Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rovnix.D detected with MSE


  • This topic is locked This topic is locked
53 replies to this topic

#1 mnwatson1

mnwatson1

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 21 June 2013 - 04:31 PM

I originally posted with this:

I had a run-in several weeks ago with Rovnix.D on my machine that I ended up not even knowing about until it was already blue screening my x64 Win7 machine.  I ended up having to reformat my machine and reinstall after a blue screen trashed my boot sector completely (as well as my registry) when I attempted to do a roll-back/restore, and even ended up losing access to my PC's restore partition.  Long story short, I ended up doing things the old-fashioned way, getting a copy of Win7 x64, inputting my key from the sticker on my machine, and then hunting down drivers (I kept putting off making those restore DVDs for my machine, so I still don't have access).  It was a pain in the rear.  I had been running AVG antivirus at the time, and it never detected it.

 

Since the reinstall, things have worked wonderfully of course, but suddenly, about two weeks ago, MSE detected a Rovnix.D infection in my boot sector again.  >.<;;;  I've tried everything I can think of, short of reformatting again (please God, NO!) to remove it.  Nothing else detects it except their Security suite, which states that it partially removes the infection.  MSE tries to remove it, says it cannot due to security issues, and suggests quarantining, however the button to do so is grayed out and unclickable, and my only option is to close the window.  RIGHT NOW, everything runs properly, though there have been a few recent issues with slowdown that I can't account for with my running programs.

 

I used to do computer repair as a profession, but software issues like this were never my forte.  I've tried everything I can think of to get rid of this problem, assuming it's there, but have had absolutely no luck.  Like I said before, either nothing sees it, or it can't be removed (Microsoft's tools).  I've tried MBAM, their rootkit, ComboFix, etc and NOTHING has found it.

 

Any help, ideas, general finger-pointed-in-the-right-direction, etc, would be greatly appreciated!

 

Thanks so much!

 

Incidentally, to introduce myself, my name is Molly, I've been working with/on computers for about 18 years now (wow...) and this is the first virus/trojan/slimy piece of software that I haven't been able to remove myself.  >.<;  I feel so defeated by this thing.

 

EDIT:  Incidentally, I have also looked for any 'unusual' or 'strange' processes running that might be the trojan, but there is nothing that isn't launched legitimately running.  Even in safe mode with minimal processes running, MSE still gives the error about removing it.

 

 

I was told to repost here with logs from my original ComboFix log and DDS, so here they are!

 

ComboFix log:

 

