012-11-07 23:37 - 2012-11-07 23:37 - 00390392 ____A (COMODO) C:\Windows\System32\guard64.dll
2012-11-07 23:37 - 2012-11-07 23:37 - 00301264 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll
2012-11-07 23:37 - 2012-11-07 23:37 - 00041240 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
2012-11-07 23:37 - 2012-11-07 23:37 - 00022736 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys
2012-11-07 17:44 - 2012-11-07 17:44 - 00000000 ____D C:\Users\jtingdahl\Desktop\N7Day Social
2012-11-07 17:43 - 2012-11-07 17:44 - 36256046 ____A C:\Users\jtingdahl\Downloads\N7Day_Fan_Kit.zip
2012-11-05 12:59 - 2012-11-05 13:07 - 64944439 ____A C:\Users\jtingdahl\Downloads\fzm-wrinkled.paper.textures.zip
2012-11-05 12:59 - 2012-11-05 13:03 - 34876412 ____A C:\Users\jtingdahl\Downloads\fzm-Rough-Edge-Old-Paper-Textures.zip
2012-11-05 12:58 - 2012-11-05 13:07 - 65050138 ____A C:\Users\jtingdahl\Downloads\fzm-Old-Paper-Textures.zip
2012-11-04 04:28 - 2012-11-04 04:28 - 00004454 ____A C:\Windows\SysWOW64\jupdate-1.6.0_37-b06.log
2012-11-04 04:28 - 2012-09-24 15:23 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-11-04 04:28 - 2012-09-24 15:23 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-11-04 04:28 - 2012-09-24 15:23 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-11-02 22:36 - 2012-11-02 22:36 - 00352945 ____A C:\Users\jtingdahl\Downloads\Cassie Alexander - Nightshifted (v5).epub
2012-11-01 19:06 - 2012-11-01 19:08 - 00000000 ____D C:\Users\jtingdahl\Downloads\La Roux - La Roux (2009) KompletlyWyred DHZ Inc Release
2012-11-01 19:06 - 2012-11-01 19:06 - 00000000 ____D C:\Users\jtingdahl\Downloads\Lily Allen - It's Not Me It's You [mp3-320-2009]
2012-10-31 15:30 - 2012-10-31 15:30 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-10-31 15:30 - 2012-10-31 15:30 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-10-31 15:29 - 2012-10-31 15:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-10-31 15:29 - 2012-10-31 15:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-10-26 21:15 - 2012-10-26 21:15 - 00388608 ____A (Trend Micro Inc.) C:\Users\jtingdahl\Desktop\HijackThis.exe
2012-10-26 21:08 - 2012-10-26 21:08 - 00828392 ____A (Microsoft Corporation) C:\Users\jtingdahl\Desktop\mssstool64.exe
2012-10-26 20:54 - 2012-10-26 20:54 - 17667616 ____A (Microsoft Corporation) C:\Users\jtingdahl\Desktop\Windows-KB890830-x64-V4.13.exe
2012-10-26 20:51 - 2012-09-27 23:32 - 62968832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-10-26 20:46 - 2012-10-26 20:47 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\jtingdahl\Downloads\rkill.com
2012-10-26 20:40 - 2012-10-26 20:40 - 00027980 ____A C:\ComboFix.txt
2012-10-26 20:25 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-26 20:25 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-26 20:25 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-26 20:25 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-26 20:25 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-26 20:25 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-26 20:25 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-26 20:25 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-26 20:23 - 2012-10-26 20:40 - 00000000 ____D C:\Qoobox
2012-10-26 20:23 - 2012-10-26 20:39 - 00000000 ____D C:\Windows\erdnt
2012-10-26 20:17 - 2012-10-26 20:18 - 02194704 ____A C:\Users\jtingdahl\Downloads\tdsskiller.zip
2012-10-26 17:52 - 2012-10-26 17:54 - 00008704 __ASH C:\Users\jtingdahl\AppData\Roaming\Thumbs.db
2012-10-26 17:35 - 2012-11-18 14:38 - 00007620 ____A C:\Users\jtingdahl\AppData\Local\Resmon.ResmonCfg
2012-10-26 17:27 - 2012-10-26 17:27 - 01149822 ____A C:\Users\jtingdahl\Downloads\ProcessExplorer.zip
2012-10-26 17:27 - 2012-10-02 13:03 - 02712200 ____A (Sysinternals - www.sysinternals.com) C:\Users\jtingdahl\Desktop\procexp.exe
2012-10-23 12:31 - 2012-10-23 12:31 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\PeerNetworking
2012-10-22 13:02 - 2012-10-22 13:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-10-21 07:54 - 2012-10-21 07:54 - 00000000 ____D C:\Users\All Users\McAfee