ComboFix 13-06-08.02 - Molly 06/12/2013   1:58.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2941.1663 [GMT -5:00]
Running from: c:\users\Molly\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-12 to 2013-06-12  )))))))))))))))))))))))))))))))
.
.
2013-06-12 07:02 . 2013-06-12 07:02    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-12 06:54 . 2013-06-12 06:54    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD2CF8B3-BC03-477C-B152-B9330F42B6A5}\offreg.dll
2013-06-12 06:41 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD2CF8B3-BC03-477C-B152-B9330F42B6A5}\mpengine.dll
2013-06-12 02:19 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-11 23:44 . 2013-06-11 23:44    --------    d-----w-    c:\program files (x86)\Conduit
2013-06-11 23:44 . 2013-06-12 06:45    --------    d-----w-    c:\users\Molly\AppData\Local\Conduit
2013-06-05 02:42 . 2013-06-06 01:06    --------    d-----w-    c:\users\Molly\AppData\Roaming\dvdcss
2013-05-28 02:03 . 2013-05-28 02:03    --------    d-----w-    c:\program files (x86)\Coupons
2013-05-24 01:33 . 2013-05-24 01:33    --------    d-----w-    c:\users\Molly\AppData\Roaming\DivX
2013-05-24 00:10 . 2013-05-24 00:11    --------    d-----w-    c:\program files\DivX
2013-05-24 00:10 . 2013-05-24 00:11    --------    d-----w-    c:\program files (x86)\Common Files\DivX Shared
2013-05-23 23:58 . 2013-06-10 01:30    --------    d-----w-    c:\users\Molly\AppData\Roaming\vlc
2013-05-23 23:58 . 2013-05-23 23:58    --------    d-----w-    c:\program files (x86)\VideoLAN
2013-05-23 23:57 . 2013-05-24 00:11    --------    d-----w-    c:\program files (x86)\DivX
2013-05-23 23:53 . 2013-05-24 00:11    --------    d-----w-    c:\programdata\DivX
2013-05-23 02:01 . 2013-05-23 23:53    --------    d-----w-    c:\users\Molly\AppData\Roaming\BitTorrent
2013-05-21 02:19 . 2013-05-06 22:50    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-21 02:19 . 2013-05-21 02:18    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1C3DCB8-8088-4813-84CC-10A3878EDE4D}\gapaengine.dll
2013-05-20 02:21 . 2013-05-20 02:28    --------    d-----w-    c:\users\Molly\AppData\Local\Microsoft Games
2013-05-18 01:25 . 2013-05-18 01:25    --------    d-----w-    c:\programdata\dvdfab
2013-05-18 01:20 . 2013-05-18 01:21    --------    d-----w-    c:\program files (x86)\DVDFab 8 Qt
2013-05-18 01:16 . 2013-06-03 23:42    --------    d-----w-    C:\DVDs to Burn
2013-05-16 08:01 . 2013-04-05 06:52    1084928    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-16 08:01 . 2013-04-05 05:28    817664    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-16 08:01 . 2013-04-05 05:26    2877440    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-05-16 08:01 . 2013-04-05 06:50    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-05-16 08:01 . 2013-04-05 05:28    1767424    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-05-16 08:01 . 2013-04-05 06:52    2242048    ----a-w-    c:\windows\system32\wininet.dll
2013-05-16 08:01 . 2013-04-05 06:50    19231232    ----a-w-    c:\windows\system32\mshtml.dll
2013-05-16 08:01 . 2013-04-05 06:50    15404032    ----a-w-    c:\windows\system32\ieframe.dll
2013-05-15 18:31 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 18:31 . 2013-04-10 06:01    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:31 . 2011-02-03 11:25    144384    ----a-w-    c:\windows\system32\cdd.dll
2013-05-15 18:30 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-15 18:30 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-15 18:30 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 18:30 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-15 18:30 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-15 18:30 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-15 18:30 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-15 18:30 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-15 18:30 . 2013-04-10 03:30    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-05-14 15:08 . 2013-05-14 15:08    --------    d-----w-    c:\users\Molly\AppData\Local\MicroVision Applications
2013-05-14 15:06 . 2013-05-14 15:06    --------    d-----w-    c:\program files (x86)\Memorex exPressit Label Design Studio
2013-05-14 15:06 . 2013-05-14 15:06    --------    d-----w-    c:\windows\MVUNINST
2013-05-14 15:06 . 2013-05-14 15:06    --------    d-----w-    c:\program files (x86)\Common Files\SureThing Shared
2013-05-14 15:06 . 2002-01-05 07:37    344064    ----a-w-    c:\windows\SysWow64\msvcr70.dll
2013-05-14 15:06 . 1996-08-24 16:11    289552    ----a-w-    c:\windows\SysWow64\temp.001
2013-05-14 15:06 . 1993-10-14 22:51    28672    ----a-w-    c:\windows\SysWow64\temp.000
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 20:55 . 2012-07-17 19:37    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 08:06 . 2013-05-06 05:51    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-15 13:28 . 2013-05-06 20:58    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 13:28 . 2013-05-06 20:58    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-08 01:31 . 2013-02-01 01:49    59904    ----a-w-    c:\windows\system32\MLMON_0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    298496    ----a-w-    c:\windows\system32\MSMCML0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    2560    ----a-w-    c:\windows\system32\MSHRES0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    73216    ----a-w-    c:\windows\system32\MSPOOL0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    7168    ----a-w-    c:\windows\system32\MTAG320H.DLL
2013-05-08 01:31 . 2012-11-20 14:54    190936    ----a-w-    c:\windows\system32\MUINST0H.EXE
2013-05-08 01:31 . 2013-02-01 01:49    21504    ----a-w-    c:\windows\system32\MCMM__0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    13312    ----a-w-    c:\windows\system32\MICM__0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    17408    ----a-w-    c:\windows\system32\MIMF320H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    34816    ----a-w-    c:\windows\system32\MGDI320H.DLL
2013-05-06 20:57 . 2013-05-06 20:57    866720    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-05-06 20:57 . 2013-05-06 20:57    788896    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-05-06 20:57 . 2013-05-06 20:57    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-06 05:34 . 2013-05-06 05:34    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-05-06 05:34 . 2013-05-06 05:34    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-06 05:34 . 2013-05-06 05:34    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-05-06 05:34 . 2013-05-06 05:34    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-05-06 05:34 . 2013-05-06 05:34    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-05-06 05:34 . 2013-05-06 05:34    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-06 05:34 . 2013-05-06 05:34    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-05-06 05:34 . 2013-05-06 05:34    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-06 05:34 . 2013-05-06 05:34    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-05-06 05:34 . 2013-05-06 05:34    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-05-06 05:34 . 2013-05-06 05:34    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-05-06 05:34 . 2013-05-06 05:34    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-05-06 05:34 . 2013-05-06 05:34    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-05-06 05:34 . 2013-05-06 05:34    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-05-06 05:34 . 2013-05-06 05:34    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-05-06 05:34 . 2013-05-06 05:34    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-05-06 05:34 . 2013-05-06 05:34    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-05-06 05:34 . 2013-05-06 05:34    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-05-06 05:34 . 2013-05-06 05:34    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-05-06 05:34 . 2013-05-06 05:34    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-06 05:34 . 2013-05-06 05:34    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-05-06 05:34 . 2013-05-06 05:34    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-05-06 05:34 . 2013-05-06 05:34    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-05-06 05:34 . 2013-05-06 05:34    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-06 05:34 . 2013-05-06 05:34    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-05-06 05:34 . 2013-05-06 05:34    441856    ----a-w-    c:\windows\system32\html.iec
2013-05-06 05:34 . 2013-05-06 05:34    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-05-06 05:34 . 2013-05-06 05:34    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-06 05:34 . 2013-05-06 05:34    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-05-06 05:34 . 2013-05-06 05:34    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-05-06 05:34 . 2013-05-06 05:34    235008    ----a-w-    c:\windows\system32\url.dll
2013-05-06 05:34 . 2013-05-06 05:34    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-05-06 05:34 . 2013-05-06 05:34    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-05-06 05:34 . 2013-05-06 05:34    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-06 05:34 . 2013-05-06 05:34    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-06 05:34 . 2013-05-06 05:34    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-06 05:34 . 2013-05-06 05:34    149504    ----a-w-    c:\windows\system32\occache.dll
2013-05-06 05:34 . 2013-05-06 05:34    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-05-06 05:34 . 2013-05-06 05:34    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-05-06 05:34 . 2013-05-06 05:34    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-05-06 05:34 . 2013-05-06 05:34    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-06 05:34 . 2013-05-06 05:34    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-06 05:34 . 2013-05-06 05:34    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-06 05:34 . 2013-05-06 05:34    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-05-06 05:34 . 2013-05-06 05:34    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-06 05:34 . 2013-05-06 05:34    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-06 05:34 . 2013-05-06 05:34    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-05-06 05:34 . 2013-05-06 05:34    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-05-06 05:34 . 2013-05-06 05:34    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-05-06 03:27 . 2009-10-08 12:46    59392    ----a-w-    c:\windows\SysWow64\oemdspif.dll
2013-05-06 03:27 . 2009-10-08 13:50    91136    ----a-w-    c:\windows\system32\igfxCoIn_v1968.dll
2013-05-06 03:27 . 2009-10-08 12:36    208896    ----a-w-    c:\windows\system32\iglhsip32.dll
2013-05-06 03:27 . 2009-10-08 12:36    147456    ----a-w-    c:\windows\system32\iglhcp32.dll
2013-05-06 03:26 . 2009-10-08 13:13    5514752    ----a-w-    c:\windows\system32\ig4dev64.dll
2013-05-06 03:26 . 2009-10-08 13:04    4075008    ----a-w-    c:\windows\SysWow64\ig4dev32.dll
2013-05-06 03:25 . 2013-05-06 03:27    513536    ----a-w-    c:\windows\system32\SRSTSX64.dll
2013-05-06 03:25 . 2013-05-06 03:27    211376    ----a-w-    c:\windows\system32\SRSTSH64.dll
2013-05-06 03:25 . 2013-05-06 03:27    193536    ----a-w-    c:\windows\system32\SRSHP64.dll
2013-05-06 03:25 . 2013-05-06 03:27    150528    ----a-w-    c:\windows\system32\SRSWOW64.dll
2013-05-06 03:25 . 2013-05-06 03:27    611872    ----a-w-    c:\windows\system32\RTSnMg64.cpl
2013-05-06 03:25 . 2013-05-06 03:27    332320    ----a-w-    c:\windows\system32\RtlCPAPI64.dll
2013-05-06 03:25 . 2013-05-06 03:27    1680416    ----a-w-    c:\windows\system32\RtPgEx64.dll
2013-05-06 03:25 . 2013-05-06 03:27    436768    ----a-w-    c:\windows\system32\RtkApi64.dll
2013-05-06 03:25 . 2013-05-06 03:27    2022304    ----a-w-    c:\windows\system32\drivers\RTKVHD64.sys
2013-05-06 03:25 . 2013-05-06 03:27    1638432    ----a-w-    c:\windows\system32\RtkAPO64.dll
2013-05-06 03:25 . 2013-05-06 03:27    149536    ----a-w-    c:\windows\system32\RtkCfg64.dll
2013-05-06 03:25 . 2013-05-06 03:27    95744    ----a-w-    c:\windows\system32\RTEEL64A.dll
2013-05-06 03:25 . 2013-05-06 03:27    73216    ----a-w-    c:\windows\system32\RTEEG64A.dll
2013-05-06 03:25 . 2013-05-06 03:27    66592    ----a-w-    c:\windows\system32\RCoInst64.dll
2013-05-06 03:25 . 2013-05-06 03:27    363008    ----a-w-    c:\windows\system32\RTEEP64A.dll
2013-05-06 03:25 . 2013-05-06 03:27    304640    ----a-w-    c:\windows\system32\RP3DHT64.dll
2013-05-06 03:25 . 2013-05-06 03:27    304640    ----a-w-    c:\windows\system32\RP3DAA64.dll
2013-05-06 03:25 . 2013-05-06 03:27    198656    ----a-w-    c:\windows\system32\RTEED64A.dll
2013-05-06 03:25 . 2013-05-06 03:27    1201184    ----a-w-    c:\windows\system32\RTCOM64.dll
2013-05-06 03:25 . 2013-05-06 03:27    320512    ----a-w-    c:\windows\system32\MaxxAudioAPO20.dll
2013-05-06 03:25 . 2013-05-06 03:27    310784    ----a-w-    c:\windows\system32\FMAPO64.dll
2013-05-06 03:25 . 2013-05-06 03:27    166400    ----a-w-    c:\windows\system32\AERTAC64.dll
2013-05-06 03:25 . 2013-05-06 03:27    108032    ----a-w-    c:\windows\system32\AERTAR64.dll
2013-05-06 03:25 . 2013-05-06 03:27    831488    ----a-w-    c:\windows\RtlExUpd.dll
2013-05-06 03:07 . 2013-05-06 03:08    97792    ----a-w-    c:\windows\system32\RTNUninst64.dll
2013-05-06 03:07 . 2013-05-06 03:08    67584    ----a-w-    c:\windows\system32\RtNicProp64.dll
2013-05-06 03:07 . 2013-05-06 03:08    291328    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2013-05-06 02:53 . 2013-05-06 02:55    53248    ----a-w-    c:\windows\SysWow64\CSVer.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-06 22:55    220632    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-06 22:55    220632    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-06 22:55    220632    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-06 13:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-06 22:55    244696    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-06 22:55    244696    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-06 22:55    244696    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-06 8312352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN25768660047449311&UM=2&ctid=CT3298572
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298572&CUI=UN40627162391256690&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298572&SearchSource=2&CUI=UN40627162391256690&UM=2&q=
FF - ExtSQL: 2013-05-07 22:43; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-05-13 14:53; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-23 19:11; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-06-11 18:42; {587d8d3d-079b-49d0-b54d-dd2a9911fffb}; c:\users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\extensions\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-12  02:05:32
ComboFix-quarantined-files.txt  2013-06-12 07:05
.
Pre-Run: 869,271,265,280 bytes free
Post-Run: 869,698,605,056 bytes free
.
- - End Of File - - 4E2527BAC10D8DBB5537EBE26E10565E
A36C5E4F47E84449FF07ED3517B43A31
 