==================== One Month Modified Files and Folders =======

2012-11-19 00:11 - 2012-11-19 00:11 - 00000000 ____D C:\FRST
2012-11-18 23:48 - 2012-01-04 02:54 - 01460412 ____A C:\Windows\WindowsUpdate.log
2012-11-18 23:44 - 2012-01-04 03:16 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2442402792-3607605124-1952504433-1000UA.job
2012-11-18 23:36 - 2012-01-08 08:21 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\Dropbox
2012-11-18 23:05 - 2012-09-25 02:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-18 19:58 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-18 19:56 - 2012-11-18 14:12 - 00000280 ____A C:\Windows\setupact.log
2012-11-18 19:55 - 2012-11-18 19:55 - 01461037 ____A (Farbar) C:\Users\jtingdahl\Downloads\FRST64.exe
2012-11-18 17:36 - 2012-01-11 03:11 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\uTorrent
2012-11-18 17:32 - 2012-11-18 07:29 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-18 17:31 - 2012-11-18 17:30 - 00000000 ____D C:\Users\jtingdahl\Downloads\Puscifer
2012-11-18 17:29 - 2012-11-18 17:29 - 00000000 ____D C:\Users\jtingdahl\Downloads\Puscifer - C is for (Please Insert Sophomoric Genitalia Reference HERE)
2012-11-18 17:28 - 2012-11-18 17:28 - 00000000 ____D C:\Users\jtingdahl\Downloads\(2011) Puscifer - Conditions of My Parole
2012-11-18 17:26 - 2009-07-13 20:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-18 17:26 - 2009-07-13 20:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-18 17:21 - 2012-01-04 04:13 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\Skype
2012-11-18 17:19 - 2012-01-08 08:28 - 00000000 ___RD C:\Users\jtingdahl\Dropbox
2012-11-18 17:19 - 2012-01-04 03:36 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-11-18 17:19 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-18 17:14 - 2012-11-18 09:12 - 00054024 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2012-11-18 17:14 - 2012-11-18 09:12 - 00045832 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2012-11-18 17:13 - 2012-01-28 04:00 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-18 16:33 - 2012-11-18 16:33 - 00084439 ____A C:\Users\jtingdahl\Desktop\bookmarks_11_18_12.html
2012-11-18 16:13 - 2012-11-18 16:04 - 00000000 ____D C:\Users\All Users\USTechSupport
2012-11-18 16:10 - 2012-11-18 16:07 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\USTechSupport
2012-11-18 16:05 - 2012-11-18 16:05 - 00001252 ____A C:\Users\Public\Desktop\Live PC Help.lnk
2012-11-18 16:04 - 2012-11-18 16:04 - 02206360 ____A (US Tech Support LLC) C:\Users\jtingdahl\Downloads\MyCleanPC.exe
2012-11-18 15:44 - 2012-01-04 03:16 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2442402792-3607605124-1952504433-1000Core.job
2012-11-18 15:24 - 2012-11-18 15:16 - 00000000 ____D C:\Users\jtingdahl\Desktop\mbar
2012-11-18 15:15 - 2012-11-18 15:15 - 12961620 ____A C:\Users\jtingdahl\Downloads\mbar-1.01.0.1009.zip
2012-11-18 14:48 - 2012-11-18 14:48 - 00000000 ____D C:\Users\jtingdahl\Desktop\backups
2012-11-18 14:44 - 2012-01-04 13:10 - 00000000 ____D C:\Users\jtingdahl\Documents\registrybackups
2012-11-18 14:42 - 2012-11-18 07:54 - 00000000 ____D C:\Program Files (x86)\Comodo
2012-11-18 14:38 - 2012-10-26 17:35 - 00007620 ____A C:\Users\jtingdahl\AppData\Local\Resmon.ResmonCfg
2012-11-18 14:12 - 2012-11-18 14:12 - 00000000 ____A C:\Windows\setuperr.log
2012-11-18 14:12 - 2012-09-22 19:24 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-18 14:12 - 2012-09-22 19:24 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-18 14:11 - 2012-01-04 22:44 - 00000000 ____D C:\Windows\Minidump
2012-11-18 10:37 - 2012-08-24 03:05 - 00000000 ____D C:\Users\All Users\Logishrd
2012-11-18 10:31 - 2012-11-18 09:12 - 00000000 ____D C:\Users\All Users\Comodo
2012-11-18 09:12 - 2012-11-18 09:12 - 00001120 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
2012-11-18 09:12 - 2012-11-18 09:12 - 00001045 ____A C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Users\jtingdahl\AppData\Local\Comodo
2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Program Files\COMODO
2012-11-18 09:12 - 2012-11-18 07:55 - 00001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-11-18 09:05 - 2012-11-18 09:05 - 00000460 ____A C:\Windows\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2012-11-18 09:04 - 2012-11-18 09:04 - 00000000 ____D C:\Users\All Users\CPA_VA
2012-11-18 08:53 - 2012-11-18 08:53 - 00000000 ____D C:\Users\Public\Documents\COMODO
2012-11-18 08:46 - 2012-11-18 08:44 - 00000000 ____D C:\Users\All Users\AVG