 

DDS Logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2
Run by Molly at 16:27:56 on 2013-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2941.830 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{9B968A7F-FEA4-41ED-A0F7-B127B8D67790} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-07 22:43; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-05-13 14:53; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-23 19:11; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2013-5-5 255376]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-3-25 121144]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-5-8 65657]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2011-3-29 1254464]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-5 291328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-6 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-6 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-6 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-6 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-6 1255736]
.
=============== Created Last 30 ================
.
2013-06-21 04:46:51    --------    d-----w-    C:\Program Files (x86)\GoldWave
2013-06-20 23:21:14    964552    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-20 23:21:13    964552    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3086D45A-B6F5-4C2E-8576-B08AB7D77F3E}\gapaengine.dll
2013-06-20 23:20:59    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6308898A-3552-4253-84ED-C92B3C69DCA1}\mpengine.dll
2013-06-19 23:17:44    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-17 01:37:08    --------    d-----w-    C:\Users\Molly\AppData\Local\DDMSettings
2013-06-15 19:29:19    --------    d-----w-    C:\Windows\pss
2013-06-14 17:35:05    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D19AEDA-F215-4221-9855-FCD1F130A701}\gapaengine.dll
2013-06-14 17:19:00    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-06-14 17:18:57    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-06-14 17:18:34    9460464    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90682814-5314-4921-82E6-5D073C36297D}\mpengine.dll
2013-06-14 17:16:57    --------    d-----w-    C:\Users\Molly\AppData\Local\{A0C81863-6653-47F0-BC5E-7B58564F432D}
2013-06-14 17:15:20    --------    d-----w-    C:\Users\Molly\AppData\Local\{678AF447-4E45-4014-BB5D-602A793464DD}
2013-06-14 06:01:48    --------    d-----w-    C:\Users\Molly\AppData\Roaming\Malwarebytes
2013-06-14 06:01:16    --------    d-----w-    C:\Users\Molly\AppData\Local\Programs
2013-06-14 04:54:31    --------    d-----w-    C:\Program Files\Enigma Software Group
2013-06-14 04:52:22    --------    d-----w-    C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-14 04:52:21    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-06-14 04:39:43    --------    d-----w-    C:\Users\Molly\AppData\Roaming\ParetoLogic
2013-06-14 04:39:43    --------    d-----w-    C:\Users\Molly\AppData\Roaming\DriverCure
2013-06-14 04:39:22    --------    d-----w-    C:\ProgramData\ParetoLogic
2013-06-14 01:24:54    --------    d-----w-    C:\_OTL
2013-06-14 00:00:37    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-13 23:58:26    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-06-12 16:23:51    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-12 08:53:07    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-12 08:48:07    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-06-12 08:48:07    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-06-12 08:48:05    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-06-12 08:48:05    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-06-12 08:48:03    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:48:03    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-12 08:47:52    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-06-12 08:47:52    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-06-12 08:47:52    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-06-12 08:47:52    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-06-12 08:47:52    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-06-12 08:47:52    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 08:47:52    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-06-12 08:47:52    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-06-12 08:47:52    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-06-12 08:47:52    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-06-12 08:47:48    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-06-12 08:47:48    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-06-12 06:56:38    98816    ----a-w-    C:\Windows\sed.exe
2013-06-12 06:56:38    256000    ----a-w-    C:\Windows\PEV.exe
2013-06-12 06:56:38    208896    ----a-w-    C:\Windows\MBR.exe
2013-05-28 02:03:19    --------    d-----w-    C:\Program Files (x86)\Coupons
2013-05-24 00:10:46    --------    d-----w-    C:\Program Files\DivX
2013-05-24 00:10:40    --------    d-----w-    C:\Program Files (x86)\Common Files\DivX Shared
2013-05-23 23:58:22    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-05-23 23:57:44    --------    d-----w-    C:\Program Files (x86)\DivX
2013-05-23 23:53:26    --------    d-----w-    C:\ProgramData\DivX
2013-05-23 02:01:13    --------    d-----w-    C:\Users\Molly\AppData\Roaming\BitTorrent
.
==================== Find3M  ====================
.
2013-06-12 18:28:51    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 18:28:51    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-08 01:31:04    73216    ----a-w-    C:\Windows\System32\MSPOOL0H.DLL
2013-05-08 01:31:04    7168    ----a-w-    C:\Windows\System32\MTAG320H.DLL
2013-05-08 01:31:04    59904    ----a-w-    C:\Windows\System32\MLMON_0H.DLL
2013-05-08 01:31:04    298496    ----a-w-    C:\Windows\System32\MSMCML0H.DLL
2013-05-08 01:31:04    2560    ----a-w-    C:\Windows\System32\MSHRES0H.DLL
2013-05-08 01:31:04    190936    ----a-w-    C:\Windows\System32\MUINST0H.EXE
2013-05-08 01:31:03    34816    ----a-w-    C:\Windows\System32\MGDI320H.DLL
2013-05-08 01:31:03    21504    ----a-w-    C:\Windows\System32\MCMM__0H.DLL
2013-05-08 01:31:03    17408    ----a-w-    C:\Windows\System32\MIMF320H.DLL
2013-05-08 01:31:03    13312    ----a-w-    C:\Windows\System32\MICM__0H.DLL
2013-05-06 20:57:26    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-06 20:57:26    866720    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-05-06 20:57:26    788896    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-05-06 03:27:04    59392    ----a-w-    C:\Windows\SysWow64\oemdspif.dll
2013-05-06 03:27:03    91136    ----a-w-    C:\Windows\System32\igfxCoIn_v1968.dll
2013-05-06 03:27:03    208896    ----a-w-    C:\Windows\System32\iglhsip32.dll
2013-05-06 03:27:03    147456    ----a-w-    C:\Windows\System32\iglhcp32.dll
2013-05-06 03:26:57    5514752    ----a-w-    C:\Windows\System32\ig4dev64.dll
2013-05-06 03:26:57    4075008    ----a-w-    C:\Windows\SysWow64\ig4dev32.dll
2013-05-06 03:07:40    97792    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2013-05-06 03:07:40    67584    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2013-05-06 03:07:40    291328    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2013-05-06 02:53:51    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2013-05-06 02:19:38    95544    ----a-w-    C:\Windows\System32\bcmwlcoi.dll
2013-05-06 02:19:38    3900928    ----a-w-    C:\Windows\System32\bcmihvsrv64.dll
2013-05-06 02:19:38    3566592    ----a-w-    C:\Windows\System32\bcmihvui64.dll
2013-05-06 02:19:38    1721576    ----a-w-    C:\Windows\System32\WdfCoInstaller01009.dll
2013-05-06 02:19:38    1254464    ----a-w-    C:\Windows\System32\drivers\AE2500w764.sys
2013-05-02 07:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 16:28:39.92 ===============
 

Any help is greatly appreciated! 

 

Thanks!

Attached Files


Edited by mnwatson1, 21 June 2013 - 04:34 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 26 June 2013 - 04:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/498819 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mnwatson1

mnwatson1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 26 June 2013 - 05:27 PM

I do have the logs, but just for reference, I am running Win7 x64, Home Premium, and I have it on a bootable USB drive if needed.

 