2012-11-18 08:45 - 2012-11-18 08:45 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\AVG
2012-11-18 08:45 - 2012-11-18 07:31 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-18 08:44 - 2012-11-18 08:44 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-18 08:43 - 2012-11-18 08:43 - 58674136 ____A (AVG) C:\Users\jtingdahl\Downloads\avg_tuh_stf_all_2013_2_24c28.exe
2012-11-18 07:53 - 2012-11-18 07:53 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-11-18 07:53 - 2012-11-18 07:53 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-11-18 07:53 - 2012-11-18 07:53 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-11-18 07:41 - 2012-11-18 07:29 - 00000000 ____D C:\Users\jtingdahl\AppData\Local\Avg2013
2012-11-18 07:36 - 2012-11-18 07:36 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\AVG2013
2012-11-18 07:36 - 2012-11-18 07:36 - 00000000 ____D C:\Users\jtingdahl\AppData\Local\AVG Secure Search
2012-11-18 07:36 - 2012-11-18 07:33 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-18 07:35 - 2012-11-18 07:35 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-11-18 07:35 - 2012-11-18 07:35 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\TuneUp Software
2012-11-18 07:35 - 2012-11-18 07:35 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-18 07:35 - 2012-11-18 07:34 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-11-18 07:34 - 2012-11-18 07:35 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-18 07:33 - 2010-11-03 23:48 - 00000000 ___HD C:\$AVG
2012-11-18 07:32 - 2012-11-18 07:30 - 98142048 ____A (COMODO) C:\Users\jtingdahl\Downloads\cfw_installer.exe
2012-11-18 07:29 - 2012-11-18 07:29 - 00000000 ____D C:\Users\jtingdahl\AppData\Local\MFAData
2012-11-18 07:28 - 2012-11-18 07:28 - 04424392 ____A (AVG Technologies) C:\Users\jtingdahl\Downloads\avg_free_stb_all_2013_2793_cnet.exe
2012-11-18 07:14 - 2012-11-18 07:13 - 00003515 ____A C:\AdwCleaner[S1].txt
2012-11-18 07:13 - 2012-11-18 07:13 - 00003776 ____A C:\AdwCleaner[R1].txt
2012-11-18 07:09 - 2012-05-09 20:38 - 00000000 ____D C:\Program Files (x86)\Google
2012-11-18 07:09 - 2012-01-04 03:16 - 00000000 ____D C:\Users\jtingdahl\AppData\Local\Google
2012-11-18 07:05 - 2012-11-18 06:52 - 00000000 ____D C:\Users\All Users\Norton
2012-11-18 07:04 - 2012-11-18 06:54 - 00000000 ____D C:\Users\All Users\Symantec
2012-11-18 06:50 - 2012-11-18 06:50 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2012-11-18 06:50 - 2012-11-18 06:50 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2012-11-18 06:49 - 2012-11-18 06:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-18 06:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2012-11-18 06:45 - 2012-08-11 22:55 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\TS3Client
2012-11-18 06:35 - 2012-01-04 03:47 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-11-18 06:27 - 2012-10-04 19:32 - 00000000 ____D C:\Users\jtingdahl\AppData\Local\Procaster
2012-11-18 04:06 - 2012-04-08 21:18 - 00000000 ____D C:\Users\All Users\Yahoo!
2012-11-18 04:06 - 2012-04-08 21:17 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2012-11-18 04:03 - 2012-11-18 04:03 - 00000274 ____A C:\Users\Public\Documents\neople_uninstaller0.bat
2012-11-18 04:03 - 2012-06-28 14:30 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\NeopleLauncherDFO
2012-11-18 04:02 - 2012-02-15 07:40 - 00000000 ____D C:\gPotato.com
2012-11-18 03:27 - 2012-01-04 12:31 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-18 03:26 - 2012-04-08 21:18 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-18 03:26 - 2012-01-12 01:05 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-18 03:26 - 2012-01-04 03:48 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-11-18 03:18 - 2012-01-04 13:09 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-18 03:18 - 2012-01-04 13:09 - 00000000 ____D C:\Program Files\CCleaner
2012-11-18 03:05 - 2012-01-04 03:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-11-18 03:02 - 2012-01-04 03:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-11-17 22:56 - 2012-11-17 22:41 - 36648978 ____A C:\Users\jtingdahl\Downloads\SketchBook_Copic_Edition_win_1.1.2.zip
2012-11-17 18:37 - 2012-01-12 01:09 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\vlc
2012-11-15 14:20 - 2012-01-04 03:15 - 00058016 ____A C:\Users\jtingdahl\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 04:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-15 03:27 - 2009-07-13 20:45 - 04826928 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-13 17:47 - 2012-10-09 23:34 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\.purple
2012-11-07 23:38 - 2012-11-07 23:38 - 00584056 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys
2012-11-07 23:38 - 2012-11-07 23:38 - 00094288 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys
2012-11-07 23:38 - 2012-11-07 23:38 - 00038144 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys
2012-11-07 23:37 - 2012-11-07 23:37 - 00390392 ____A (COMODO) C:\Windows\System32\guard64.dll
2012-11-07 23:37 - 2012-11-07 23:37 - 00301264 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll
2012-11-07 23:37 - 2012-11-07 23:37 - 00041240 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
2012-11-07 23:37 - 2012-11-07 23:37 - 00022736 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys
2012-11-07 17:44 - 2012-11-07 17:44 - 00000000 ____D C:\Users\jtingdahl\Desktop\N7Day Social
2012-11-07 17:44 - 2012-11-07 17:43 - 36256046 ____A C:\Users\jtingdahl\Downloads\N7Day_Fan_Kit.zip
2012-11-07 16:25 - 2012-01-04 12:29 - 00000000 ____D C:\Program Files (x86)\Origin
2012-11-05 13:07 - 2012-11-05 12:59 - 64944439 ____A C:\Users\jtingdahl\Downloads\fzm-wrinkled.paper.textures.zip
2012-11-05 13:07 - 2012-11-05 12:58 - 65050138 ____A C:\Users\jtingdahl\Downloads\fzm-Old-Paper-Textures.zip
2012-11-05 13:03 - 2012-11-05 12:59 - 34876412 ____A C:\Users\jtingdahl\Downloads\fzm-Rough-Edge-Old-Paper-Textures.zip
2012-11-04 04:28 - 2012-11-04 04:28 - 00004454 ____A C:\Windows\SysWOW64\jupdate-1.6.0_37-b06.log
2012-11-04 04:28 - 2012-01-04 03:22 - 00000000 ____D C:\Program Files (x86)\Java
2012-11-02 22:36 - 2012-11-02 22:36 - 00352945 ____A C:\Users\jtingdahl\Downloads\Cassie Alexander - Nightshifted (v5).epub
2012-11-02 11:44 - 2012-01-11 03:12 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\Mozilla
2012-11-01 19:08 - 2012-11-01 19:06 - 00000000 ____D C:\Users\jtingdahl\Downloads\La Roux - La Roux (2009) KompletlyWyred DHZ Inc Release
2012-11-01 19:06 - 2012-11-01 19:06 - 00000000 ____D C:\Users\jtingdahl\Downloads\Lily Allen - It's Not Me It's You [mp3-320-2009]
2012-10-31 15:30 - 2012-10-31 15:30 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-10-31 15:30 - 2012-10-31 15:30 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-10-31 15:29 - 2012-10-31 15:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-10-31 15:29 - 2012-10-31 15:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-10-30 15:50 - 2012-01-04 03:48 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-26 23:32 - 2012-02-12 09:58 - 00000000 ____D C:\Program Files (x86)\Winamp
2012-10-26 21:15 - 2012-10-26 21:15 - 00388608 ____A (Trend Micro Inc.) C:\Users\jtingdahl\Desktop\HijackThis.exe
2012-10-26 21:08 - 2012-10-26 21:08 - 00828392 ____A (Microsoft Corporation) C:\Users\jtingdahl\Desktop\mssstool64.exe
2012-10-26 20:54 - 2012-10-26 20:54 - 17667616 ____A (Microsoft Corporation) C:\Users\jtingdahl\Desktop\Windows-KB890830-x64-V4.13.exe
2012-10-26 20:47 - 2012-10-26 20:46 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\jtingdahl\Downloads\rkill.com
2012-10-26 20:40 - 2012-10-26 20:40 - 00027980 ____A C:\ComboFix.txt
2012-10-26 20:40 - 2012-10-26 20:23 - 00000000 ____D C:\Qoobox
2012-10-26 20:40 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-10-26 20:39 - 2012-10-26 20:23 - 00000000 ____D C:\Windows\erdnt
2012-10-26 20:37 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-10-26 20:33 - 2009-07-13 18:34 - 57933824 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-10-26 20:33 - 2009-07-13 18:34 - 15990784 ____A C:\Windows\System32\config\SYSTEM.bak
2012-10-26 20:33 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-10-26 20:33 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-10-26 20:33 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-10-26 20:18 - 2012-10-26 20:17 - 02194704 ____A C:\Users\jtingdahl\Downloads\tdsskiller.zip
2012-10-26 17:54 - 2012-10-26 17:52 - 00008704 __ASH C:\Users\jtingdahl\AppData\Roaming\Thumbs.db
2012-10-26 17:27 - 2012-10-26 17:27 - 01149822 ____A C:\Users\jtingdahl\Downloads\ProcessExplorer.zip
2012-10-26 16:36 - 2012-09-22 19:26 - 00000000 ___SD C:\Users\jtingdahl\Google Drive
2012-10-26 14:42 - 2012-01-04 13:08 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-26 14:42 - 2012-01-04 13:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-23 12:31 - 2012-10-23 12:31 - 00000000 ____D C:\Users\jtingdahl\AppData\Roaming\PeerNetworking
2012-10-22 13:02 - 2012-10-22 13:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-10-21 07:54 - 2012-10-21 07:54 - 00000000 ____D C:\Users\All Users\McAfee