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2
Run by Molly at 17:23:51 on 2013-06-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2941.926 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{9B968A7F-FEA4-41ED-A0F7-B127B8D67790} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-07 22:43; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-05-13 14:53; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-23 19:11; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2013-5-5 255376]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-3-25 121144]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-5-8 65657]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2011-3-29 1254464]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-5 291328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-6 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-6 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-6 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-6 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-6 1255736]
.
=============== Created Last 30 ================
.
2013-06-25 23:19:20    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE711093-8A99-4DF8-AB31-C38ABC51A41C}\mpengine.dll
2013-06-24 23:19:36    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 04:46:51    --------    d-----w-    C:\Program Files (x86)\GoldWave
2013-06-20 23:21:14    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-20 23:21:13    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3086D45A-B6F5-4C2E-8576-B08AB7D77F3E}\gapaengine.dll
2013-06-17 01:37:08    --------    d-----w-    C:\Users\Molly\AppData\Local\DDMSettings
2013-06-15 19:29:19    --------    d-----w-    C:\Windows\pss
2013-06-14 17:35:05    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D19AEDA-F215-4221-9855-FCD1F130A701}\gapaengine.dll
2013-06-14 17:19:00    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-06-14 17:18:57    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-06-14 17:18:34    9460464    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90682814-5314-4921-82E6-5D073C36297D}\mpengine.dll
2013-06-14 17:16:57    --------    d-----w-    C:\Users\Molly\AppData\Local\{A0C81863-6653-47F0-BC5E-7B58564F432D}
2013-06-14 17:15:20    --------    d-----w-    C:\Users\Molly\AppData\Local\{678AF447-4E45-4014-BB5D-602A793464DD}
2013-06-14 06:01:48    --------    d-----w-    C:\Users\Molly\AppData\Roaming\Malwarebytes
2013-06-14 06:01:16    --------    d-----w-    C:\Users\Molly\AppData\Local\Programs
2013-06-14 04:54:31    --------    d-----w-    C:\Program Files\Enigma Software Group
2013-06-14 04:52:22    --------    d-----w-    C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-14 04:52:21    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-06-14 04:39:43    --------    d-----w-    C:\Users\Molly\AppData\Roaming\ParetoLogic
2013-06-14 04:39:43    --------    d-----w-    C:\Users\Molly\AppData\Roaming\DriverCure
2013-06-14 04:39:22    --------    d-----w-    C:\ProgramData\ParetoLogic
2013-06-14 01:24:54    --------    d-----w-    C:\_OTL
2013-06-14 00:00:37    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-13 23:58:26    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-06-12 16:23:51    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-12 08:53:07    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-12 08:48:07    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-06-12 08:48:07    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-06-12 08:48:05    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-06-12 08:48:05    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-06-12 08:48:03    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:48:03    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-12 08:47:52    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-06-12 08:47:52    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-06-12 08:47:52    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-06-12 08:47:52    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-06-12 08:47:52    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-06-12 08:47:52    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 08:47:52    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-06-12 08:47:52    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-06-12 08:47:52    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-06-12 08:47:52    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-06-12 08:47:48    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-06-12 08:47:48    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-06-12 06:56:38    98816    ----a-w-    C:\Windows\sed.exe
2013-06-12 06:56:38    256000    ----a-w-    C:\Windows\PEV.exe
2013-06-12 06:56:38    208896    ----a-w-    C:\Windows\MBR.exe
2013-05-28 02:03:19    --------    d-----w-    C:\Program Files (x86)\Coupons
.
==================== Find3M  ====================
.
2013-06-12 18:28:51    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 18:28:51    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-08 01:31:04    73216    ----a-w-    C:\Windows\System32\MSPOOL0H.DLL
2013-05-08 01:31:04    7168    ----a-w-    C:\Windows\System32\MTAG320H.DLL
2013-05-08 01:31:04    59904    ----a-w-    C:\Windows\System32\MLMON_0H.DLL
2013-05-08 01:31:04    298496    ----a-w-    C:\Windows\System32\MSMCML0H.DLL
2013-05-08 01:31:04    2560    ----a-w-    C:\Windows\System32\MSHRES0H.DLL
2013-05-08 01:31:04    190936    ----a-w-    C:\Windows\System32\MUINST0H.EXE
2013-05-08 01:31:03    34816    ----a-w-    C:\Windows\System32\MGDI320H.DLL
2013-05-08 01:31:03    21504    ----a-w-    C:\Windows\System32\MCMM__0H.DLL
2013-05-08 01:31:03    17408    ----a-w-    C:\Windows\System32\MIMF320H.DLL
2013-05-08 01:31:03    13312    ----a-w-    C:\Windows\System32\MICM__0H.DLL
2013-05-06 20:57:26    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-06 20:57:26    866720    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-05-06 20:57:26    788896    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-05-06 03:27:04    59392    ----a-w-    C:\Windows\SysWow64\oemdspif.dll
2013-05-06 03:27:03    91136    ----a-w-    C:\Windows\System32\igfxCoIn_v1968.dll
2013-05-06 03:27:03    208896    ----a-w-    C:\Windows\System32\iglhsip32.dll
2013-05-06 03:27:03    147456    ----a-w-    C:\Windows\System32\iglhcp32.dll
2013-05-06 03:26:57    5514752    ----a-w-    C:\Windows\System32\ig4dev64.dll
2013-05-06 03:26:57    4075008    ----a-w-    C:\Windows\SysWow64\ig4dev32.dll
2013-05-06 03:07:40    97792    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2013-05-06 03:07:40    67584    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2013-05-06 03:07:40    291328    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2013-05-06 02:53:51    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2013-05-06 02:19:38    95544    ----a-w-    C:\Windows\System32\bcmwlcoi.dll
2013-05-06 02:19:38    3900928    ----a-w-    C:\Windows\System32\bcmihvsrv64.dll
2013-05-06 02:19:38    3566592    ----a-w-    C:\Windows\System32\bcmihvui64.dll
2013-05-06 02:19:38    1721576    ----a-w-    C:\Windows\System32\WdfCoInstaller01009.dll
2013-05-06 02:19:38    1254464    ----a-w-    C:\Windows\System32\drivers\AE2500w764.sys
2013-05-02 07:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 17:24:53.50 ===============
 

There's everything!  Thanks again!!

Attached Files



#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:09 AM

Posted 27 June 2013 - 03:23 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
 
----------------

 

I am reviewing your logs and will be providing next steps soon.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:09 AM

Posted 03 July 2013 - 09:55 AM

Hi

Sorry for the delay.

Please do the following next:

:step1:

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.  
  • P2p programs share a directory or set of directories on your computer to the world. Anyone can type in a search, and potentially download something from your computer. This makes the machine an open web server -- massively increasing the attack surface of the machine.
  • To reduce the risk of infection avoid using any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you.

If you choose to remove these programs, you can do so via:


  • Click the "Windows Orb" button - start%20orb%20normal_thumb.png.
  • Click Control Panel then Programs and Features..

If you wish to keep it, please do not use it until your computer is cleaned.


:step2:

Rename Combofix to Dev00790.exe.


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Dev00790.exe and follow the prompts.
  • Allow ComboFix to update to the latest version
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


           
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

Please Note: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If ComboFix has stopped running please stop and advise me.
 

  • Check your computer clock. If it is still running then so is ComboFix.
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running.
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running.

When finished, it will produce a report for you. Please include the contents of C:\ComboFix.txt log in your next reply.

Note: For a more detailed explanation on running Combofix and the prompts you will be following please see here.

:step3:
 

 

  • Download ListParts64 to your Desktop.
  • Double click ListParts64.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.

 

 


:step4:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 mnwatson1

mnwatson1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 04 July 2013 - 12:33 AM

Combofix Log:

 