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-18 07:09:28
Restore point made on: 2012-11-18 07:31:39
Restore point made on: 2012-11-18 07:32:38
Restore point made on: 2012-11-18 07:58:30
Restore point made on: 2012-11-18 08:45:09
Restore point made on: 2012-11-18 09:14:07
Restore point made on: 2012-11-18 16:10:56
Restore point made on: 2012-11-18 17:13:29

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4022.18 MB
Available physical RAM: 3341.49 MB
Total Pagefile: 4020.33 MB
Available Pagefile: 3396.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:275.15 GB) NTFS
2 Drive d: (DaemonetteSeed) (Fixed) (Total:931.5 GB) (Free:488.9 GB) NTFS
3 Drive f: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:7.6 GB) (Free:7.55 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 931 GB 6144 KB
Disk 2 Online 7800 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 931 GB 8032 KB
Partition 1 Logical 931 GB 8064 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DaemonetteS NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7800 MB 0 B

==================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-11-15 00:47

==================== End Of Log =============================


Search.txt:

Farbar Recovery Scan Tool (x64) Version: 18-11-2012
Ran by SYSTEM at 2012-11-19 00:13:04
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-10-26 20:39] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======


:/

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 19 November 2012 - 08:43 AM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 mrbun

mrbun
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 19 November 2012 - 10:10 PM

Okay, done. Here it is:

ComboFix 12-11-19.03 - jtingdahl 11/19/2012 18:58:16.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4022.2061 [GMT -8:00]
Running from: c:\users\jtingdahl\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\272512937d9e61a4.fb
c:\windows\SysWow64\Cache\287204568329e189.fb
c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
c:\windows\SysWow64\Cache\3917078cb68ec657.fb
c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
c:\windows\SysWow64\Cache\a11df516441bf5d3.fb
c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
c:\windows\SysWow64\Cache\c1fa887b03019701.fb
c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
c:\windows\SysWow64\Cache\d2e94710a5708128.fb
c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))
.
.
2012-11-20 03:02 . 2012-11-20 03:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-20 03:02 . 2012-11-20 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 03:02 . 2012-11-20 03:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-19 08:11 . 2012-11-19 08:11 -------- d-----w- C:\FRST
2012-11-19 00:07 . 2012-11-19 00:10 -------- d-----w- c:\users\jtingdahl\AppData\Roaming\USTechSupport
2012-11-19 00:04 . 2012-11-19 00:13 -------- d-----w- c:\programdata\USTechSupport
2012-11-18 17:12 . 2012-11-18 18:31 -------- d-----w- c:\programdata\Comodo
2012-11-18 17:12 . 2012-11-18 17:12 -------- d-----w- c:\program files\COMODO
2012-11-18 17:12 . 2012-11-18 17:12 -------- d-----w- c:\users\jtingdahl\AppData\Local\Comodo
2012-11-18 17:12 . 2012-11-19 01:14 54024 ----a-w- c:\windows\system32\certsentry.dll
2012-11-18 17:12 . 2012-11-19 01:14 45832 ----a-w- c:\windows\SysWow64\certsentry.dll
2012-11-18 17:04 . 2012-11-18 17:04 -------- d-----w- c:\programdata\CPA_VA
2012-11-18 16:46 . 2012-08-23 19:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe
2012-11-18 16:46 . 2012-08-23 19:31 26488 ----a-w- c:\windows\system32\authuitu.dll
2012-11-18 16:46 . 2012-08-23 19:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-11-18 16:45 . 2012-11-18 16:45 -------- d-----w- c:\users\jtingdahl\AppData\Roaming\AVG
2012-11-18 16:44 . 2012-11-18 16:46 -------- d-----w- c:\programdata\AVG
2012-11-18 16:44 . 2012-11-18 16:44 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-18 15:54 . 2012-11-18 22:42 -------- d-----w- c:\program files (x86)\Comodo
2012-11-18 15:53 . 2012-11-18 15:53 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-18 15:53 . 2012-11-18 15:53 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-11-18 15:53 . 2012-11-18 15:53 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-11-18 15:36 . 2012-11-18 15:36 -------- d-----w- c:\users\jtingdahl\AppData\Local\AVG Secure Search
2012-11-18 15:35 . 2012-11-18 15:35 -------- d-----w- c:\users\jtingdahl\AppData\Roaming\TuneUp Software
2012-11-18 15:35 . 2012-11-18 15:35 -------- d-----w- c:\programdata\AVG Secure Search
2012-11-18 15:35 . 2012-11-18 15:34 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-18 15:35 . 2012-11-18 15:35 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-11-18 15:34 . 2012-11-19 15:18 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-11-18 15:31 . 2012-11-18 15:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2013
2012-11-18 15:31 . 2012-11-18 16:45 -------- d-----w- c:\program files (x86)\AVG
2012-11-18 15:29 . 2012-11-20 01:53 -------- d-----w- c:\programdata\MFAData
2012-11-18 15:29 . 2012-11-18 15:41 -------- d-----w- c:\users\jtingdahl\AppData\Local\Avg2013
2012-11-18 15:29 . 2012-11-18 15:29 -------- d--h--w- c:\programdata\Common Files
2012-11-18 15:29 . 2012-11-18 15:29 -------- d-----w- c:\users\jtingdahl\AppData\Local\MFAData
2012-11-18 14:56 . 2012-11-18 14:56 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-11-18 14:54 . 2012-11-18 15:04 -------- d-----w- c:\programdata\Symantec
2012-11-18 14:52 . 2012-11-18 15:05 -------- d-----w- c:\programdata\Norton
2012-11-18 14:52 . 2012-11-18 14:52 -------- d-----w- c:\users\jtingdahl\AppData\Roaming\PCCUStubInstaller
2012-11-18 14:50 . 2012-11-18 14:50 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-11-18 14:50 . 2012-11-18 14:50 -------- d-----w- c:\windows\SysWow64\Extensions
2012-11-18 11:05 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-16 10:18 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F82DAB69-F556-4F65-80DA-295246FBA762}\mpengine.dll
2012-11-15 11:06 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 11:06 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 11:06 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 11:06 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 11:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 11:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 11:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 11:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 11:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 11:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 11:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 03:42 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 03:42 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-08 07:38 . 2012-11-08 07:38 94288 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-08 07:38 . 2012-11-08 07:38 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-08 07:38 . 2012-11-08 07:38 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-08 07:37 . 2012-11-08 07:37 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-08 07:37 . 2012-11-08 07:37 41240 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-08 07:37 . 2012-11-08 07:37 301264 ----a-w- c:\windows\SysWow64\guard32.dll
2012-11-08 07:37 . 2012-11-08 07:37 390392 ----a-w- c:\windows\system32\guard64.dll
2012-11-04 12:29 . 2012-11-04 12:29 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-31 23:29 . 2012-10-31 23:29 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-10-23 20:31 . 2012-10-23 20:31 -------- d-----w- c:\users\jtingdahl\AppData\Roaming\PeerNetworking
2012-10-22 21:02 . 2012-10-22 21:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-21 15:54 . 2012-10-21 15:54 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 01:13 . 2012-01-28 12:00 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-18 11:26 . 2012-04-09 05:18 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-18 11:26 . 2012-01-12 09:05 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-30 23:50 . 2012-01-04 11:48 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 11:48 . 2012-10-15 11:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-11 05:23 . 2012-10-11 05:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 05:23 . 2012-10-11 05:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 05:23 . 2012-10-11 05:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 05:23 . 2012-10-11 05:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 05:23 . 2012-10-11 05:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 05:23 . 2012-10-11 05:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 05:23 . 2012-10-11 05:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 05:23 . 2012-10-11 05:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 05:23 . 2012-10-11 05:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 05:23 . 2012-10-11 05:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 05:23 . 2012-10-11 05:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 05:23 . 2012-10-11 05:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 05:23 . 2012-06-30 14:41 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 05:22 . 