ComboFix 13-07-03.01 - Molly 07/04/2013   0:11.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2941.1866 [GMT -5:00]
Running from: c:\users\Molly\Desktop\Dev00790.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-04 to 2013-07-04  )))))))))))))))))))))))))))))))
.
.
2013-07-04 05:15 . 2013-07-04 05:15    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-03 08:48 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03892547-A670-45C5-8174-CF695A17E251}\mpengine.dll
2013-07-02 08:48 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-27 18:35 . 2013-06-27 18:35    --------    d-----w-    C:\Download
2013-06-27 17:19 . 2013-06-28 00:58    --------    d-----w-    c:\users\Molly\AppData\Local\PMB Files
2013-06-27 17:19 . 2013-06-27 18:35    --------    d-----w-    c:\programdata\PMB Files
2013-06-27 17:16 . 2013-06-27 17:16    --------    d-----w-    c:\users\Molly\.swt
2013-06-21 04:46 . 2013-06-21 04:46    --------    d-----w-    c:\program files (x86)\GoldWave
2013-06-20 23:21 . 2013-06-14 17:34    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-20 23:21 . 2013-06-20 23:20    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3086D45A-B6F5-4C2E-8576-B08AB7D77F3E}\gapaengine.dll
2013-06-17 01:37 . 2013-06-17 01:37    --------    d-----w-    c:\users\Molly\AppData\Local\DDMSettings
2013-06-14 17:19 . 2013-06-14 17:19    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-06-14 17:18 . 2013-06-14 17:19    --------    d-----w-    c:\program files\Microsoft Security Client
2013-06-14 17:18 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{90682814-5314-4921-82E6-5D073C36297D}\mpengine.dll
2013-06-14 06:01 . 2013-06-14 06:01    --------    d-----w-    c:\users\Molly\AppData\Roaming\Malwarebytes
2013-06-14 06:01 . 2013-06-14 06:01    --------    d-----w-    c:\users\Molly\AppData\Local\Programs
2013-06-14 04:54 . 2013-06-14 04:54    --------    d-----w-    c:\program files\Enigma Software Group
2013-06-14 04:52 . 2013-06-14 05:58    --------    d-----w-    c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-14 04:52 . 2013-06-14 04:52    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-14 04:39 . 2013-06-14 04:39    --------    d-----w-    c:\users\Molly\AppData\Roaming\ParetoLogic
2013-06-14 04:39 . 2013-06-14 04:39    --------    d-----w-    c:\users\Molly\AppData\Roaming\DriverCure
2013-06-14 04:39 . 2013-06-14 05:56    --------    d-----w-    c:\programdata\ParetoLogic
2013-06-14 01:24 . 2013-06-14 01:24    --------    d-----w-    C:\_OTL
2013-06-14 00:00 . 2013-06-14 16:11    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-13 23:58 . 2013-06-13 23:58    --------    d-----w-    c:\programdata\Malwarebytes
2013-06-12 08:53 . 2013-05-08 06:39    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-12 08:48 . 2013-04-26 05:51    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-12 08:48 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-06-12 08:48 . 2013-05-10 05:49    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-06-12 08:48 . 2013-05-10 03:20    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-06-12 08:48 . 2013-04-17 07:02    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 08:48 . 2013-04-17 06:24    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-06-12 08:47 . 2013-05-13 05:51    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-12 08:47 . 2013-05-13 05:51    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-12 08:47 . 2013-05-13 05:51    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-12 08:47 . 2013-05-13 05:50    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-06-12 08:47 . 2013-05-13 04:45    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-06-12 08:47 . 2013-05-13 04:45    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-06-12 08:47 . 2013-05-13 04:45    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-06-12 08:47 . 2013-05-13 03:43    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-06-12 08:47 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-06-12 08:47 . 2013-05-13 03:08    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-06-12 08:47 . 2013-04-25 23:30    1505280    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-06-12 08:47 . 2013-03-31 22:52    1887232    ----a-w-    c:\windows\system32\d3d11.dll
2013-06-05 02:42 . 2013-06-06 01:06    --------    d-----w-    c:\users\Molly\AppData\Roaming\dvdcss
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:28 . 2013-05-06 20:58    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 18:28 . 2013-05-06 20:58    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:04 . 2013-05-06 05:51    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-05-16 20:55 . 2012-07-17 19:37    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 01:31 . 2013-02-01 01:49    59904    ----a-w-    c:\windows\system32\MLMON_0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    298496    ----a-w-    c:\windows\system32\MSMCML0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    2560    ----a-w-    c:\windows\system32\MSHRES0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    73216    ----a-w-    c:\windows\system32\MSPOOL0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    7168    ----a-w-    c:\windows\system32\MTAG320H.DLL
2013-05-08 01:31 . 2012-11-20 14:54    190936    ----a-w-    c:\windows\system32\MUINST0H.EXE
2013-05-08 01:31 . 2013-02-01 01:49    21504    ----a-w-    c:\windows\system32\MCMM__0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    13312    ----a-w-    c:\windows\system32\MICM__0H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    17408    ----a-w-    c:\windows\system32\MIMF320H.DLL
2013-05-08 01:31 . 2013-02-01 01:49    34816    ----a-w-    c:\windows\system32\MGDI320H.DLL
2013-05-06 20:57 . 2013-05-06 20:57    866720    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-05-06 20:57 . 2013-05-06 20:57    788896    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-05-06 20:57 . 2013-05-06 20:57    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-06 05:34 . 2013-05-06 05:34    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-05-06 05:34 . 2013-05-06 05:34    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-06 05:34 . 2013-05-06 05:34    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-05-06 05:34 . 2013-05-06 05:34    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-05-06 05:34 . 2013-05-06 05:34    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-05-06 05:34 . 2013-05-06 05:34    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-06 05:34 . 2013-05-06 05:34    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-05-06 05:34 . 2013-05-06 05:34    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-06 05:34 . 2013-05-06 05:34    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-05-06 05:34 . 2013-05-06 05:34    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-05-06 05:34 . 2013-05-06 05:34    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-05-06 05:34 . 2013-05-06 05:34    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-05-06 05:34 . 2013-05-06 05:34    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-05-06 05:34 . 2013-05-06 05:34    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-05-06 05:34 . 2013-05-06 05:34    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-05-06 05:34 . 2013-05-06 05:34    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-05-06 05:34 . 2013-05-06 05:34    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-05-06 05:34 . 2013-05-06 05:34    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-05-06 05:34 . 2013-05-06 05:34    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-05-06 05:34 . 2013-05-06 05:34    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-06 05:34 . 2013-05-06 05:34    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-05-06 05:34 . 2013-05-06 05:34    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-05-06 05:34 . 2013-05-06 05:34    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-05-06 05:34 . 2013-05-06 05:34    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-06 05:34 . 2013-05-06 05:34    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-05-06 05:34 . 2013-05-06 05:34    441856    ----a-w-    c:\windows\system32\html.iec
2013-05-06 05:34 . 2013-05-06 05:34    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-05-06 05:34 . 2013-05-06 05:34    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-06 05:34 . 2013-05-06 05:34    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-05-06 05:34 . 2013-05-06 05:34    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-05-06 05:34 . 2013-05-06 05:34    235008    ----a-w-    c:\windows\system32\url.dll
2013-05-06 05:34 . 2013-05-06 05:34    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-05-06 05:34 . 2013-05-06 05:34    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-05-06 05:34 . 2013-05-06 05:34    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-06 05:34 . 2013-05-06 05:34    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-06 05:34 . 2013-05-06 05:34    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-06 05:34 . 2013-05-06 05:34    149504    ----a-w-    c:\windows\system32\occache.dll
2013-05-06 05:34 . 2013-05-06 05:34    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-05-06 05:34 . 2013-05-06 05:34    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-05-06 05:34 . 2013-05-06 05:34    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-05-06 05:34 . 2013-05-06 05:34    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-06 05:34 . 2013-05-06 05:34    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-06 05:34 . 2013-05-06 05:34    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-06 05:34 . 2013-05-06 05:34    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-05-06 05:34 . 2013-05-06 05:34    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-06 05:34 . 2013-05-06 05:34    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-06 05:34 . 2013-05-06 05:34    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-05-06 05:34 . 2013-05-06 05:34    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-05-06 05:34 . 2013-05-06 05:34    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-05-06 03:27 . 2009-10-08 12:46    59392    ----a-w-    c:\windows\SysWow64\oemdspif.dll
2013-05-06 03:27 . 2009-10-08 13:50    91136    ----a-w-    c:\windows\system32\igfxCoIn_v1968.dll
2013-05-06 03:27 . 2009-10-08 12:36    208896    ----a-w-    c:\windows\system32\iglhsip32.dll
2013-05-06 03:27 . 2009-10-08 12:36    147456    ----a-w-    c:\windows\system32\iglhcp32.dll
2013-05-06 03:26 . 2009-10-08 13:13    5514752    ----a-w-    c:\windows\system32\ig4dev64.dll
2013-05-06 03:26 . 2009-10-08 13:04    4075008    ----a-w-    c:\windows\SysWow64\ig4dev32.dll
2013-05-06 03:25 . 2013-05-06 03:27    513536    ----a-w-    c:\windows\system32\SRSTSX64.dll
2013-05-06 03:25 . 2013-05-06 03:27    211376    ----a-w-    c:\windows\system32\SRSTSH64.dll
2013-05-06 03:25 . 2013-05-06 03:27    193536    ----a-w-    c:\windows\system32\SRSHP64.dll
2013-05-06 03:25 . 2013-05-06 03:27    150528    ----a-w-    c:\windows\system32\SRSWOW64.dll
2013-05-06 03:25 . 2013-05-06 03:27    611872    ----a-w-    c:\windows\system32\RTSnMg64.cpl
2013-05-06 03:25 . 2013-05-06 03:27    332320    ----a-w-    c:\windows\system32\RtlCPAPI64.dll
2013-05-06 03:25 . 2013-05-06 03:27    1680416    ----a-w-    c:\windows\system32\RtPgEx64.dll
2013-05-06 03:25 . 2013-05-06 03:27    436768    ----a-w-    c:\windows\system32\RtkApi64.dll
2013-05-06 03:25 . 2013-05-06 03:27    2022304    ----a-w-    c:\windows\system32\drivers\RTKVHD64.sys
2013-05-06 03:25 . 2013-05-06 03:27    1638432    ----a-w-    c:\windows\system32\RtkAPO64.dll
2013-05-06 03:25 . 2013-05-06 03:27    149536    ----a-w-    c:\windows\system32\RtkCfg64.dll
2013-05-06 03:25 . 2013-05-06 03:27    95744    ----a-w-    c:\windows\system32\RTEEL64A.dll
2013-05-06 03:25 . 2013-05-06 03:27    73216    ----a-w-    c:\windows\system32\RTEEG64A.dll
2013-05-06 03:25 . 2013-05-06 03:27    66592    ----a-w-    c:\windows\system32\RCoInst64.dll
2013-05-06 03:25 . 2013-05-06 03:27    363008    ----a-w-    c:\windows\system32\RTEEP64A.dll
2013-05-06 03:25 . 2013-05-06 03:27    304640    ----a-w-    c:\windows\system32\RP3DHT64.dll
2013-05-06 03:25 . 2013-05-06 03:27    304640    ----a-w-    c:\windows\system32\RP3DAA64.dll
2013-05-06 03:25 . 2013-05-06 03:27    198656    ----a-w-    c:\windows\system32\RTEED64A.dll
2013-05-06 03:25 . 2013-05-06 03:27    1201184    ----a-w-    c:\windows\system32\RTCOM64.dll
2013-05-06 03:25 . 2013-05-06 03:27    320512    ----a-w-    c:\windows\system32\MaxxAudioAPO20.dll
2013-05-06 03:25 . 2013-05-06 03:27    310784    ----a-w-    c:\windows\system32\FMAPO64.dll
2013-05-06 03:25 . 2013-05-06 03:27    166400    ----a-w-    c:\windows\system32\AERTAC64.dll
2013-05-06 03:25 . 2013-05-06 03:27    108032    ----a-w-    c:\windows\system32\AERTAR64.dll
2013-05-06 03:25 . 2013-05-06 03:27    831488    ----a-w-    c:\windows\RtlExUpd.dll
2013-05-06 03:07 . 2013-05-06 03:08    97792    ----a-w-    c:\windows\system32\RTNUninst64.dll
2013-05-06 03:07 . 2013-05-06 03:08    67584    ----a-w-    c:\windows\system32\RtNicProp64.dll
2013-05-06 03:07 . 2013-05-06 03:08    291328    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2013-05-06 02:53 . 2013-05-06 02:55    53248    ----a-w-    c:\windows\SysWow64\CSVer.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-06 22:55    220632    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-06 22:55    220632    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-06 22:55    220632    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-06 18:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-06 22:55    244696    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-06 22:55    244696    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-06 22:55    244696    ----a-w-    c:\users\Molly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-06 8312352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-05-07 22:43; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-05-13 14:53; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-23 19:11; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-04  00:17:05
ComboFix-quarantined-files.txt  2013-07-04 05:17
ComboFix2.txt  2013-06-12 07:05
.
Pre-Run: 854,344,069,120 bytes free
Post-Run: 854,148,714,496 bytes free
.
- - End Of File - - 2FBC7FC6BE41072576631B8CEA59E2A0
A36C5E4F47E84449FF07ED3517B43A31
 