2012-10-11 05:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 05:22 . 2012-10-11 05:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 05:22 . 2012-01-04 11:36 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 05:22 . 2009-06-10 20:37 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 05:22 . 2012-10-11 05:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 05:22 . 2012-10-11 05:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 05:22 . 2012-10-11 05:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 05:22 . 2012-10-11 05:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-08 22:05 . 2012-10-08 22:05 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-05 11:32 . 2012-10-05 11:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-03 03:29 . 2012-06-29 05:40 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-03 03:29 . 2012-01-04 23:57 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-03 03:28 . 2012-01-04 22:12 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-02 21:15 . 2012-10-02 21:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-02 19:51 . 2012-01-04 11:36 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-01-04 11:36 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-01-04 11:36 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-01-04 11:36 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-01-04 11:36 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 11:30 . 2012-10-02 11:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-30 02:54 . 2012-01-04 21:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 23:32 . 2012-06-02 01:23 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 23:32 . 2012-01-04 11:22 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-21 11:46 . 2012-09-21 11:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 11:46 . 2012-09-21 11:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-14 19:19 . 2012-10-10 16:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 16:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 11:05 . 2012-09-14 11:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-09-12 23:07 . 2012-09-12 23:07 58368 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-09-12 22:57 . 2012-09-12 22:57 322048 ----a-w- c:\windows\WLXPGSS.SCR
2012-09-04 06:03 . 2012-09-04 06:12 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-08-31 18:19 . 2012-10-10 16:35 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 16:35 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 16:35 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 16:35 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 16:35 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 18:05 . 2012-09-21 19:29 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-21 19:29 1494528 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-21 19:29 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-21 19:30 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:03 . 2012-09-21 19:29 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:03 . 2012-09-21 19:29 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:03 . 2012-09-21 19:29 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:02 . 2012-09-21 19:29 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:02 . 2012-09-21 19:29 12295680 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:02 . 2012-09-21 19:29 2453504 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 16:57 . 2012-10-10 16:35 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 16:57 . 2012-09-21 19:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 15:59 . 2012-09-21 19:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 15:20 . 2012-09-21 19:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-24 11:07 . 2012-08-24 11:07 53248 ----a-r- c:\users\jtingdahl\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-08-24 11:06 . 2012-08-24 11:06 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-22 18:12 . 2012-09-12 13:31 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 13:31 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 13:31 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-19 15:18 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-19 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\jtingdahl\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\jtingdahl\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\jtingdahl\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-19 997320]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-11-18 1020512]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
.
c:\users\jtingdahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jtingdahl\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2012-1-4 13137768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 dump_wmimmc;dump_wmimmc;f:\gaems\Heroes In the Sky\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [2012-02-08 17848]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [2011-08-19 625728]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736]
R4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-07-27 170824]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-18 30568]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-08 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-08 38144]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-11-15 1868432]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2011-11-15 447488]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-09 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-09 528760]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-18 711112]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-18 18816]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-11-15 1813056]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-09 13312]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 11:26]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 03:24]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 03:24]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2442402792-3607605124-1952504433-1000Core.job
- c:\users\jtingdahl\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 11:16]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2442402792-3607605124-1952504433-1000UA.job
- c:\users\jtingdahl\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 11:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\jtingdahl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\jtingdahl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\jtingdahl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\jtingdahl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-14 13374568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-08 9577680]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{312DD4CA-D5AE-4877-8A4B-5D63CDB332CB}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{AF653733-E7A4-4776-A866-DA910BE05170}: NameServer = 8.26.56.26,156.154.70.22
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2442402792-3607605124-1952504433-1000\Software\SecuROM\License information*]
"datasecu"=hex:e7,1a,4c,3b,30,2c,57,ae,f3,4b,3b,39,77,19,61,13,b3,bb,70,3a,59,
16,96,b8,fc,41,be,1a,81,a8,80,52,17,30,34,b3,f8,69,c4,ce,55,31,ba,c0,a5,1b,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-19 19:04:12
ComboFix-quarantined-files.txt 2012-11-20 03:04
ComboFix2.txt 2012-10-27 04:40
.
Pre-Run: 294,971,080,704 bytes free
Post-Run: 294,824,001,536 bytes free
.
- - End Of File - - 5AC01C815D6A6A6AC29BFD62EC904245