 

ListParts64 Log:

 

ListParts by Farbar Version: 10-05-2013
Ran by Molly (administrator) on 04-07-2013 at 00:30:22
Windows 7 (X64)
Running From: C:\Users\Molly\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 37%
Total physical RAM: 2941.24 MB
Available physical RAM: 1847.38 MB
Total Pagefile: 5880.67 MB
Available Pagefile: 4595.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:913.74 GB) (Free:795.57 GB) NTFS
2 Drive d: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (ZUMBA_3) (CDROM) (Total:1.25 GB) (Free:0 GB) UDF

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB      0 B         
  Disk 1    No Media           0 B      0 B         

Partitions of Disk 0:
===============

Disk ID: 0DA018DE

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery            17 GB  1024 KB
  Partition 2    Primary            100 MB    17 GB
  Partition 3    Primary            100 MB    17 GB
  Partition 4    Primary            913 GB    17 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         PQSERVICE    NTFS   Partition     17 GB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     D   SYSTEM RESE  NTFS   Partition    100 MB  Healthy            

======================================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         System Rese  NTFS   Partition    100 MB  Healthy    System (partition with boot components)  

======================================================================================================

Disk: 0
Partition 4
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     C                NTFS   Partition    913 GB  Healthy    Boot    

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 0DA018DE
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=914 GB) - (Type=07 NTFS)


****** End Of Log ******

 

AdwCleaner Log:

 

# AdwCleaner v2.304 - Logfile created 07/04/2013 at 00:29:50
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Molly - IAMWATCHINGYOU
# Boot Mode : Normal
# Running from : C:\Users\Molly\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\Users\Molly\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Molly\AppData\Roaming\DriverCure
Folder Found : C:\Users\Molly\AppData\Roaming\ParetoLogic

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14300 octets] - [13/06/2013 19:56:42]
AdwCleaner[R2].txt - [14361 octets] - [13/06/2013 19:57:27]
AdwCleaner[R3].txt - [14422 octets] - [13/06/2013 19:57:54]
AdwCleaner[R4].txt - [1274 octets] - [04/07/2013 00:29:28]
AdwCleaner[R5].txt - [1144 octets] - [04/07/2013 00:29:50]
AdwCleaner[S1].txt - [14932 octets] - [13/06/2013 19:58:02]

########## EOF - C:\AdwCleaner[R5].txt - [1265 octets] ##########
 

 

Thanks!