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 20 November 2012 - 06:22 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 mrbun

mrbun
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 20 November 2012 - 07:05 PM

okay: done:
ADW

# AdwCleaner v2.008 - Logfile created 11/20/2012 at 15:36:49
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : jtingdahl - DAEMONETTE
# Boot Mode : Normal
# Running from : C:\Users\jtingdahl\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\jtingdahl\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\jtingdahl\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\jtingdahl\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.47] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.50] : keyword = "isearch.avg.com",
Deleted [l.53] : search_url = "hxxp://isearch.avg.com/search?cid={16319194-23AA-4DD7-8CDF-F6C1CD72171B}&mid=e4[...]

*************************

AdwCleaner[R1].txt - [3776 octets] - [18/11/2012 07:13:34]
AdwCleaner[S1].txt - [3515 octets] - [18/11/2012 07:13:56]
AdwCleaner[S2].txt - [4944 octets] - [20/11/2012 15:36:49]

########## EOF - C:\AdwCleaner[S2].txt - [5004 octets] ##########


MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
jtingdahl :: DAEMONETTE [administrator]

11/20/2012 3:43:24 PM
mbam-log-2012-11-20 (15-43-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225415
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET found no threats so there wasn't an option to list any....

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 20 November 2012 - 07:17 PM

please run the following:

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 mrbun

mrbun
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 21 November 2012 - 10:25 AM

Okay. Done:
MiniToolBox:

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by jtingdahl (administrator) on 21-11-2012 at 07:19:39
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
APB Reloaded
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
AVG 2013 (Version: 13.0.2629)
AVG 2013 (Version: 13.0.2793)
AVG 2013 (Version: 2013.0.2793)
Bamboo (Version: 5.2.5-5)
Batman: Arkham City™
Battlefield 3™ (Version: 1.4.0.0)
Blacklight: Retribution
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.24)
Champions Online: Free For All
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
City of Heroes
CL-Eye Driver (Version: 5.1.1.0177)
Comodo Dragon (Version: 23.0.1.0)
COMODO Internet Security (Version: 5.12.59641.2599)
D3DX10 (Version: 15.4.2368.0902)
DC Universe Online
Dead Space™ 2 (Version: 1.0.941.0)
DragonNest
Dropbox (Version: 1.4.7)
Dual-Core Optimizer (Version: 1.1.4.0169)
eReg (Version: 1.20.138.34)
ESN Sonar (Version: 0.70.4)
GeekBuddy (Version: 4.2.39)
Google Chrome (Version: 23.0.1271.64)
Google SketchUp 8 (Version: 3.0.11752)
Google Talk (remove only)
Google Talk Plugin (Version: 3.10.2.10212)
Google Update Helper (Version: 1.3.21.123)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
Intel® Network Connections 17.3.63.0 (Version: 17.3.63.0)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Kabod
KabodOnline (Version: )
Livestream Procaster (Version: 20.3.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mass Effect™ 3 (Version: 1.04.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MotioninJoy ds3 driver version 0.6.0003 (Version: 0.5.0001)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NCsoft Launcher (Version: 1.5.19002)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Origin (Version: 8.5.0.4554)
Overwolf (Version: 0.29.175)
Pando Media Booster (Version: 2.6.0.7)
PDF Settings CS5 (Version: 10.0)
PHANTASY STAR ONLINE 2
Photo Gallery (Version: 16.4.3505.0912)
Pidgin (Version: 2.10.6)
PunkBuster Services (Version: 0.992)
Ralink RT2860 Wireless LAN Card (Version: 1.5.16.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6526)
Reason 5.0 (Version: 5.0)
RESIDENT EVIL 5 (Version: 1.0.0.129)
Saints Row: The Third
Sid Meier's Civilization V SDK
Skype™ 5.10 (Version: 5.10.116)
Star Trek Online
Star Wars: The Old Republic (Version: 1.00)
System Requirements Lab CYRI (Version: 4.5.1.0)
System Requirements Lab for Intel (64-bit) (Version: 4.5.3.0)
System Requirements Lab for Intel (Version: 4.5.3.0)
Tribes: Ascend
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VASSAL (3.1.18) (Version: 3.1.18)
VC 9.0 Runtime (Version: 1.0.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 1.1.11 (Version: 1.1.11)
Wargame: European Escalation
WebTablet FB Plugin (Version: 2.0.0.1)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
World of Tanks
ZBrush 4R2 (Version: 4.2)

**** End of log ****



And Farbar:

Farbar Service Scanner Version: 09-11-2012
Ran by jtingdahl (administrator) on 21-11-2012 at 07:22:27
Running from "C:\Users\jtingdahl\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-11-14 19:43] - [2012-10-03 09:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 21 November 2012 - 06:49 PM

We just have some housekeeping to do now,

Please do the following:

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version
  • Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if there are - remove them.


NEXT


You can delete all the Farbar logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 mrbun

mrbun
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 21 November 2012 - 07:57 PM

Thank you for your help. So much.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 21 November 2012 - 08:36 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 21 November 2012 - 08:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users