#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:09 AM

Posted 05 July 2013 - 02:50 AM

Hi

 

Please do the following next:

 

:step1:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:

    File::
    C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
  • Save this as CFScript.txt, in the same location as Dev00790.exe


    CFScriptB-4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


:step2:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

:step3:

How is the computer running now?


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 mnwatson1

mnwatson1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 05 July 2013 - 02:42 PM

Combofix will not run, it stats that there is a syntax error, and then the scanning stops.  I allowed it to attempt to run for over 30 minutes, and there appeared to be no progress, however it does disconnect the computer from the internet. 

 

# AdwCleaner v2.304 - Logfile created 07/05/2013 at 14:37:02
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Molly - IAMWATCHINGYOU
# Boot Mode : Normal
# Running from : C:\Users\Molly\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Molly\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Molly\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Molly\AppData\Roaming\ParetoLogic

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\q5k53nxt.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14300 octets] - [13/06/2013 19:56:42]
AdwCleaner[R2].txt - [14361 octets] - [13/06/2013 19:57:27]
AdwCleaner[R3].txt - [14422 octets] - [13/06/2013 19:57:54]
AdwCleaner[R4].txt - [1274 octets] - [04/07/2013 00:29:28]
AdwCleaner[R5].txt - [1334 octets] - [04/07/2013 00:29:50]
AdwCleaner[R6].txt - [1394 octets] - [05/07/2013 14:35:59]
AdwCleaner[R7].txt - [1513 octets] - [05/07/2013 14:36:43]
AdwCleaner[S1].txt - [14932 octets] - [13/06/2013 19:58:02]
AdwCleaner[S2].txt - [324 octets] - [05/07/2013 14:36:31]
AdwCleaner[S3].txt - [1452 octets] - [05/07/2013 14:37:02]

########## EOF - C:\AdwCleaner[S3].txt - [1512 octets] ##########
 

 

As for the computer's performance, it continues to show no outward symptoms of infection beyond the MSE alert.  There might be a slight slowdown, but it is very slight if at all.



#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:09 AM

Posted 07 July 2013 - 01:04 PM

Hi

 

Please navigate to C:\Windows and delete the file: BCD5545077AC4347B24F654B1189F8D4.TMP

 

Let us know once you have done this.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 mnwatson1

mnwatson1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 07 July 2013 - 01:47 PM

Done!  :)



#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:09 AM

Posted 07 July 2013 - 02:23 PM

Hi

 

Please do the following next:

 

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click No.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the  save log button, save it to your desktop, then copy and paste it in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 mnwatson1

mnwatson1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 08 July 2013 - 01:32 PM

aswMBR log follows:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-08 13:31:07
-----------------------------
13:31:07.406    OS Version: Windows x64 6.1.7601 Service Pack 1
13:31:07.406    Number of processors: 2 586 0x170A
13:31:07.407    ComputerName: IAMWATCHINGYOU  UserName: Molly
13:31:11.649    Initialize success
13:31:24.549    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
13:31:24.552    Disk 0 Vendor: WDC_WD10EADX-22TDHB0 77.04D77 Size: 953869MB BusType: 3
13:31:24.755    Disk 0 MBR read successfully
13:31:24.758    Disk 0 MBR scan
13:31:24.773    Disk 0 Windows 7 default MBR code
13:31:24.788    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        18000 MB offset 2048
13:31:24.806    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS          100 MB offset 36866048
13:31:24.827    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 37070848
13:31:24.849    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       935667 MB offset 37275648
13:31:24.889    Disk 0 scanning C:\Windows\system32\drivers
13:31:29.897    Service scanning
13:31:40.709    Modules scanning
13:31:40.722    Disk 0 trace - called modules:
13:31:40.744    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
13:31:40.754    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003268450]
13:31:40.763    3 CLASSPNP.SYS[fffff8800198543f] -> nt!IofCallDriver -> [0xfffffa8003134520]
13:31:40.771    5 ACPI.sys[fffff880011417a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800313a060]
13:31:40.777    Scan finished successfully
13:31:52.099    Disk 0 MBR has been saved successfully to "C:\Users\Molly\Desktop\MBR.dat"
13:31:52.160    The log file has been saved successfully to "C:\Users\Molly\Desktop\aswMBR.txt"

 

Computer continues to run asymptomatic.



#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:09 AM

Posted 10 July 2013 - 09:25 AM

Hi

 

Please do the following next:

 

:step1:


Please go to logo.gif
Browse to the following file path in the "Suspicious files to scan" field on the top of the page:

 

C:\Users\Molly\Desktop\MBR.dat

Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the
Clipboard.

- Paste the contents of the Clipboard in your next reply.

 

- Also zip MBR.dat, and attach it in your next reply.

 

 

:step2:

 

Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

 


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 mnwatson1

mnwatson1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 10 July 2013 - 12:29 PM


VirSCAN.org Scanned Report :
Scanned time   : 1969/12/31 18:00:00 (CST)
Scanner results: Scanners did not find malware!
File Name      :
File Size      :  byte
File Type      :
MD5            :
SHA1           :
Online report  : http://r.virscan.org/

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result


MBAR Log 1:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Molly :: IAMWATCHINGYOU [administrator]

7/10/2013 12:03:48 PM
mbar-log-2013-07-10 (12-03-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 238821
Time elapsed: 11 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


MBAR Log 2:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Molly :: IAMWATCHINGYOU [administrator]

7/10/2013 12:16:32 PM
mbar-log-2013-07-10 (12-16-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 238853
Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

Attached Files



#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:09 AM

Posted 12 July 2013 - 03:29 PM

  • Try this please. You will need a USB drive.

    Download http://unetbootin.sourceforge.net/unetboot...dows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Copy/paste the following command and press enter:
     dd if=/dev/sda of=mbr.txt bs=512 count=1
  • When done a file, mbr.txt, will be created on your USB drive. Please attach that file to your reply.
      

Please note - all text entries are case sensitive


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users